Analysis Overview
SHA256
8958c5ef0084947311bce1141434b5f3159faf3a60631845d86428f0c7aa1673
Threat Level: Known bad
The file 2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock was found to be: Known bad.
Malicious Activity Summary
Kinsing
UAC bypass
Modifies visibility of file extensions in Explorer
Renames multiple (81) files with added filename extension
Loads dropped DLL
Checks computer location settings
Reads user/profile data of web browsers
Executes dropped EXE
Adds Run key to start application
Checks whether UAC is enabled
Enumerates physical storage devices
Unsigned PE
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
Modifies registry key
Suspicious use of WriteProcessMemory
System policy modification
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-25 17:38
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-25 17:38
Reported
2024-01-25 17:40
Platform
win7-20231215-en
Max time kernel
64s
Max time network
122s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\ZAIQUwAY\MUoUUcQo.exe | N/A |
| N/A | N/A | C:\ProgramData\pWUAIIQg\iccAosMU.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe | N/A |
| N/A | N/A | C:\Users\Admin\ZAIQUwAY\MUoUUcQo.exe | N/A |
| N/A | N/A | C:\Users\Admin\ZAIQUwAY\MUoUUcQo.exe | N/A |
| N/A | N/A | C:\Users\Admin\ZAIQUwAY\MUoUUcQo.exe | N/A |
| N/A | N/A | C:\Users\Admin\ZAIQUwAY\MUoUUcQo.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Run\MUoUUcQo.exe = "C:\\Users\\Admin\\ZAIQUwAY\\MUoUUcQo.exe" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iccAosMU.exe = "C:\\ProgramData\\pWUAIIQg\\iccAosMU.exe" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Run\MUoUUcQo.exe = "C:\\Users\\Admin\\ZAIQUwAY\\MUoUUcQo.exe" | C:\Users\Admin\ZAIQUwAY\MUoUUcQo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\iccAosMU.exe = "C:\\ProgramData\\pWUAIIQg\\iccAosMU.exe" | C:\ProgramData\pWUAIIQg\iccAosMU.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe"
C:\Users\Admin\ZAIQUwAY\MUoUUcQo.exe
"C:\Users\Admin\ZAIQUwAY\MUoUUcQo.exe"
C:\ProgramData\pWUAIIQg\iccAosMU.exe
"C:\ProgramData\pWUAIIQg\iccAosMU.exe"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nmIgkoEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jGIgQgQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WSMcIEgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qecQAIMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oQgoUgwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cYQkgYoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YicEAAAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LaUMYUUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nWoocYMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zEUYEMQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XkMcYEoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CaYwssYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wIQkQIUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AWUIQgEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CgIswgAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qKQswwwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LUIcQQkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XUwcwoUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fawkMggg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lyokAgcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EAgEEAME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eOIwsYMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\skkwEcwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wcYYUMcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lqcwEYUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JCQMoMsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LgkIQUkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jEoIYsoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BMkcQUgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EAwcUIks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gOgEUkkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KKYYoIwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YyAMwsQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nCkoYcAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LQEMowcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ncAAMYcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LEoccoMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MWsMEswg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IusIEAAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kEQAQkok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bakkAEwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VGkQYgow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KWoIMYcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NcosQAQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NyUIgckE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lksMIwYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tsQMYQQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UeIcsQMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\imEkEocQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FKgYoYgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WGgsEwQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zkAMsEks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SiYYkcgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LsoMgMkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KSkIAokc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bEckYYcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dKsIMUEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CgUwQoMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HukkMYYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ESQssggM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DcYoQsYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BQQUoEIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yGogoEoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FmEQoEYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mucQUEwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gYYIIkAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pGsAQUwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.180.14:80 | google.com | tcp |
| GB | 142.250.180.14:80 | google.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/1644-0-0x0000000000400000-0x0000000000454000-memory.dmp
\Users\Admin\ZAIQUwAY\MUoUUcQo.exe
| MD5 | 3e44e4a2d9bb42d20dc82015c4d9a997 |
| SHA1 | e5abc85ec8b6acb3b2b9da526e8a612addb0a140 |
| SHA256 | 61d71a9adfb4fa03014d48467ef80209d4ecada007e7bd210a0caabfeb41dd7e |
| SHA512 | 62bf877c54771ba53193258e29fdccdee7312325e5accf148a4b11d8dd848a1274757e7edc61baa41ef176c504a2dfff133cfffa5455a03ea7e1cdaa1dbbeb46 |
C:\ProgramData\pWUAIIQg\iccAosMU.exe
| MD5 | bae91630833ecf2a78e0904a575fa047 |
| SHA1 | b980f74036891def589d7373283a7391d83ae1f2 |
| SHA256 | e339c87700885dcfd6204ef180ab2e413cd68f498d736aa91d334747e0eab790 |
| SHA512 | d31545185325a6aa10d0a211945fdfa80869393d3b6b446b61b48817d0348a5a963943ff38e27ee75476c2a11bcca23f9ec5530331c7dfb222414f220c00258a |
C:\Users\Admin\AppData\Local\Temp\dAQQkMwg.bat
| MD5 | 3af1b68de04fbb4340d970e269712cab |
| SHA1 | d4d47283dbade3b480a1394f6b9e00a1e1e40057 |
| SHA256 | c88e9993007b02963b8ccc6416ca36818c8faea579090e83bed38fa039adcc02 |
| SHA512 | 1f5e22b93f97d4561cd89919948d7e76369f05eac78df1dd2732ec29c59ae80772d68844ac04a884a03c33083bd9cc5faf76ad9f6baaee5730f8f7d795435d37 |
memory/1644-30-0x0000000001CB0000-0x0000000001CDF000-memory.dmp
memory/1592-28-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1644-42-0x0000000000400000-0x0000000000454000-memory.dmp
memory/2736-43-0x0000000002260000-0x00000000022B4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nmIgkoEU.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
memory/2884-44-0x0000000000400000-0x0000000000454000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
| MD5 | 9adaf3a844ce0ce36bfed07fa2d7ef66 |
| SHA1 | 3a804355d5062a6d2ed9653d66e9e4aebaf90bc0 |
| SHA256 | d3e8d47e8c1622ec10adef672ca7a8992748c4f0a4e75f877462e7e661069698 |
| SHA512 | e6988737153a0996b14e6baa45e8010ff46714fe7679d05a2676cc18e1c653e99227e7507cdae4f2b6a99b3c31478630e7e1ae13d0f7c12525406d8cf9867ca5 |
memory/1440-59-0x0000000000120000-0x0000000000174000-memory.dmp
memory/1440-60-0x0000000000120000-0x0000000000174000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\huUYscUA.bat
| MD5 | c640fe01e80a3595191d0f3ba165ccdc |
| SHA1 | 05cae4a4bc8cd553ab764cd5fa29aaf4a212653f |
| SHA256 | d87272fd9000e7427ecb53b10792706eebda883b97b9f50f998a53942a6ee8a3 |
| SHA512 | 03c88b0464c7161bec2165c72bf22705e848fe5df95b89e4aa545236a6715b2cd3504fc92ed2c0a018033c46b6bc77ea7c4167624e74bac80873e2f154a8ed01 |
memory/2736-34-0x0000000002260000-0x00000000022B4000-memory.dmp
memory/2968-61-0x0000000000400000-0x0000000000454000-memory.dmp
memory/2884-70-0x0000000000400000-0x0000000000454000-memory.dmp
memory/2924-33-0x0000000000400000-0x000000000042F000-memory.dmp
memory/1644-32-0x0000000001CB0000-0x0000000001CDF000-memory.dmp
memory/1644-14-0x0000000001CB0000-0x0000000001CE4000-memory.dmp
memory/1644-10-0x0000000001CB0000-0x0000000001CE4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rCEcgUIc.bat
| MD5 | db491fb43d2c29122a6e6dab8d69b392 |
| SHA1 | 8d9b3fa0c5f67feef9c218379eebac2df725ae7e |
| SHA256 | 9fe0043e7e5716892adfd0b6391a7af96633c231bcf9a27bf6955fc076a4d7b4 |
| SHA512 | ccad427b081a88141616a1c4971ba9e772614572abab223f1f3078dac1e9a9ac85ab2563b9af9b53ba516c53df6736714765e83766a122e2b27a97d389b2f3fa |
memory/2952-83-0x0000000000470000-0x00000000004C4000-memory.dmp
memory/2952-84-0x0000000000470000-0x00000000004C4000-memory.dmp
memory/2936-85-0x0000000000400000-0x0000000000454000-memory.dmp
memory/2968-94-0x0000000000400000-0x0000000000454000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GEocEQQM.bat
| MD5 | 6d07fafddcb059032c1b6b56d4dc0208 |
| SHA1 | 1f9092917c928e44002f6160f69bdfd1f209fde5 |
| SHA256 | 95e8392d833b279750f62195b38e3947f966723530e0167a8483966fb710820e |
| SHA512 | d6fcd75fcfff96c96b82b9ceeaa8c9f34ed904bb6ba0fb8e01993cf17537ea76a816713299ffa7aae60a9c564daf0d392eab172ed97df4fde1a29db8e7a6353d |
memory/1808-107-0x0000000000350000-0x00000000003A4000-memory.dmp
memory/2108-108-0x0000000000400000-0x0000000000454000-memory.dmp
memory/2936-117-0x0000000000400000-0x0000000000454000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MOgYMYYI.bat
| MD5 | 802b1738fa6d05536ef39820cde843cd |
| SHA1 | 963f59c5574c9f2d643b055359f967d2c2e493ef |
| SHA256 | 5bd8894068b5b4ee743a4322010dfabea69843447be0ef1ddb5368dae265f980 |
| SHA512 | 888e349e03a5a8d8aa7eabb9d8db34371f498986bc4fe761c420002d9338ca80956fd94f4e314dff92baaa8465d33a1bb59eeaeb48114e840f71d4bb75d31587 |
memory/1312-130-0x00000000001A0000-0x00000000001F4000-memory.dmp
memory/2400-131-0x0000000000400000-0x0000000000454000-memory.dmp
memory/2108-140-0x0000000000400000-0x0000000000454000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GAAocscg.bat
| MD5 | 2e0451f998ba3e739d22ce80eee7c52b |
| SHA1 | 4c4628eb66def5f295c3440712010ce6964057f5 |
| SHA256 | 41e9dfb6982c316fdbc306252125fb256562fbb24fda4e95aa03abfc5ae47535 |
| SHA512 | a62b328d896dacb15b5b07c4898354584c48cca9a20bea80ef349c896ad9157226718e1d1d51961f219e171de119126ba42c13b2ef9f637d76ab5266e4fc87bc |
memory/880-154-0x0000000000110000-0x0000000000164000-memory.dmp
memory/2176-156-0x0000000000400000-0x0000000000454000-memory.dmp
memory/2400-165-0x0000000000400000-0x0000000000454000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WkwUkgoo.bat
| MD5 | cba557b6bf4808d8fed91a08ccd7b642 |
| SHA1 | b2979f1bea3206f2746c80fc61003ce86076954a |
| SHA256 | afcf07234ee8f36151840b3e106c0568b80aa5f3bfc706d61d4e7102a21486be |
| SHA512 | f30c925eddc4345dcc6c8b56b3c41b586e7293648f6d5f8edb96ab5cf95d2691276acdd76bda4e1f4657e43d745bba7d482ab9c93f26dad087cf5f3eefcfe2f8 |
memory/2612-178-0x0000000000170000-0x00000000001C4000-memory.dmp
memory/2748-179-0x0000000000400000-0x0000000000454000-memory.dmp
memory/2176-188-0x0000000000400000-0x0000000000454000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ZokAQgEg.bat
| MD5 | 8654c727c9ee0a48bb758bc30140fabe |
| SHA1 | f4adcffecdfda43a97cf8e787fde7c147874ebe2 |
| SHA256 | ee857cfd45e8109343501332daad0571625a926a87925cc77fa6224f645a30d1 |
| SHA512 | e1c7f2b310358bbab44469d78c7bfdde9ea59c05718a8c8b8c82945a3978316c22031032204d9dc9bfe5ce7f3b6b09dbf37321c350c2ceaa766747423e1d88b2 |
memory/2884-201-0x0000000000470000-0x00000000004C4000-memory.dmp
memory/2736-202-0x0000000000400000-0x0000000000454000-memory.dmp
memory/2748-211-0x0000000000400000-0x0000000000454000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\bwEUgcYI.bat
| MD5 | 361e44b626172fcaaf7a351d37fcb7a8 |
| SHA1 | da2dcb2bf8c58f8d97010adf2c3b545d37fd7d71 |
| SHA256 | 549f1dba07714828ad5845dbcf89245262cc203747ec82993f8be1fa34e8de3e |
| SHA512 | e465ab7a97f69a226a047da5bf792dc067b8db3f091fd69c5b6c1b0ae997b735f7be9a100df5dd03468de4d39e18139555778cf8d0439e9180ef0dd7c585d51a |
memory/1200-224-0x0000000000130000-0x0000000000184000-memory.dmp
memory/2684-225-0x0000000000400000-0x0000000000454000-memory.dmp
memory/2736-234-0x0000000000400000-0x0000000000454000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TgQwcIAM.bat
| MD5 | 5941beb940ac67cb58742dd491fcce77 |
| SHA1 | 8929aa416fa6f5372ec855ae917e31ff7b3be337 |
| SHA256 | 540df1c9114302f34a91ceeed41d2d2033da290a28cbbccd59fce5ed3d58f6d0 |
| SHA512 | 01248a3b385eafea068daa054fb89104155849cd90698f2750c2aa478f4135d91376d6152c926f059a9735e9abcd9559a51f29c898e24ca0a6e58d0e09f3c9aa |
memory/2340-247-0x0000000000400000-0x0000000000454000-memory.dmp
memory/2684-257-0x0000000000400000-0x0000000000454000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\xaQUEAMo.bat
| MD5 | dafb5e7dae3310936144eac664c32336 |
| SHA1 | ea7b3094edfd3a21b42d5e26d0faf44dae488ae9 |
| SHA256 | c13c401115c57d3890b5613ddd8b9036debf04b541c49d716c75736022ddaefd |
| SHA512 | 32c76daeae8fea059c2baf903ee7fd74c2ec5cbb5fd6524687fe2c0d45108b5589739b8fa4cf2a4c6fb6bb6c4858b1979f5b6b05c6ea47083488ed6f1a2c946e |
memory/1364-272-0x0000000000400000-0x0000000000454000-memory.dmp
memory/1380-271-0x0000000000350000-0x00000000003A4000-memory.dmp
memory/2340-281-0x0000000000400000-0x0000000000454000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CCEIEAwU.bat
| MD5 | 94c95b4e64898078ab24a064be9c981d |
| SHA1 | 45abbd3c936cabce81c6a14a948bb636f943e92e |
| SHA256 | 2d5482cd83897fc62a8de1f34e1523324c8b5e831ba4021bfcf873abd5f5dd3e |
| SHA512 | 9a7f88b644b1fbd73d82ffad8d3f86108e32c991909d6cc06264a96e26be9c770a5f7afde8cf2f1b4d2465bcbdfa3c70db92a4e2c6e1a1746087ffbf96928f43 |
memory/2416-295-0x00000000001B0000-0x0000000000204000-memory.dmp
memory/2120-298-0x0000000000400000-0x0000000000454000-memory.dmp
memory/2416-294-0x00000000001B0000-0x0000000000204000-memory.dmp
memory/1364-305-0x0000000000400000-0x0000000000454000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\oYEUgYAE.bat
| MD5 | 4c55bb2a723a6a5fc41d9562fb95800e |
| SHA1 | 8968040fdc60b2bc9fb3255b813dc30c80815111 |
| SHA256 | 1d1d663211b4092686406a97e2d1f61ee7ec7c202e66fd249bbad21433299cea |
| SHA512 | ec843cf7b9b24a4341ab7a2d7696be07f4a4466e81c2f1439e59a19cf3fc6a6fe2c3d87949f0d4eca7527b9f42b0e54b66bb4e12e6335594e2da8790aec49af0 |
memory/2768-318-0x0000000000260000-0x00000000002B4000-memory.dmp
memory/1904-319-0x0000000000400000-0x0000000000454000-memory.dmp
memory/2120-328-0x0000000000400000-0x0000000000454000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GkYgwcok.bat
| MD5 | 61df259f6b5d9a878383bf966fdc8e20 |
| SHA1 | dc2ebf68b846c8612ede1737970e2d8f15c6a4c3 |
| SHA256 | 9a6dd6187a8e7f602c90f9904ba7882152e16b61703448d4aa8a16a7f6840cb1 |
| SHA512 | 2bf13eeb5078f1bf222b47ca8444f9f5e79e6a53dbf1833b278445b2eb0d91b1133877b485a5738f109520c7126a67937220578c6345cad76180d6afaf501231 |
memory/2788-341-0x0000000000190000-0x00000000001E4000-memory.dmp
memory/2788-342-0x0000000000190000-0x00000000001E4000-memory.dmp
memory/3008-343-0x0000000000400000-0x0000000000454000-memory.dmp
memory/1904-352-0x0000000000400000-0x0000000000454000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\oewYIEMY.bat
| MD5 | d88322a3dc55f843d6484b81ed1c5e5b |
| SHA1 | c5234960d099b0ca11bfc41f5789acfa84443907 |
| SHA256 | bb05734441e47131eead725734f3933b8e3de9218b2600c81d3e53e9a27ca36e |
| SHA512 | 8b0ad666c0338709fa7788cb7b284b68a5e27740e0dd7c37392a42c6b3a584565549c3743f1918d09adca072bb7032b63714b356aabcaaa6d7a241abd8a8f8b8 |
memory/2272-366-0x0000000000280000-0x00000000002D4000-memory.dmp
memory/2360-368-0x0000000000400000-0x0000000000454000-memory.dmp
memory/3008-377-0x0000000000400000-0x0000000000454000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uQQEMoso.bat
| MD5 | 7421aeb0d17473e5f9a78c4199d4a078 |
| SHA1 | 93d8c0cca0bb02fb39c518036542b6a91d8e19ce |
| SHA256 | 28183a7ea51fe7fac6c8a04cc1f843c0b57f48773df543f01cd870566530963e |
| SHA512 | db8504d12976334a3c52a36a2ce6f4852736fad855d80975c166cf3fd521c570f95515517ea7f42840f91da1cf82a2f0b1bce34ebab59bbeeeb24b02bf01f7fa |
memory/2952-390-0x0000000000250000-0x00000000002A4000-memory.dmp
memory/2568-392-0x0000000000400000-0x0000000000454000-memory.dmp
memory/2952-391-0x0000000000250000-0x00000000002A4000-memory.dmp
memory/2360-401-0x0000000000400000-0x0000000000454000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rogAUIUg.bat
| MD5 | 49b71f90c02e0c8fb077cd3a15f82676 |
| SHA1 | 2b04c690f1efe18ba9c5419edc227528613e0441 |
| SHA256 | cebc90fb06c1f669a5bc166f6e450c592b09d7f46b7aded310e15b7d27417bc3 |
| SHA512 | 1c4921b41d99f6e58cd633bd056356e5d43142536d611092232cbd8321992147a96d173ec1a8c79bf7c4152d5b1979b035bd5661ce2e779db75a491649b3cf22 |
memory/1868-414-0x0000000002330000-0x0000000002384000-memory.dmp
memory/2568-424-0x0000000000400000-0x0000000000454000-memory.dmp
memory/1860-415-0x0000000000400000-0x0000000000454000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\pCMMMQAo.bat
| MD5 | 284b8728fdc8a62f36a2874fa3754a34 |
| SHA1 | 061fe65bb13b1e9c74691dcc92eb7aa92e09646f |
| SHA256 | 34f393e0a2a0b34426a4dc5fc33bae41ec6964a0dd26432993e55ccbb57c2826 |
| SHA512 | c1209cbd0e3d9c23e82b032c6cc8892f40777503c6834d35662d043a65846f44f696354f87175c0ea435226f7b6b2e15183a9849a0ea74650b80ab72e8169898 |
memory/1600-437-0x0000000000400000-0x0000000000454000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\puwEEoEE.bat
| MD5 | 430d5b57c48e73cf8e7e0c7193d6063b |
| SHA1 | 00a778f1ffc2d5ac3983c13285192939b7be0ba3 |
| SHA256 | d70443cdc3f0a9deb6b191dfc30de094b6e0d6c5f9108961cf974972166eaece |
| SHA512 | e5135d51e7e91cd21f547289795e8fd804dc0f03f48b3756e7ca1dab0f3e102429180e0d233c3db606dc3a9781a27e35e1241222f8d3210c99762a9f3e62f524 |
C:\Users\Admin\AppData\Local\Temp\PkQgIsEM.bat
| MD5 | 2bf6b7aa838afbb6a04846623463e7eb |
| SHA1 | 2bb91871d38a1448658ac35cbb1cfc0106fa90d9 |
| SHA256 | ee079661cbe5e024de9112a71c0e3a6ae51113ed01cefacccb1556a66ebab88a |
| SHA512 | b4c7b3b424d8d85e6934c7ad3eb1e4fa2b66c70dcc947375ab54d1a9ef6d16b54c27c8bbaf46d39a0cb90805becdb2fa81d0bd40111fb857f48b6fa6839a3cd9 |
C:\Users\Admin\AppData\Local\Temp\cCgQAsgc.bat
| MD5 | 015450acb559d511fffc81339b971ba6 |
| SHA1 | 90e9ea3f30423d2d1888c4f752f5abbeb86f7a3f |
| SHA256 | b0d3c9b2abb1332f8d4f59dbabcde431b18783a452075ac4d5b8109c8f3dd468 |
| SHA512 | dda23259a7174918e936e4463cc5feb694980c9002fdb720b156bd15e6a859e369718e7d3da2c34fa45b70b152dbeac36092ba449c2a5b94812c023a28e8c919 |
C:\Users\Admin\AppData\Local\Temp\iWoEksUI.bat
| MD5 | 39bef25fd30c8792c149c72c74e7d12b |
| SHA1 | 4940095dcf94b239137768db29cd413c2d0dee40 |
| SHA256 | 9401a33bad08474b53c6c4b4793a77086ba9430c97a24b0d43bd6460fb149b1d |
| SHA512 | ea76c1e30fcddfb1ac181ad0fb775b7c1606a9aea483f0165c7de3077fedc5a03ab8572f0d2aeedd4dfa141dba84d3433b1efa467efb3bda8aa47fc749bf0435 |
C:\Users\Admin\AppData\Local\Temp\CasUokYg.bat
| MD5 | 45c536503433596f813a0c286e2ab9b0 |
| SHA1 | d6e33dfcfde9eabf5f45ff00bdbfd424f067aca9 |
| SHA256 | 8f08b275db578b0cee67b8ac122ee864b6ccc58b7257ae55bfeae3b324fec78a |
| SHA512 | cd9c3d1687689a511bff06e039290c7ca4528d96438b072bffcbacb6ddd19441314b6145073979e4558adff2f872bef71ec0f0cac6eeb2eac29b6d5ba7f5c58b |
C:\Users\Admin\AppData\Local\Temp\koUgYkUY.bat
| MD5 | d14718e3ee0dca9916dbdabc92a1d652 |
| SHA1 | 8dc26b16e5338dc46937d74f3efc365daf945c65 |
| SHA256 | fd9ef18e6be0c1a1b85fef3d02e11f98529352e9d77e648741d130163876ef3c |
| SHA512 | a53cd1552f6412744a7c8cf19db04545d406084671a377da93a605e524a32086107636689b71cd8b3569dcc4666b9cc174afd4dc30bc4f1d2c98e11f3fc6d330 |
C:\Users\Admin\AppData\Local\Temp\KCEwwAAM.bat
| MD5 | 6efa763eea07b68408ed6a10bd0ecf1c |
| SHA1 | f4084fd68825105b88a745c7f1ea8e5fbaf10583 |
| SHA256 | 23e951ca0457774d285322d307609e8204f3ff8b517a3a5dc7b3becca0d3b16a |
| SHA512 | 96d81aafad1a31c3f50444ab104904126f347e3905881cbe46f84e975231d6df598bd5908f5b3340d85fcc6cf36b44c51e261682950c18c9f9e973864a57139a |
C:\Users\Admin\AppData\Local\Temp\NUIUIcsk.bat
| MD5 | f398a6da02f49efe93b7f31d235adefd |
| SHA1 | 2fd8af194bef078cb59114819ca8d7cbaf0939eb |
| SHA256 | ee611f9580d14122faaf2119895aed45bced3afa5b6870b2d1d438d9ac6e19d2 |
| SHA512 | 65abd3e4e39d9059d6f07b0814563940d37775941eb547c95ff561ab0b86b1eed588df85675df98916fe2b957e75a5fbbaafcb10b765bc408ec90230418169fc |
C:\Users\Admin\AppData\Local\Temp\LyIUQAIg.bat
| MD5 | fa98a864b7258423a6cf3d867b44aab0 |
| SHA1 | 64ea2cf46882aa99d10d2d69859f72a6e726d19d |
| SHA256 | 49679e797af4db10c8cfa0afa345c037148afd51b21dd0678fae5d2f1a910f0e |
| SHA512 | 1e996cc62cd7dca4ca423c861fac90b15d096bff3dbd3e22150e0279ad1c0cf529108a69f3b3a1984818292e6a70ba0651d99f1d38ecf1c9650379a2c01d2624 |
C:\Users\Admin\AppData\Local\Temp\bYkYcoww.bat
| MD5 | 2c049c1d1f9ea750ae225e98fb43a1b1 |
| SHA1 | 3613f8ff6d4d7bdf8ebe155724c217b4ec330111 |
| SHA256 | bb0c96f281d0d39126b9e11c86f94bfd593b2a8a45f28a8a961d4ed3b9b886d4 |
| SHA512 | 5a47312d4f7226f87411b12d88a2c018eb67a40823acf539dc98b9bba6efad0cdca27b7e6703f3c0ff2d068d47a52009f16d4401fa5d0934acd88638af966715 |
C:\Users\Admin\AppData\Local\Temp\XMQAIEUY.bat
| MD5 | 0a292ca594e86e33f64c95c2e1605659 |
| SHA1 | 6fec363b679dea06d90a3a6f1c3f282d001ecad4 |
| SHA256 | f507fd98fcf6351974fd51d507ba7a7f6765a42d62d61b4f8ad4ca20c1d1cfd8 |
| SHA512 | 5f5254c7d7ae1288c03df296187423670e574a7816c9323ea4304e2ec4da4bca92d156b6c7de7ca178a90d439c82016b4a93a9da5ab2ca94d4917c98229fd10b |
C:\Users\Admin\AppData\Local\Temp\iecoUcIM.bat
| MD5 | 497bdcd38c220b9bcac03d51c48479c0 |
| SHA1 | 840cb1fa3bbce81f1d2f1d567974aace203f34fa |
| SHA256 | 760509436e6b57309a428704153ac50fc9665a5f9335385d72c581286bbc4d38 |
| SHA512 | cf592d132e2f41b9808a6f5b42bcf881c09501c2751e26a4a141c913698f360047317bf897ae86b31fa582e0d6b5ebc99102ce6c18c5beb1548418b169db3321 |
C:\Users\Admin\AppData\Local\Temp\WoAYMsQw.bat
| MD5 | b512a5566c2b9506e2dfba3a2346e38c |
| SHA1 | 134c498b37b42a379916c5060c50f3b5625983c4 |
| SHA256 | 94c9855c37b36e7f695fdf232d8781acb63da216dfe52abf94495362916de517 |
| SHA512 | 59f073cc1d09de067e50cfb2efe9890e16645002ff2c923d2208a2b999b749eba65631a130a160c5230eed1124cecf5b774683f327bc7512df28e9e6972db041 |
C:\Users\Admin\AppData\Local\Temp\SugYgUAg.bat
| MD5 | da521c76e7fad466fddff4a94cfec1ca |
| SHA1 | 4e2aadf5580269801d86b1ec38a165b0cc2c935e |
| SHA256 | cad94f5b04607db3f52b5e7722a258c8e0bfe2fe1f70f2e803c2d61ba7709040 |
| SHA512 | 9a6aeffefff895b722b766f13e7cab637ae0ac4527d67576f994fc9897463add11178f25969b10dc153522b175be321810cc3dabb7e87173124f7790edb039c9 |
C:\Users\Admin\AppData\Local\Temp\awEo.exe
| MD5 | 4942b0ca14d2a55d925bf6f64f44d914 |
| SHA1 | e76783e85b232d149a68f36897f3bdc91e988a51 |
| SHA256 | 172ae466459477f968a5a28abc17ebab471d5408ed322c45dc3fc77b0062d803 |
| SHA512 | fbe2a13dc2e57a249a28b7e14501f077b9dc5fa6f97ce46d9ce32ce30e856122bc8faa27f837b2a8bb387f406f99ae38b448d0049ca677b607f63c7bac2021df |
C:\Users\Admin\AppData\Local\Temp\oksoQQEc.bat
| MD5 | 202572072c7464f3f761cec565cacd99 |
| SHA1 | 6e64dbddf05df0fbc4aa985e6a6d176599cdbf17 |
| SHA256 | 41d1fb492b4a03da78b6ab2f4c43ed95d3393b74b3ab5f90083a2e10a7bea8e2 |
| SHA512 | 0c8520d2045323ace59ed102224cc1a31137ca893dbcf4c42c93944fee5259ae50e2048a811d6c03defee00bd85929f9a0acc2d04d839ff9f7b7d9d252681343 |
C:\Users\Admin\AppData\Local\Temp\MUEIEgQA.bat
| MD5 | f7b9fda9d301ab509384f80b5a62b1ed |
| SHA1 | eced908e243fefd98cf0d2abc6de824f6ad1f1aa |
| SHA256 | 946b056fe3def9ab6501dbbd3d37a5904587ff5d0491a76a70ea8b54dd9beb15 |
| SHA512 | 45ae8c36d8c95b2973b0667f8a0560478efe016d01ed64861230ea9069d5cb6ef43a85227331ebe48a563617727a57cb05ee7bff238eb5947bd9b9dd95a5d13c |
C:\Users\Admin\AppData\Local\Temp\xCogMIkQ.bat
| MD5 | c1d2cb2f7e58f05b7876ed94ead8483c |
| SHA1 | d369dd6cc5fe446c2000b26c022d191618a31861 |
| SHA256 | 44507028d77eeda0098631efba3486510b79827a6ddca2d390e86199fe3390d9 |
| SHA512 | fd4ead608eaabd8341581ed5cab0296382acf5313b512898acf15cb043898ae413e721560f5d80f6feb3ddf0b5221e5cb1145a373dc5a451e2f717beddc655d7 |
C:\Users\Admin\AppData\Local\Temp\zmoksAwA.bat
| MD5 | 4e6149cbd42ad6c80cfbc03a05d09caa |
| SHA1 | bb108e6b8c7925b96482b8f4f340dac98f15f996 |
| SHA256 | 53d2bbd655bbe7767e2543fc1cd6225dd117af509c981411932ba024a9faf098 |
| SHA512 | 0d59c9a7c949d9e1d3149cb2e3aae0aeedf95dc44cff3ebd346a8a8417887fb4f5099a7a73814172474d988f837fd54410893abaa011f823917b0fd1deaa268f |
C:\Users\Admin\AppData\Local\Temp\VsAwYMgY.bat
| MD5 | 9e51fc81f7dd6413bbe4bbff79e80ebd |
| SHA1 | f9364c8754b95cb1ffdee1198d96952887e2ef8d |
| SHA256 | 336168bb852e83c85129022ed914b4e4f7814a417e0cb22ae0ab6ea6c894ee0a |
| SHA512 | e4750695ff82136e0fa8c5cc834f08a545ec318d3ceb4d13c9878a4be98a205d4d03eb5a199a1bbfa1cd301cea68979a84ae063cdf968e335bba6ca1a520733f |
C:\Users\Admin\AppData\Local\Temp\zyccskcE.bat
| MD5 | 6f16158c7323764b39e50740734a6253 |
| SHA1 | 67e76488738f6142b96b95ca5d32e1511065f7ea |
| SHA256 | f53231ab5f24102e2ea986275a8f175d1b3acf0fd8d495efbc6c280471c81e5f |
| SHA512 | b6799c9048bbbf6d2375605ac916df9c2a6f5ce8017f052e9eadd85308cf3e99a3303572248b4b21b9f437573b999eee29ea6c95dbdce9485061cd9914aae86e |
C:\Users\Admin\AppData\Local\Temp\omkgQoMo.bat
| MD5 | 9e8cb23144059a87456f7e9b646708c6 |
| SHA1 | 923879d5f9c356fc33e0bd461a454330b9d31a50 |
| SHA256 | bdbd40abba0eea153f66c7b2e15499ce1b81c008de9ec46f6c91e0ce93476cef |
| SHA512 | 4040448e92cf4138ccb2fdddab80417a8f4e722a8a78a1130691f3ff5e63ffa2c264a3460cee83249f5097ee9b2ac07e8b7197e3a72b18b130d6b9138f2290ba |
C:\Users\Admin\AppData\Local\Temp\Easocoko.bat
| MD5 | 74bdecbe3a46d093b7844fd6d0350b15 |
| SHA1 | c338fab512914f2c825f9d3cd3cecb6bdc6768e2 |
| SHA256 | 8f44418623e5c1213fe92a29551545957e323c532a5cfa01ac3c117e2f18895b |
| SHA512 | 203e7d36430f75a49993905c98aaa16a25f5b8419fb2babfe074d71708f409de0ada162f4871634b6b202f205f341b7cc9d230e12ec07bc23afb17433e2f6fcb |
C:\Users\Admin\AppData\Local\Temp\umAswoQw.bat
| MD5 | edeb6eceb0ce498ae12989ebfb222064 |
| SHA1 | 32b112f706e5418742dd6aaffce73bb3db90c067 |
| SHA256 | aa01f21a8fa81cd0fd18ef8d38b3160fba73121a49a8ab605e954e219f73384b |
| SHA512 | 2787a55bf93e630f0136745a26f0edffc028772a1624ceb889c3e1e3ee09a8a48bc179190b8339cb22480b1b20afeaee0a7aeb0dbd25f1dd1cfd4b73c8fcb305 |
C:\Users\Admin\AppData\Local\Temp\LgkgEksw.bat
| MD5 | 21311552654022c73b8b54c9eca18d25 |
| SHA1 | 3047c6683693f1dabcc25f83833b83c717d54215 |
| SHA256 | ee6eef3229e3a155bd8355208bc25383064a24de5e71f5d58fb2de6b88c3b541 |
| SHA512 | 867343793c81743785c938c54d21da27b468adb45ad82c339f65373e93ca9299453058e82568b231a527ad4cf79ee0f80d5a69f2e6db56d16559f1edc7657735 |
C:\Users\Admin\AppData\Local\Temp\HiQkAAoc.bat
| MD5 | 689acf8cc0f117616ef8c248835c1f51 |
| SHA1 | 5db32fd5383409532a5b8ea4d69841b00e60b55b |
| SHA256 | b7cab92e9ec3f458edc6683226bdade9991556027d661ad8f2fad4fbf7f6a439 |
| SHA512 | 1ead875db8b9377251efbe66016b93c59393d1446f1de5b9a0340657da52371079a7633f6af2bf56a4342817d458c303e100641e46c31d6707c9789bc0d84df3 |
C:\Users\Admin\AppData\Local\Temp\rIIIkMgQ.bat
| MD5 | 3e2058dec0bd67cd5e80bbce04a35bcd |
| SHA1 | dc67c681338dbcd727d5fad9586eb03ca496a608 |
| SHA256 | 0d67494b75c7896796ab0782092859df929f6f6577e8b9602c2d1519499ecb95 |
| SHA512 | e558a0244c013639289057a13ab989b81ef71cc90409fc4e46d4ca0b993b72adaa70d2dede6dc0bd9811e5a142d8ff2d30028cbb4d20f6b52a5abb451a0ba148 |
C:\Users\Admin\AppData\Local\Temp\higcYskY.bat
| MD5 | b66a957cea9c49277fca16166031ae0b |
| SHA1 | bcc0fe6284f745587a9940b937865cfb337cdf89 |
| SHA256 | c97e50540e30edf6407a73871c84b27223252978306f964255e78e5cb0c3ee06 |
| SHA512 | bdc205e5be804adf62dd04889af234da0b9ce8a8db4030285f5cd7d5b184f7428d28ba2ce60e37ae1decf9e64fe169b137c30c7dd62ef87dd84a30587300d0e4 |
C:\Users\Admin\AppData\Local\Temp\SoocUIgs.bat
| MD5 | a34314002861beef3dd5f291696b156f |
| SHA1 | c0372b7e5dcbb023a6b4919d5727f066ba90cdfb |
| SHA256 | 427dd75c6345d9a97297795816e1b452b5290b63e07b4648b5220dfa5cb5377d |
| SHA512 | 5d19dcde4a89a09361673652c5ec23303620edf2ce09df8099d8ab0c4fb2921abc54a094d27d9e720a4b97d9c2532bba8f9e1e90a20db5f9c4a801baf05df6e6 |
C:\Users\Admin\AppData\Local\Temp\PqssAQgM.bat
| MD5 | 2eb1bc176d52813940f7f0697356d50d |
| SHA1 | 51a473e33a88bcd1e28844040df89cc1962006d0 |
| SHA256 | 2437ab832743ba1d4b694252e93d7c97231dd342d1e0e176460cd6fcf805e19d |
| SHA512 | 9f99fc2142234faccd00149a4f01153a8efe4d4ebe3caedf4de390c9eee45e38fe9587318697c02c338d9272ccdce8097d15717dc14198747b029c12146045df |
C:\Users\Admin\AppData\Local\Temp\MIIK.exe
| MD5 | 7be7d8fcc1f3013151c3d9172606be1d |
| SHA1 | facbccdfa04cbf529e0f5bcb5bce7196ff7af154 |
| SHA256 | 227bc552b225f58cf858077c0d79d06b5c0ce248c6d708b1b9768cd4cd123fc2 |
| SHA512 | 704207f866ee1e30f3f8b169ea9df3d6bd2e64f959f5b61990b868f9c608fa5736f074de2e51543a20f10ca18fbfcb86ed47a37619a327cf511c5cd21c66c27a |
C:\Users\Admin\AppData\Local\Temp\EAYq.exe
| MD5 | 694c4049ca72ea13ec9617268e193f22 |
| SHA1 | bf0080aeb8012f88eacfab6f1f6b2554236dcc8e |
| SHA256 | 0ba646775a816b6386275671efde61b54cf3d5ccb14bd6abe54018f31680bee2 |
| SHA512 | 52f0817a032519598b49e589d41f815424235268d1b670d681afc96d1552100c98ce35f4de1f2c7ede3129628fcd2163dc7fe52bea1dc825fe970184994b6f2c |
C:\Users\Admin\AppData\Local\Temp\cUQk.exe
| MD5 | 011124553838dd95a033698e677ffa35 |
| SHA1 | 1b7a29bc300e1b406ae7d5f94b452100702f7ce3 |
| SHA256 | 9323f97a151762e8798f5c947f92e53adb525891932eec6cdd7281e1547a8f42 |
| SHA512 | 61238c2f50bab6acbc2506892d43844b05c64e7875674ab9fa4fd45f22d97ddd0cc9ad362fe48a50a61c9ce4757d255949b70ded3fe40273dbe229cdaf0b889f |
C:\Users\Admin\AppData\Local\Temp\UmAgYAcg.bat
| MD5 | 3533769ced165619a157a72cb6f47057 |
| SHA1 | 32292e9f4aab3b3d163528d55c4aa554874ff326 |
| SHA256 | cfeca41703cd84da2ace055a239500879bdc9767a73448ef4b0ac28bc7c5a723 |
| SHA512 | 898eed1d83438c7f3407f3e7b03b78aede8a98410a98e3b0b4a3477c9ada4448f02c9ff7fe265d39a0a48007e115ea2da11cdc555e48c6fe946664c420ea3922 |
C:\Users\Admin\AppData\Local\Temp\ncEcAMco.bat
| MD5 | 7e279b54e1925a315a7d4836d6b8193a |
| SHA1 | 464412a1b0b80e4d9cbebd98e3178979a88892b1 |
| SHA256 | a364371cbacf08912d63506fb19d9896c22a0defa258c6916f0fbd56e087ccd9 |
| SHA512 | d673d33dfcfda447531ac8d3e6ab64e9367b1495293f205501068f850504e63b9cc18fa78caeb65dc4477e89650deb7ba394dd57a9e79b1e3630ca2ae328ca6e |
C:\Users\Admin\AppData\Local\Temp\MIUMwkso.bat
| MD5 | e8ed91dbea0e340c78976cf5464e4245 |
| SHA1 | e510ccec2a997b1b2aaae34a45e466217cc63294 |
| SHA256 | aa8967402425eb2cdb6ed89d2270e302569d02768138d599c0a15cdde5288d76 |
| SHA512 | 9410869d57ca92c92de8a8dad19f94f3b884269c7a09bd685b9ba70ae5ad77f5b0cf15219a6f578fe6123c200f9972e69ce671d637dda0b578467dc9942c9726 |
C:\Users\Admin\AppData\Local\Temp\MAku.exe
| MD5 | beccde4c7f6fee45fdf9a21feeb435a9 |
| SHA1 | f2445af1b18e56129eb10c358e43c8821f2e556f |
| SHA256 | 76c54211ad51242ea7f4538d8c903ee2e6ead1a4ced427ff20bc912fe7d6096f |
| SHA512 | 145be134874b5ff9a335d90c52e727c90698d6007baab031d3170f216b7e597504a63b80043b915ccea1a3ecf60b1b8fc2d9fcf5b9b8ec52cb92866e12debdf8 |
C:\Users\Admin\AppData\Local\Temp\OAAc.exe
| MD5 | 248882a18ed6aff583f071a30d077e5a |
| SHA1 | e6e0975c28fbcf179529f8a0443c25c100ec907e |
| SHA256 | b611f1580729fd831f6a3122e584495d359189236971802f680dfba8450c64cf |
| SHA512 | b4bdf036c1ec5446c068bf3c85cd213f118a7d8939ac0c1c1072eb1c324a43c3e19ab8610a1be9d00236a93d7beaa298b1a40621cced5b4fb3c0dd6c223e194c |
C:\Users\Admin\AppData\Local\Temp\gMMy.exe
| MD5 | 9cd893ce37c9e1d2aa6d3729bd95e638 |
| SHA1 | 9ef4275481665769aec2d9527379b421d9b3ddc5 |
| SHA256 | 614a82eb37957803b3183f392546c5485c2b2cdae1e2d2b8ece24212eebc3b1d |
| SHA512 | aab301acb3af7ef98d8b7f29b920e646376b87a3faae6f590a2073c1d81c8095662f1dd7e629398d00bd1150d086e4242390c9cadd0d3368c5be74ada01d2d71 |
C:\Users\Admin\AppData\Local\Temp\QWoIYYIQ.bat
| MD5 | c54e992a7c3bab40753cbd428cb1ce45 |
| SHA1 | b8e16b46ffbe1df7f3df87f6b2bba2d7cb9cd993 |
| SHA256 | c8beb1c1d1cac4fc1fd4597036d057a68d7cdf2b703196f7f0574671bd7f550b |
| SHA512 | 40bf6c362f0d05cb6f66f60d3b13c9ac75898a66834357e4d08f49ca126c5fc58bb7497016b75986313c2debdc7488ccae25b3486f58b07bea60b0b2801cdfe5 |
C:\Users\Admin\AppData\Local\Temp\qQwi.exe
| MD5 | 4e2fc74599bc04f7485cb4f9a005f8ad |
| SHA1 | a70ec2149a4e021ea5c87c7d33add0072cc1e367 |
| SHA256 | 0c060403e4a97996b6bcb87b0ff43b310e3ea28f1a4f4e57ad8e3cc1f5804f6c |
| SHA512 | 2402c9dbfed9bae9012b66712688a8e646dc31c9ca1fe245c3ba4627f88fcc2230b61a537898a57882cb5e5e504fc9789f5dfad6004ba10f9a341645fb06b05d |
C:\Users\Admin\AppData\Local\Temp\ekAg.exe
| MD5 | 94d4f71488eb5372385058d471c82fa9 |
| SHA1 | 7e10a5b76c1f7f1f8e703948357e32c5d514a3d7 |
| SHA256 | 4a87eb25e17b197c50a246c25a292dbb499fdb01185b8f9a6234554bf93e79eb |
| SHA512 | 9047394beb0a930b2108c1392ffad59c640927516ed7849968c45613ecd75e71515b5d07edd7d5b4eb633a01bf31230adb6242ce9ebf32cc917141eea0e7f7cd |
C:\Users\Admin\AppData\Local\Temp\oqAkwQwc.bat
| MD5 | 220ff21963ca3b1ffa2100c3a99eae4a |
| SHA1 | d7fc5afb3491c5840e8561d5d9daf7d10b2357d6 |
| SHA256 | 3d389f790f8d4980dc487cdc3f28d16bad190fa7394bacba9991b82bdfcbac7d |
| SHA512 | 384d5fd3ce9ee3ef1a6bb908ca5c579b4e76ac345f1d4f0ec5aee8f1c7c64a99b0f15a2e46cb23e2fbecb51721f5785a493328ec1d5d0e0244c12f4b68e58bd8 |
C:\Users\Admin\AppData\Local\Temp\Gwoo.exe
| MD5 | 7d89fd196357b7d7f2b4fd2fd76ebbcb |
| SHA1 | 362b41457a87027e5c7ece2b92e1694cacd358b2 |
| SHA256 | 45e63fae2c70fb72211d8716b60a9676651c96e6d24c7936dfdcb5033796d030 |
| SHA512 | e2ef276e274e9136a6081467873387478907ac7e3aa02326d45cf69350e51c75000fb70f1f7a037d0a5accdbfba2f773bdccd94d8167fc30ed719f3ab2150a94 |
C:\Users\Admin\AppData\Local\Temp\YkIs.exe
| MD5 | c339efb8a25799a7885c5b270093e2fb |
| SHA1 | 7a399a1cbbf8ee79373f36559781d33dae5efe90 |
| SHA256 | e68e77f6bd175014b7351ec372c8704ae3cf81df43127f6fb1f88e1ffcaebf3f |
| SHA512 | a72eb98911842ed45f59b8a6dd085d6c1a398d3e761e682b4cfc8c135bae18120e6f4a7a082bf5a5263425c37dfefe213c32378d108cef1b9e98bd3d690eb813 |
C:\Users\Admin\AppData\Local\Temp\UUkMcUwY.bat
| MD5 | 1617b81cee0ae4781a80f12846682373 |
| SHA1 | 539e5ccd20b1d523dbaef0a9afc705e6dc5c9f0b |
| SHA256 | e0816a5c4b0c5e7ea9dfbebd071f1f0e920d17e39e5391244c8a6b27d4f1b386 |
| SHA512 | 8e5b15aa29701a472efd9061dff87372a9af11a1a88ea16717e5089d49bc526de080109b34e2b645e37a1b173e4eedb5c46e56d87ebff9d4d255aa696cc955f8 |
C:\Users\Admin\AppData\Local\Temp\YIwW.exe
| MD5 | 87e25a00a1f225244f0bb17d710be372 |
| SHA1 | 855d5bc296f2064a3af2b5c5f4718e2d70e15077 |
| SHA256 | d53e29415e1efbc89cda282c4cda62446c68b765dbcf16b81da1b224ae06c367 |
| SHA512 | 6792a067c60da03869dfba7d3ef28e1e685e90418c1a84b131ec3d03a8f299364e7c8263c3124bc5fe3c3d08903ba874e63ecb202ed7eb59a72bfd3bd77fe2ea |
C:\Users\Admin\AppData\Local\Temp\isQm.exe
| MD5 | 1695031fefd50b4fbe1723926b588d4c |
| SHA1 | 223e5cba02623543e13dfb64d7d6c72755d4bf01 |
| SHA256 | 32ac69f53d57317895bef261d546e5f0575781635aca1335cdf4f53ab411ae23 |
| SHA512 | f73d209c2ccdeb28e72bc3c0fa4507844401444b7d6c0e54de99d905c414eff390cc2560bafe7c32e51f38ae37e5bf6b81470b4e6050bf70db7e799dc0738f50 |
C:\Users\Admin\AppData\Local\Temp\Awoo.exe
| MD5 | bd65df17727014e1ec6b8ad8f70ba76b |
| SHA1 | b5052fd8f928dab34233440c23f42d7c5412afac |
| SHA256 | 3d5890e3517e7369f3ed1fd3e81149e10e90bc08df7f2e0579f7596bef3664a7 |
| SHA512 | 94fc8f190518e036574428b42cfcc969ca5ee9c76fab6f5b197745a5a10b49a9759ba39dd779e7e7118bccbc9c4f4a699b4c475bf3f9fefdf7ff85eb17151e2b |
C:\Users\Admin\AppData\Local\Temp\uEsa.exe
| MD5 | 8c1f311dd91c88ff464802292799b3eb |
| SHA1 | 2daa69f364ab6c105d0bae3700b564069fd1e4fc |
| SHA256 | 6acd1a49989e5ed03a6853e879f3675be3c2b48d9367b5bdec6624b62ffbe883 |
| SHA512 | 183841eb34ed4283cd35640efd1d9df74c9ea976541f777cc6bbcdd0eedec392e16d380a20f0f146ae7003699e33cf4cee9b408ed26d5a78eb817a715fdafdf4 |
C:\Users\Admin\AppData\Local\Temp\HYAcUEMo.bat
| MD5 | 81e36e113de5ab91b1302154a8fc26fd |
| SHA1 | 413694d4536b6abab9c43d7a18c3f4e22a3a4f7e |
| SHA256 | 1bf46030b6f04488c80902c5a2171aa2756f59982233cd77dc7be0ebb62e1d72 |
| SHA512 | c76db15a1ce62b0119f78ac41773bca8ea919c5472d3b41426dbad587f003c1c08aa1e506c8bfd5bf2b9e7119a61010502f1ef365052def313e0ed99ae5bd5ff |
C:\Users\Admin\AppData\Local\Temp\KUEQ.exe
| MD5 | 899ad62d574389d6fdbc4b9aa93c54f5 |
| SHA1 | 7f75dcd8181f56f12c72c3b5be50e76fd075ba2c |
| SHA256 | e743dd6dedc2f50b280343d2ae75e080d8cfbf5fb3f6f7f5d0a8903321a70f40 |
| SHA512 | 18671186308a2c245d3f4c94dd3f10c7738d946b23f4a5c0514398b4f29a3897ba91c66bde220f6f19c7b089c38a6702996f374d02f9c93cdccbe42a5a346d69 |
C:\Users\Admin\AppData\Local\Temp\cUAY.exe
| MD5 | a00dcb1048c5d172bc9e5f0ee306dc7f |
| SHA1 | 3fd012ca7ba8402fa77981126651b21edce52352 |
| SHA256 | 2d620d081a29bcee2b2c64d7baf0426a75cf39166821267d43105da1ea6b1055 |
| SHA512 | 15e6c3eb1ab64d8fa4a5e0dc45dd81e556d7fa352ac866b27dc92a793e6d18ab384f3ae12aadb2737e587cec904d2818d268c755b20d4f854ae340b8c195e0dd |
C:\Users\Admin\AppData\Local\Temp\okwS.exe
| MD5 | a933c9aac80385bce615f0a29da68357 |
| SHA1 | 6bb3d627a0a82016543eaba2f0f4ad22348b1b99 |
| SHA256 | e812fbf241b8e3db1622d1923f9f08419ff09dfff3a76683db9468562cc51acd |
| SHA512 | f7ed70400b79cd114e22c65d2a74c8b2363bcf4eba778072582109d7a7b8947fd665801d730506704d974be920845c90cebfc029618456538edf4435b04157c6 |
C:\Users\Admin\AppData\Local\Temp\UAog.exe
| MD5 | ca3323c0fdb4b958c6c72e36bfec964d |
| SHA1 | b831835378593b42c2eb8ebbde0b60953091c213 |
| SHA256 | 881ce704f9783576dec0ba261c60d98d35b8a46d6b416d75dfe101a4fc4a00a1 |
| SHA512 | fa6189e77a837277b0b31d4d9c9cf4c3483456d7966c44346b736e78e908974ba4d7967c7bb3bcb220026383627c3516f7ac698428a4eee57c1c2f3341648e7e |
C:\Users\Admin\AppData\Local\Temp\OGgIsEok.bat
| MD5 | b926714f93ea4170ff508ad56c90618e |
| SHA1 | d9e0cf15af79f544ed336f0b608c0c4bbaa51c35 |
| SHA256 | 646b8693b8c447e1df756fdb37946c913f8ac02e32474e5f4af96425758bb872 |
| SHA512 | 40b2ed3fb0ef3b3741a7f031b95878ca02981559a05838c48464ee17cbc0ac2e395760398fbd3d46c8e96e937af08c9d60b7337f8e2d22665710fcf1f3a709c0 |
C:\Users\Admin\AppData\Local\Temp\SIce.exe
| MD5 | 6bab71d4fc44bd8c3a5c5110968801e6 |
| SHA1 | a31226d8b5c16dcd2281124a7d52d500d485142d |
| SHA256 | 5eb891a3fc67d026c7103195bfb5f8ef43f75600645bac3626d2b213792219e3 |
| SHA512 | db2d026ff0e15b21b993e51c9f7c79023bcd47c4ac8bef1c9fb79d727211c40cb638d65bff90b05d798637e9c1a6db9abb105385007b88304ee6bd5e5c64f3fb |
C:\Users\Admin\AppData\Local\Temp\hsccQAwY.bat
| MD5 | c8072c044a892abb1aa63fc49be5d823 |
| SHA1 | 4e6a9b7dcd8c4c4c9ef6ab682e5060a8f3818aa0 |
| SHA256 | 19ebf97c99b7432406760fc7d596df5f46917a7241e7e555317c623dcc4e1664 |
| SHA512 | 78c50cb410e558a345b5aedcf294184aef68d76dcc979fd3ec067009b079559b42dfae6858fd095d9e4c3ece6934786c93664974eff7aa0abd415d6ffff9f0ed |
C:\Users\Admin\AppData\Local\Temp\Aosi.exe
| MD5 | d9752acf690d57570f33487a015c8175 |
| SHA1 | 32fbef1e3b904b5876224bb1b2d127eb6a4561b4 |
| SHA256 | 0b519fa80e75535a3df4192d1e47560bac3e78d679461f04230e748b8a329da0 |
| SHA512 | 13fe750c99ad131c46208b1fa8bccabaf1cfd946eac939ccb6840f659818a7dabb0778031dd07ab08ebc45d7428a57cdd873871198c5750d7e0f06addb6bdf3f |
C:\Users\Admin\AppData\Local\Temp\OkoO.exe
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\SuEwckAQ.bat
| MD5 | a342e6d6c38b1c91d92bb68c285d2182 |
| SHA1 | a5b6eb83e094b143855e2c88677e483550631423 |
| SHA256 | 3b5d6923981dbf7108c8bf2c60fc36e0e7068ba48696f73a5c01b237659f5bf7 |
| SHA512 | 5ff269d3d426df0c0de962bc87790cb41d037fe7a5412f9893b82c76032918ee4d82a1afd2f2cf19c2cbb632de916bbe40635ddcc5262e2d5bab10fb1cff26cd |
C:\Users\Admin\AppData\Local\Temp\KAAs.exe
| MD5 | 7f7de690eb37768099d17acac633e159 |
| SHA1 | e9db840c5b0d1fdf1683d2e56cb8f0b1eb91fd46 |
| SHA256 | ee1dbe0fd8096d60ee5ad958eeb2c5b8970ebaddc2f1f6739825cb36eb192aec |
| SHA512 | 1170fa0902b106e9079722a8426445cf7ef9cf7d058ec001711111a90fa9f5c58e2196a049e58d64fae0be9fa48411db330dc277452f78fc7482805c4cd38744 |
C:\Users\Admin\AppData\Local\Temp\ukIa.exe
| MD5 | cbd98eaef542402625089d12a65b7347 |
| SHA1 | b50047309cca1ca7983599ca841e9cc759ae7f64 |
| SHA256 | 275f93d7923d10cc67f7466e1febb79edc10f18411f93377cbf435dc9b906228 |
| SHA512 | c601d4ab6d64546a78af6d6aaae5fb369aab1cc52d61c52bc1b3dc6088edb3a8c65a19d1c0c837f4941c08f42e08a535f852d0c5e6a16fce63d35f215ad3fa3c |
C:\Users\Admin\AppData\Local\Temp\OcUS.exe
| MD5 | cebc5f50733c26e3f2e81a8cbf75f3d2 |
| SHA1 | 46d5de272978683c8ce2690c3cca545adb691fda |
| SHA256 | 9baae463f52940e6dbbd1cd419fa8dd9b55e4f680eafdf538166ba4bbf490a99 |
| SHA512 | 110516094c66e43d9f98df47cfb11846a65a726d3272e947bd53397f8c09340c5dd65fbaa7f62934d9c21286d60879e5d4c23cc98e78bb25bc6719b5a1cbdb56 |
C:\Users\Admin\AppData\Local\Temp\SEEE.exe
| MD5 | f2d98a07eba7d68e6fd17b3be7762384 |
| SHA1 | 8c2b6202c71ebf3c9bff23347735e669b336a64b |
| SHA256 | f321ecf736119d74567b91b8d9010123ac993cd075f7f8291cd8d2d20b4c4d80 |
| SHA512 | 5a7ca1dd9ec10b8a79f285a305b829bc90817f27f3085081ec0abd331469bd85aefcca456de4c498e6f872e1bd180a50390920ea5a6cc422dcf1d80ca9b703dc |
C:\Users\Admin\AppData\Local\Temp\sMQO.exe
| MD5 | b7efb89c3619a64e33c76ad528aab67a |
| SHA1 | 45f57f58288171cd51fd0730b118f686a25b0d2d |
| SHA256 | d723a7fb74a61c0c435f98087d7c774343c49612cf9e43f67bab152b7b278610 |
| SHA512 | b686a60ba84a092702d21aff5cf72277a1fdd62ae79bb0f9b334665686269b1b796748dba81dfe0b8deddb6500c19343e5af61e515654ff6549b61ad17770733 |
C:\Users\Admin\AppData\Local\Temp\IQMI.exe
| MD5 | 16923454394b276096a872769a84ab45 |
| SHA1 | a66cfe3314ffd28ca63614b194c456d9210631ec |
| SHA256 | cf033ff54f0107933475cf10fc4b080d3f2d6db379a498d1eafa0c30f1f36576 |
| SHA512 | 1d5717c43538afbef75edfb3f9813c9a98e9e50a38f2b9fd50197cd6f9674d7294c19d5aa2e89cec7ece21d46de5dc9a5f3ed013be6fd0c64b97dd8ca919ffa8 |
C:\Users\Admin\AppData\Local\Temp\UUEccYUc.bat
| MD5 | 6d6aa701e2ca2a748cc6c94011c1bb02 |
| SHA1 | 2ad8a037197486133a0de8cf1a86519ba5e0459b |
| SHA256 | 257de7de42232dd88aa9330604ce8acbc75a97fbcf9d31e3afd1278ee2917dab |
| SHA512 | 7b8677a67a7e07db0c33df0026c19a44f589acd5c2cf9708baabfa8c786e1ffcab0207a29aebd76568e85241642488a6c3ade93abff5ed09d5416726dd4cf4e5 |
C:\Users\Admin\AppData\Local\Temp\UgEIEwYM.bat
| MD5 | e3d3030560f6a570ab925c3958b5eee2 |
| SHA1 | a1f4357cdadd7895b1e5d455837ef40edfcea650 |
| SHA256 | a7c920ce91e130e332ea2bbe1192c9800c7a1c8f9af441935dae9ff0d92063bc |
| SHA512 | 10d3eb1474fa739486d35d1826c138c0be941598d2b73d59fc7c584dc18a43a6acef1d7330a08f4e6108ac5f6b5f42956f959d56a2fc5b29d8d1fe9d6714fe8f |
C:\Users\Admin\AppData\Local\Temp\gIYs.exe
| MD5 | d0af85e3c1465e6afd673bd0cef33300 |
| SHA1 | 5e51611892acca9bc34a4f98cd85daf071a0e70e |
| SHA256 | c88b37f04c0d086a34c9878132b2fd24d5620b47d90aa5549ec4e14b71ca94a5 |
| SHA512 | dad81c30c2434f97bf63246f03300fdc258a33ff30085fb8e80cf24e9eb53249750ab0ae137bb6946b9f5ea023f3802c6b5679b489d9de7797e595d3eb84f31a |
C:\Users\Admin\AppData\Local\Temp\MWoUUAYU.bat
| MD5 | c31b4d5aee5fe17b2b44b40985ac60df |
| SHA1 | a55f7d996187a254b187ab12be85a94652d5275a |
| SHA256 | 71a7f9c52d757782cafa1fd91c412739600ce1fa139f44b701fd6cb8ff8c9d44 |
| SHA512 | 4e5bc7f97d426a59fdc5ad407ad3e7bc9f32da75c708261d7d98886b64088749f4e5210366fd134fb781508b8dd978a9ef7f0579ae22f1d264b4587bab628877 |
C:\Users\Admin\AppData\Local\Temp\iAwS.exe
| MD5 | adb2138a11c923bd67b8c78c21dbe772 |
| SHA1 | e5c305a3682b9e6504c81b5bc715cb64ff1cad05 |
| SHA256 | 89f7c4b60414a858e27a7fae4fb561ffe08d6cd1bbe32738c2210756c6259939 |
| SHA512 | 4d0c47c4c0415392cf00e1bdaba51a8f1390f4718e4cf6703ac35b0bff70eb618e98dec80d3d39034a6b77c907dea3d911a312ad0813cd4b322f33c80857afa1 |
C:\Users\Admin\AppData\Local\Temp\Jkgwgkog.bat
| MD5 | 2674a9b0b5bb732c2d3d04e96a7eb7e8 |
| SHA1 | c709ff606637f7019c5c6da2dae4ba7ab62d1747 |
| SHA256 | b9d0a985c9a8551a8b460f5c53f4912cce65f5e58aeb44f4809eb0d7cd320a47 |
| SHA512 | a65af5fe5317d94b254f5656878161489e9e6b8c159978accf66a0e1db93a5726fe82aa83ff8dd312e8c780e231c15eba57e2636fa3ba74a36b9b6d4bff85ce5 |
C:\Users\Admin\AppData\Local\Temp\YYou.exe
| MD5 | 15a8e48f9a471999c6fdea45be2d9c43 |
| SHA1 | 20a4c20c0bb5302c806946648666939b66aeab2d |
| SHA256 | 2e8d24d7bbdb9475b40d2ef9838271df7aa16f60875a9a558742e9a4dbf26e58 |
| SHA512 | 26750c7ac3eb09d0b4aadca0ddaa13e0ddaf006406973c5f143c676c59563e12ba4d28403b1b51b1b2fa5898c65ea3bb3276c4bfdd7d2ab27581c28236a51892 |
C:\Users\Admin\AppData\Local\Temp\qsQg.exe
| MD5 | 6ff0975a6ef7152ff3e8ef5c74733f17 |
| SHA1 | 56d1d34a44dc2a1e4c080ab68bd74a94689e56c2 |
| SHA256 | d4652390088d6e75971d348dc1ba68a03756cb39707e74e19236a0c60274c837 |
| SHA512 | f8c67ad9710e534a14914a16c591362c4ae2d553d248dd352c2e3f2802eef2faa9b9a9c4d70668c28fa109825afecc7e434eaab4d6610a494c177384b45654a2 |
C:\Users\Admin\AppData\Local\Temp\KcEY.exe
| MD5 | 5a2b73c49efc8df5a4c3f687f4519d9a |
| SHA1 | 74d08dbfa7029ffcce26b8829fdd4308c18dc922 |
| SHA256 | 53cb0be28e6575c91a98d5afcca1ef8feeb22f24c1f2e819284321a96219a573 |
| SHA512 | 4b656b08e392e353336ebb56bdd8f07f5038c7c95d389fe64ef3945d4ccc05b1c9d120a20f82cf87e8ebb2cffae5aeb5ea60435ec064af518c62c7e1d2e0cd4a |
C:\Users\Admin\AppData\Local\Temp\qowy.exe
| MD5 | 1e06c9649a7e7bd45c2fa2ecf02d5b33 |
| SHA1 | 8c27580026ec85ed80c8ba0e41fff7f4a33be203 |
| SHA256 | cf017a80cc265229eed70c55738913dc16dec38286a69f19951375dc7a2035a8 |
| SHA512 | 217419671ea652de7d7133350621fa5d38cfdb7bc57d457ff46a1f7b4fcaf7fc76176330f5f8d52f2b69e101e103773ba4896e494486dd1c13b7b733601640b4 |
C:\Users\Admin\AppData\Local\Temp\kgoq.exe
| MD5 | 75046b4407a6b1247330e90a80193c83 |
| SHA1 | 7f75f19278ae8554519d6b53ff175f951a462712 |
| SHA256 | afb23e109fd400d94640239cc4623365642cea053924b41d36b59be9e6bf3037 |
| SHA512 | 22805944706972e82deadc668600304897f357b1bac2e366937d8ffce95ed56d0a30a87d24d72650e4a128d961814c87bf7102f03503f2142567d158b5d32e0d |
C:\Users\Admin\AppData\Local\Temp\scUs.exe
| MD5 | 3d9530d3fa02ce57e68832b1f6702982 |
| SHA1 | 465646c0ab99f04473b88dd2241233598880c9bf |
| SHA256 | 869a2105a58e94053958454212c87c200894295dff4efe0fa7c3cefc4de4c008 |
| SHA512 | 9ae05e7c35693af562315139f021bb8d73353962ae646a6f17966343971de63d00eeaec786944870b8fe16b4d53a31c44b994390baf4affe9129298af08eac5d |
C:\Users\Admin\AppData\Local\Temp\Okoi.exe
| MD5 | ed126c0f27c48a1a820dfed7c0fc6a79 |
| SHA1 | 21f18a0c8e5e8ff3c23ed5abcd083c11a6a991cf |
| SHA256 | 10f885b8181577f0c1fdb64658d4bc09f85ce49a4ff29990944006dc9b0540b4 |
| SHA512 | 89c5978be35dd44ca01457ef768724f4cf7b6f3811fb845b482bbdeb5f725ab344251efb96f9cad85456151b2e9065c3deef55d28887d81841c6e251bc2cac19 |
C:\Users\Admin\AppData\Local\Temp\AmkQQoQU.bat
| MD5 | 9988cc86de0318dc8bd4a0ffd2939e8f |
| SHA1 | ef34642507c83c853c16f026f9820919a88a7496 |
| SHA256 | 5cba72486e6a20e2dae57869d84dbf01708aad31e5f4516f5f2e2cc6166d06ab |
| SHA512 | 848e31ff76c818a24dae8b963db9bfe3e0a0c5783715cf54af55cf6cd4f1ac706dd01a55de4796d5b30193c9af991cd8ad1e51cc8ad8815860b7cb8139e528a4 |
C:\Users\Admin\AppData\Local\Temp\KAcu.exe
| MD5 | 0008de0ffed43fb102af1ef781a06827 |
| SHA1 | 62f7ac855c111d669a2a66662dd32f68d6041c58 |
| SHA256 | 9e96292fdeb139f02889b74636af465354484b01823576f65fe264a060ebc5a0 |
| SHA512 | f12b5fe9eaa779f2681bfac8f21e726c0fa522e5feed0bd38be4b956d5260d892bd2e3aca41f7054d95ae30eee85ba2dde9c9f4b7f536a4bfdfadf8289657eb3 |
C:\Users\Admin\AppData\Local\Temp\jwkQQAkU.bat
| MD5 | 261e503a408fd4fe3d44035684e9fcd1 |
| SHA1 | d13bc058f3e34181bab9ceeeecdee5271e63126f |
| SHA256 | edc905bc9e9d55b5da50310833b91810e7434ec8054281854cead06ee904f4e9 |
| SHA512 | 91a895b78c6a1b8225be7aaa51a7c8ade5940856f9e8b6cb7f3cdabd3d862e5ae9bb80a311eb7775c658effb85eb8a01567f6572b034514de44bde936230e931 |
C:\Users\Admin\AppData\Local\Temp\GMsK.exe
| MD5 | c83258cc6ca567b8f93548a8df1e3b63 |
| SHA1 | ed8b02a75fc472151033cb0a365bcffcc0e8ce93 |
| SHA256 | 21bf98fb7ab60a7a55682e061bbc9937c2efbbb1c8092eb41db98b89057599c2 |
| SHA512 | db23a23acbe7d147ce48493cc1b336ef4ca76bf5e33d1c2b2e1d9017511d7bf0a79e4fdc533d9ca4a12703280d9b008d619d548270ae4f8806a93d952a89ed47 |
C:\Users\Admin\AppData\Local\Temp\AkIY.exe
| MD5 | 6207ba9d54fa83b94b5fc25a5fb8f4b5 |
| SHA1 | d88077826db67aa244ee434e6d76dd99b221226f |
| SHA256 | e7ba4d09ee4156c3d6d8a74262b2436773b1fe2d76d86b37dd2adbea622dc27d |
| SHA512 | cf707940a374dddb00c56b18197245828edd2281d8c678a6c1a5610a4121746f1a320c20495705501b0296ad32e0bc24962150ac8822369494a8cd18f99e80d0 |
C:\Users\Admin\AppData\Local\Temp\OIcS.exe
| MD5 | 7fc9aaa7a856d2a0566c3433bb1cd4c8 |
| SHA1 | 1572a086a9b7b13f89235fc4e276cbde7735d8dd |
| SHA256 | 52d8c27c03b657a856223a234fc125cd7938650b1aa55a5f5488492b1c53384a |
| SHA512 | fdd998839d849630134b4fa67158d8dfcf928f10b6d89abcc6c8c8b05c44e8e9cf6bf56d5d25dd8275dc6de30f8337c80ec55daf728115a6b8f0e661e73e58c7 |
C:\Users\Admin\AppData\Local\Temp\eIsE.exe
| MD5 | 94530ff366bcc1409e96567bd71d96de |
| SHA1 | f255c2f1b3c00742245c5df973c8dd164789983b |
| SHA256 | 418622bea801ce593ffb0950fdf7bb86bbaa4ac1ec8836fa42db7126367d8459 |
| SHA512 | 96f2241a74223444a4de7d3a7437d59d45ee4a7e146cfcaa5a663eeb2da897487d160c5c82d2104180c51c39fd8e569676cba0d1aa6d016e2303335e205a9ca7 |
C:\Users\Admin\AppData\Local\Temp\IIog.exe
| MD5 | f76f88f0ca7e555fbf5da3b4ea5335a4 |
| SHA1 | eea3879cf6bef7e78ecbdb4f7a39e4d31b091a19 |
| SHA256 | 88c66599c5a769dc0cb2ac61d9344d64a8fab75d95583f02083470e04cedf8a8 |
| SHA512 | 4b09ba93915c4015d233a9f3c49d0d9222cb0dae21bdee9b38209d4858e1a2aef1d5e162c62c403054f1ac093360712f219f88d7b2a8cd5359066ffde098a772 |
C:\Users\Admin\AppData\Local\Temp\UEMc.exe
| MD5 | 6176adad89f37444a72b39b3779c5e26 |
| SHA1 | 51e81fddf787d31b5a7394e6b9a6f794f8b22cf1 |
| SHA256 | 7892e2f474871c3a27dd321395f3f1a80606d0e8a5210c284a37e4c95af2e201 |
| SHA512 | b96795b6bff6b4c243babdf208cf3ebb2b8db9bd8d7e8e43a57353d206c7e09a983d4ecf2ed258c4570587deb02626d63a5cf89dad700335c5f06c6d53d946f7 |
C:\Users\Admin\AppData\Local\Temp\gcYe.exe
| MD5 | cdaf31d5dea7984ba63c2d016f2c2169 |
| SHA1 | 2ffbbb718719af93c08d1b43981692cc026b73f4 |
| SHA256 | 4b7a8eadac98c47b0eb0c9685fef203899ca13e834b5e7f2dba5eb7ce607a2a6 |
| SHA512 | 7c4df24d24ac20f3c3afb562a6f19fd7b62b50830c9c61d2fe393071a4467d704c28595e1f490daa93f786fbbd210df4e1ea86021f6bc9bd21531fb02dcb09ec |
C:\Users\Admin\AppData\Local\Temp\okcy.exe
| MD5 | 53d3239b3e977827a17eb612999499c5 |
| SHA1 | ef43d294dc0c17c73817603a7ace4b6f717a4e86 |
| SHA256 | 591b7dcfbf1981e5a40dc6436a3578825e2eb935373fb1ef837bfe542a8664bc |
| SHA512 | 500dab79e6a4177fe275ef3d2b4a260c1fbe7cce0e7327c9775b9e8a8764b09e2a88465cecc91f26174591d5d9cbd187ed9e06de0172fb65ddcb3b528ee48c6a |
C:\Users\Admin\AppData\Local\Temp\oAMY.exe
| MD5 | 90c5f2526b577fc7b2f8f723ce153046 |
| SHA1 | 197386ec3ac6b759837a4bdbadaf0441ef4b74f8 |
| SHA256 | 0b4c6440f1c4aeac01f2315d4387a0befacc7ea24e87c5c1ec6a91a8dc568ad5 |
| SHA512 | b898f449bb8eb98e94dd940e18d8cba1cfffd27465cbdeebb8d017a47fa8b59eece9e5728fb4836cbe6637533b4db6e51898b4b5807badf66da556c23b3597e5 |
C:\Users\Admin\AppData\Local\Temp\ywsU.exe
| MD5 | 3a81284a88616092795722bb901e4df2 |
| SHA1 | e8aa83f93d0149d3f3a1c716fa87dd5143683eb0 |
| SHA256 | e0e9a12af102cb571df4a464cdc791330127d8ef04559fc19df2502758ac9431 |
| SHA512 | 7bfb5922928fe707b6c7df9a77c7adaa637ed2678d586cf760c94a931c55ab07bef2deda8e76c8926856248fe7c878107c83935ca627f69945a7ed50614962a8 |
C:\Users\Admin\AppData\Local\Temp\YwEo.exe
| MD5 | b92d68c74441808f2dc0a10f7fe06c41 |
| SHA1 | 7ab3891692585bbb1b2cd8d01b186011f8c98c1e |
| SHA256 | 9cbbd660604da6229680e66fd44f07025eb87ad3b0461bea1fd0dbad42120d48 |
| SHA512 | 09312eb2462cd099312e55e0e751fa04532984b8b950f9b85b8e99ba8fed69f3340e66d65fdad9e9b5536ae30f7257e5d52b7578e38e2235eef13dc97ada1262 |
C:\Users\Admin\AppData\Local\Temp\QcIi.exe
| MD5 | e1b3769a0adf1612781248f972a3d532 |
| SHA1 | 8f5e9fc48e9335e18ab10b4b529b49ab8cd473c4 |
| SHA256 | 55107167fbf782bbad1818e69cf40fd332f249485250a7c350d9c2a2d98fdf32 |
| SHA512 | 50088f1b65cf2ba8ee2ab805507bd0665fb0b506fec0933b0b6df1d4912b9ddee9178212239c9d8a3d0e9dfd05c34c396be6959d0e4474b7fb3043f34d573231 |
C:\Users\Admin\AppData\Local\Temp\gQYgsgwg.bat
| MD5 | 75e9fed9418ac58651ef506f72535d9f |
| SHA1 | 07f2bd85926b47161edd9b012172fb1f0fccd247 |
| SHA256 | 8473da535fa95d48be85e6b509c3c91e58c69c095d3f5d7c648be67de4f4bff4 |
| SHA512 | 6b6a21e44ad4faf2bae20b300fa17162a3ddeeea799d7e3d0e6675873cba5d11e65e5b44997301139d1d3675dc1621653ed248fffab573c1e7f267f37b4f1718 |
C:\Users\Admin\AppData\Local\Temp\SMko.exe
| MD5 | 41ad091d03f6f73261d2987d83a41410 |
| SHA1 | 29537625cde8a38214b5e8eff291cfb983c0bb63 |
| SHA256 | 90a291f924f50fe31fc89f1e65ad56c1e561d80ef93abf556449c778cca70af4 |
| SHA512 | fab8d9ee49dc7a4561d98ad86074a541e209caa32c0bbeab5b4d1d14ae362fb72d070c2f59c11640d40d1f7756b815c85b07b67b4a1afc437725d92b06238478 |
C:\Users\Admin\AppData\Local\Temp\gMcM.exe
| MD5 | 1067ed2007818107016ef4eaa7dad6fa |
| SHA1 | e0504fde2591c653078051e39358c8f4c792289f |
| SHA256 | 2835352847a79a676cf85941321d258268dc50346ab9fa663b3b735d83978866 |
| SHA512 | ffaffd6b1d3859d17b1220c6cc06780799bae44719f2d879b7d9d004696827f94279015c6e1fdbf2229d8e35aeba4a3ef6408806c547697c10629b2f62619d5a |
C:\Users\Admin\AppData\Local\Temp\xaUoYYww.bat
| MD5 | 2af16dd20b51e5b7f6726c388ad8e0a1 |
| SHA1 | 5848f3dd46dced38dc037139cd17158a60238ce6 |
| SHA256 | c23da2c67af4aed25b80655c47cb12ad03f0cb7e0ec18875181cf869745f5db0 |
| SHA512 | 28ef91cc1e751266f5684dc2559476c33e3241ae2b809816e8638684a439dc703b9b8df8310fccf7396f6c4625b17335a871fda25afc57986461b8f614990dea |
C:\Users\Admin\AppData\Local\Temp\ocYE.exe
| MD5 | 680d859a5d0fb43e9ea904e16543af7b |
| SHA1 | f8e02ed0ab8b2d77a981255bbfacc1711bcfbb79 |
| SHA256 | c69974e5e1c5abae4471ecdd0c7b149cef07b390c57a1701a56126ee893b0341 |
| SHA512 | ead1c5da2189d84d2dd6259dbcde02d6f28ac9850108adca10eab9b45019c666408d39477ed7d05e4b3a270c31724e31099f3b2001b9ef5c309ea46e71029b04 |
C:\Users\Admin\AppData\Local\Temp\IgYY.exe
| MD5 | c92e14c3b4ad093b24c80f62b8d5e259 |
| SHA1 | 4c3f2cc98e07130863d548be944c7f5b4e714e82 |
| SHA256 | 932ef11fc56ef178e648f100f06a3330ee8e91838931a7c74e059c75f34a0358 |
| SHA512 | 65a09346cc423b355dc813cb6be04128220281a4a2eb77270eaf856832b6b42dc61c02fbf63e2a0dea8f62300186ff8b98aeda1d5330e816117682b1081961b5 |
C:\Users\Admin\AppData\Local\Temp\iEcC.exe
| MD5 | 970b2d59a71b570d41359e09403744bf |
| SHA1 | 0f56fef08c272318d007d8d1af5e7015bb11d2b0 |
| SHA256 | 558044afeb20a40d2964b31a5f5b3850e2212614a44b58e01d149e215bca8b30 |
| SHA512 | 4fd23e1bc2488a564a4b5d0a732fecdd4451bd1763abbffbb5d62d1b895a453f44ce99a15855a8072ed3107a665cc7c5b90d6505ec407052bb24fa328c736699 |
C:\Users\Admin\AppData\Local\Temp\AIEC.exe
| MD5 | a77af1d63a2e614439b98c4831ad3fe3 |
| SHA1 | a39cf8cf5e9ebab6e4417c373ae398dd71f21eac |
| SHA256 | 55a03f3c71bc9a643d4d4fd1c0dd49891430da4ab7667ad72903e90019b7ed12 |
| SHA512 | def9684a21a73433bb870d7f9036f7be29a5f0adc6128ee236429abe2e9dc5a52381b2b592e8578b7ab1144fdda1b6b104be8a8253fba363b6dea60cad933c3a |
C:\Users\Admin\AppData\Local\Temp\AYwg.exe
| MD5 | 1eb77a6feb8655d639d05558a65eca98 |
| SHA1 | e523e1eca447e505778410e4e2bb9a9942c04b6b |
| SHA256 | ac7a9f58d57f99e6df3c8884c734512a5dedfaff7f9b9155667fbf7c4689504b |
| SHA512 | d11c4de124549e6a1d80ba262425c9b406322fb7d2066a995d64aa787d76efdfef3949151bcc4053fae90b902d5198775802bf418fe68b375f15ab13a58353c3 |
C:\Users\Admin\AppData\Local\Temp\XmoEcMUM.bat
| MD5 | 1ef8eebc2f798854b85ee7504ffdd7c8 |
| SHA1 | f3d09608cf6755882ed64dff68f42fb983ec3317 |
| SHA256 | 1520c72d54eac6a31c6cd39b690cbc2a5bf78863ab0bbc152980b48441ac8563 |
| SHA512 | 325811f6bd9f31626558d29540bc1c3f8c023a00487b34ad080075c740d5556b6f90e9ab9e25d92b0cbfc639f613a3011263ffb7e6565f62494ccd5923985594 |
C:\Users\Admin\AppData\Local\Temp\YoEQ.exe
| MD5 | d816afc0382e9dbd0452a72a698d3a87 |
| SHA1 | 028436aa3cc8fff2eeea8d8d051ac5d10f6097e2 |
| SHA256 | 7b9983ca10244e872bc59d0b801f31af100e70c37737d073a50297d0d5bd134c |
| SHA512 | 2b12c8a8725d6e1419311d641edea133c4e1d1f98740760f1edf54adef2a578ba7175f6830c472614efc04517598d5c71b2825695d03476051bfeeb1ce2ec9fc |
C:\Users\Admin\AppData\Local\Temp\UMgM.exe
| MD5 | a53f5a84efab83ab433589275b0d1f74 |
| SHA1 | 255ced479f94bbadedc541d555d6e79e85439cd7 |
| SHA256 | d9fbe8aaedd3e4cc2fa6885c2c9f13ca1b0fa0f5bf625e320545410fb2a5801f |
| SHA512 | 048d331d0f83780372090b4a72bc536ace80ba6379446fb138b23a76249b951bfbab39a5b2a6901a02feafd457171f0a6b6260fdddc54fe8cb7aa44cb7852986 |
C:\Users\Admin\AppData\Local\Temp\qgEo.exe
| MD5 | bf54e227266f398332a74e3ada724d36 |
| SHA1 | 63a4b7a98a46a0684d6c2c45bee3306069371732 |
| SHA256 | eada2e5210d3b630efcb1a46438e02bab6483461328a18898796a1cb9873505e |
| SHA512 | 14a4d66fb1f1f12cbb0a85826151c5a038ae913e013f9c4e644596d2fb104fe4f9d8bdec2e9a09d8bfff936433de5f04fd32ce2d8256b5080c94937569bdcd4b |
C:\Users\Admin\AppData\Local\Temp\lgAEQgEI.bat
| MD5 | ebdb776b385e9279884ae54b010b49b0 |
| SHA1 | c834c161f68301f0c96abed0a8ce8ece82adec0e |
| SHA256 | fbe31d4a6e2a230e607c6c5011466d7d776255c6f87cf64f6b5f4b47f0b6b2db |
| SHA512 | 578a23840a3660a61b9943ce8103ef5fd92cdff462c1e31a6b109942908ad1b849331e0bb0b9df34963d4c043ddea34fbe487392b0275ae5cdb975e20991c3e2 |
C:\Users\Admin\AppData\Local\Temp\cYwkEYco.bat
| MD5 | 2b8aaa5059118ebfbf16afebf8a59815 |
| SHA1 | 4c92fbf9571b934f59f1dd626dde2fc69692a808 |
| SHA256 | 9b05891ecf1af3cb5bcca78b0c34a385bd4a5ee7d355c5cb7e0f1d2da6b02ecd |
| SHA512 | 54f98710aa494e1e2f542bc8802ae12feea83c78f5a041886e0172270647b7328633640545d1a35a9d67b60a9c08f3e0dd96071f1593469587922b3d1e7143af |
C:\Users\Admin\AppData\Local\Temp\VecEQgcA.bat
| MD5 | 509919dce39022c8ea9141d946196e19 |
| SHA1 | fc9bd5f5f4b0d653865a26fefe2c5d53fe43de8d |
| SHA256 | a4da864844475047ac9c72ed44e1f70a4d25d8d16e12628c6bbab136c241355f |
| SHA512 | 39a43f462afa1745c14157b8a4f9afc75fecf5da7d2694cd6170e2609bae5205fc36ae1664b4d47ed0cce92e5c141d190091eaa6b9c2b44c4a43c268ec389a29 |
C:\Users\Admin\AppData\Local\Temp\gasAwIwc.bat
| MD5 | 02b9fe178293fc358170954a91f5740a |
| SHA1 | 1e85130e737bb4e7d4a9063deed1bdb8c939a514 |
| SHA256 | af8aacc364b92004d1354f60688d304bc1da6cda0d89631ea13537adf57463dc |
| SHA512 | 9fc6d63172717a9d7e17a45375925484199a8f432d3611c062c299415d1276896911d67f0589ace2e1e4c48d346c88e2197271d68845973dd9a74d29bc896713 |
C:\Users\Admin\AppData\Local\Temp\vEkEssUU.bat
| MD5 | d3f0d732ef0f214c62bfb8a6d09ee0f3 |
| SHA1 | adca9f7fe2846d0990ddca4e5182d1fe650cc23d |
| SHA256 | a54d0f70eedbcf72363c27de81fb73d1b62110cc6179c92208dc5416cffe9b0f |
| SHA512 | 96db782a4457e106bc0afcbba5bcac404fe81ff24fe671eb96703d17f70b00e146f0f7b28db12f8c25514549b0624fbe987f86628f131668cb956f1a5d5b8c6e |
C:\Users\Admin\AppData\Local\Temp\vGUkMoAA.bat
| MD5 | 2e7566b28045b43120e4132c924ae2a9 |
| SHA1 | 566e3478654b3f2f38baec843211956d86488e18 |
| SHA256 | e48de938f04ef4a7d464fe7437f7b9b56d713645f1cd553955d2c91c662b3533 |
| SHA512 | 2d0cd2a04640be7c6c1db478b25fde0b6dd4619e34db7b02175fd87fb5273e49f088221126e2a3edbd4f2ca96f16ff6ed93409550b3eccfe3be508eae13c05cd |
C:\Users\Admin\AppData\Local\Temp\mKckcooU.bat
| MD5 | b279cce4f9c854fdd6b890fe75c06cec |
| SHA1 | 7856eb5d4033ec33b3bd283ac28c0253a730d023 |
| SHA256 | 6432a1ba7352bc9b2673ebb55a97fa0ad622041a726e943bb3caf5fc241df711 |
| SHA512 | 2c1fac5f7da4994746219c2d06ebe3b8ba86e55372ee44933ee7c0cd44475d17f078846b2c29841d89ca616993acb3d9a3123bcc6e5acffd2f2d2b45efce4a39 |
C:\Users\Admin\AppData\Local\Temp\YwMgIkog.bat
| MD5 | f0b69a80a9efb168d94b6cc0ab463697 |
| SHA1 | 7d0ad23857b54a529081cbc00a86b41dc9a41dd3 |
| SHA256 | 5b27ff6fd7227b4330225d9033b67a2f205f6ce414918b9b37f91748fbb3065b |
| SHA512 | da41ec43c787e61af96a3aabae24cfacaa921a67d847327d95185906f09b123bb00e315b12a64562d34cff79571e85de17f0b02612dede3a32ac4b3091c84963 |
C:\Users\Admin\AppData\Local\Temp\cYkK.exe
| MD5 | 9bfc2f3634dfc0fe5eeb676642e63cbf |
| SHA1 | ee3a112236b76849ff22ef90a9e8b8dfa613371c |
| SHA256 | 282f85a8b6dd4de787fa552082ccfa3ecdf7ba453cd56a4a2d9d18a58aeb7d76 |
| SHA512 | 9f00875f664bcd4623cfa6a0f85942a6a70bb0da6b803aa37f6126d13b2181b5ea52a0bdd95093292ce605374e5cb7eb8cfe6ec5aaee5b55c87a667c7a96bfa1 |
C:\Users\Admin\AppData\Local\Temp\tMkcwwww.bat
| MD5 | 44de745e609b8d4b0b09b628ca040c95 |
| SHA1 | 90283cea3e6a3986b0b1095de0cf050eca9a363f |
| SHA256 | 9f61d6bd6c74b2be4b4a6efcad5079a55a05abf848e9c7c5002ba3cc3978288b |
| SHA512 | d9bdf6a761d7cdd86d7d3f622a741fb50e4065e6a98a854b1b483feadaf6351fca0978bee9f1c99d334790bf762563740314b7515ede6165575bdbfffcad8860 |
C:\Users\Admin\AppData\Local\Temp\sgUE.exe
| MD5 | 9468df0e5cfc2e9c0159e05092ba04c0 |
| SHA1 | ded1d8b2716535b277e49b4aec0f30fcb1373874 |
| SHA256 | 64458373d0bf0126986597522a61b2c55b43a32fd4683b88f8c45a63abb904d3 |
| SHA512 | 55f9e7d598db553080ab1658925a1ce510051eecef31ebb75fc8d2256e8c1313f8bb54f55f598d18801344102ccdfbecb34efc72bd646dad39874c7b45726c3f |
C:\Users\Admin\AppData\Local\Temp\eEMG.exe
| MD5 | 48c9c3303b8b56c315ef8be327278389 |
| SHA1 | 3d7e3f593f163537db4296661b1cbd3463bbf3e4 |
| SHA256 | 6464751fafa76cfbf7d5fe8688b35affcf81ecf941c54b2a93394682d4c9912c |
| SHA512 | 49fbc9479e0011f323cdb9aacd00d042c81e3eea5c3d6badadd5b11983cca18bbeedffe5e5b61f7668d29575909d47adaac19ff155c42d8010a96a14c604d278 |
C:\Users\Admin\AppData\Local\Temp\SoYM.exe
| MD5 | f40a31bf4e521ba83d4f4d23eac4c42f |
| SHA1 | afe94352579ab4d795ae1a7e0ed1f5ab3c20b2e9 |
| SHA256 | e3cf722a693aabc0821d01fb43f6d0189929ef3165d15784a457670ac60166f8 |
| SHA512 | 5d734745c4ae868ca095924769b1c1fb8352830af4ed97419d9cda800e69239e69e75c156ab597ed7e6def94d103759cd55350ea8d97d014af573ca3abf62d68 |
C:\Users\Admin\AppData\Local\Temp\Wowk.exe
| MD5 | a0369e43f6e050c87511cd1c8edc0be0 |
| SHA1 | a30e31cceca2d20a643c35d9cf13bd6a410bc391 |
| SHA256 | f51e46dd4e4632db392e2621a9ac7c6e7cc31a856009a50019e49f1d0946d0ed |
| SHA512 | f13d00aabf9983e38bce269def9870e23197a2c0bcac8e322c83fc21558107835dee14fa3d122b0c87e38da381892dde6e35fbc33e6a34b74d05b6b1610a29d0 |
C:\Users\Admin\AppData\Local\Temp\IsEA.exe
| MD5 | 48d0e0bf76b406a5468f6e418ebd0995 |
| SHA1 | c135ec0eece36fd32fb4155c7d56051fffe3913e |
| SHA256 | fb10068dc94e42984fcfacc49fd8b7d39b91d5532bd10d6c9780f53ef79d0a35 |
| SHA512 | 500bb9c8ea0a2d5d9082f06f326af66a76279986d2706572616f2186ae9e013301c16aa2195e6785c77cebf7bcba799ca1a7ba6be382603da1e1288db02e1790 |
C:\Users\Admin\AppData\Local\Temp\sIYM.exe
| MD5 | b019ffe0976f023382c4dc7d36fc4b08 |
| SHA1 | 876a76420b9fe8e7ea01274a5d3fe6c239a273b3 |
| SHA256 | fb2092be6d857fa211ad49540ded2a062825f2c25396a773a1540f5f8d0d7c83 |
| SHA512 | 041158528336339c30e6533d09d780c8d2a8d6c9ee690bd0d955e54b6a46e8c9cdc0c864b4b05902dae0380dbbcee5c94544bd08a763d31862e3061d082d8841 |
C:\Users\Admin\AppData\Local\Temp\wwUY.exe
| MD5 | c3711dcfbdba27aa2f4d7d730073a431 |
| SHA1 | 314d72461d94bb13f6fed12b5d17bba5fcedde8f |
| SHA256 | aac0ccfe937dbdd2378e042d1b229a30594458a2163faf351773663a529e9617 |
| SHA512 | 6160c2ae5bb2f9dd7064e10c1da3879be2fc77d95b86977440d23a94d6b4bb0f4687a3245296c8d494247899754e6df3ed8c478e3b05475f9b2e47ce0d712bca |
C:\Users\Admin\AppData\Local\Temp\aYwMEcAU.bat
| MD5 | 8041180c15b67baeabcdf35f16040e2e |
| SHA1 | 66a7f9aeb085f56da5e1c4e1ab0c42d8c0fb55a5 |
| SHA256 | 3704a9da428bd00f1eac7e214e4f22b09a25c6ad765e7c3a5bbe6f914b348e9b |
| SHA512 | 9d8f9985815ff9d380b0a5d9843202d069048e314e5dad75c58a04d7d7626b24253ecda577f5d2aff2d82099532a5c9d7aac7bb83491f21a703b4a4c4a601872 |
C:\Users\Admin\AppData\Local\Temp\uwge.exe
| MD5 | c0f7bf4f62239c75470d9451766555c1 |
| SHA1 | 4cf7fc7a574399795eca48528cf3d57c12d0a4d7 |
| SHA256 | 528f15d6f66e0d527d29a61e21e44457cb813e3be2233dc8fad96adb846b845c |
| SHA512 | eb78fece4d7528b1eb7b63e535467b61680f5db5c466b87754ae8f9bd5a8c05579bc068cc666a7e82b84d4172b96ff30cae0a7bdf584800fa36fd2616d13721d |
C:\Users\Admin\AppData\Local\Temp\gcUw.exe
| MD5 | 7e8e9774ae595e91ba8feb55b2ba12f9 |
| SHA1 | a2bca3c2070c53b4f621d036ab9756cecb8cf285 |
| SHA256 | 7f605f4b24ff601b7bd77f706f3ba09f96b58f0a17b05821f18ee59701d70d74 |
| SHA512 | 9404cc1dacab30422e3a65198cc9e58613be3c35437934ed7d6837a482dfdb054c96394ca7134d8f45762759861bba3fa1ce8f5c11daedf037a91616b3870351 |
C:\Users\Admin\AppData\Local\Temp\kIoC.exe
| MD5 | ec3ab03ae65890eec431a61d632e90f0 |
| SHA1 | f389d3d49cdcc3c93dfcd55ecd24eb7754950854 |
| SHA256 | 2984e37fdd0c1022583ae723f995b45d9ed7fb9ade1c948bd6a269cee6ca612c |
| SHA512 | 8aa617a81f5fc1a418bd124e202b359fb4179d291351d154d01b180f2fca59908e0d1e2211bc9f3099dd743ba65e8a4a1a31fcb6d73e1289b950ab32b497a5a7 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp.exe
| MD5 | ac0a0d49b25519fc6afc89bc8f123222 |
| SHA1 | a066c16fc36f35900bf9349a995ece142247eebe |
| SHA256 | a7c972a2295eaa1a5edc216836cba37a31f0119c880a8e9543cb021dbfce0405 |
| SHA512 | f4dfd3de1c03a2409714071b7ad2d07ccb447de090c78f2d9250e6e65e902c9bdd2506bb6f43b21b11c9747b74bd14cb03903e13d822c4333444133839365d19 |
C:\Users\Admin\AppData\Local\Temp\Cwsi.exe
| MD5 | feb488d181b8fc8868ca15bddfd69d92 |
| SHA1 | dae7b45a19fbb6a06eef88e8e36508c452f7c052 |
| SHA256 | cf26b2237aff62694d95e71d30323a43f8f7433aaa81be3c0093200d0111dd18 |
| SHA512 | 285dd5f3d3f29055f35c661fe94466ba280ccffafd72348734f1faa54579035b0df06fc7874685e2cfb9aef2cc206725eebeab225098dae5bca8e1902e0a1e9d |
C:\Users\Admin\AppData\Local\Temp\osYG.exe
| MD5 | 1baa71f614b3ac844af56f5e0349b165 |
| SHA1 | c0aec1cbfb4dc46af9e30b75e930ee74f2342287 |
| SHA256 | 11b96972187035a1ceb74eb70edb468603a24fb53fe0af295fa09f80b3257f8a |
| SHA512 | fe63afa678a5bc8ec1b2d8fd7fd22dc11e5166a4c389b6029d5200dcfc5840ec2783a5fe222f76271f5d52eaca6ea3f511cab70e54d86c0480a50fe95ddf7af2 |
C:\Users\Admin\AppData\Local\Temp\UMcc.exe
| MD5 | 2bb6139914ae5d57570a3d06ff35b6a7 |
| SHA1 | 6635f92258ba9b2aa34d108c4e5c3cadaf49d27b |
| SHA256 | 6d03dc07f4fa20e677d6a427a2ef83a97ce083accb1ff278dc26291557dc5b41 |
| SHA512 | e45608a855c1d6a6cb960e531f174b945f585a70f53449123c161faa67470e17da4d94134793fa7285a8d53b49cba978c5068a2e1c43a742578f3c2df3e7274b |
C:\Users\Admin\AppData\Local\Temp\wkQW.exe
| MD5 | e4c374c577cffbafad568ad4d5b76e55 |
| SHA1 | 46fb90b740ed342000cc7eb9182e9cf14693f386 |
| SHA256 | 8c4f8970e12047d69abb4d0a64e8945695e5d9f32bebb17f9ac8b83c2a564949 |
| SHA512 | ded4ae4f6db3080e45ff29c1ac6a0f095d74d1ff3102b1b98788d0c3bfbaf15909d9321735bb74a3510a226ecf228501e1999c67e0028001096d3479917e65f2 |
C:\Users\Admin\AppData\Local\Temp\Gosw.exe
| MD5 | 004e5113e641d08a2e2203324f5fedbc |
| SHA1 | b5c224db5e69201eddb61831034311596d2038b8 |
| SHA256 | f45f0bbc213de1932637c13fdb346e073a5ce26480e51b2bcfa48a6f3e1959f3 |
| SHA512 | a188f1a8c8ea11c5a675496f2e01274c843afff4a5719a065c3e1a555abe2612bc6f15ce5c12c3ea2a8bad8268d81ff3583b412ce2f48182d274698f1ff30096 |
C:\Users\Admin\AppData\Local\Temp\sIAE.exe
| MD5 | 12302c4fbb0168fad2e9d95cf6dcf4a3 |
| SHA1 | cee2cbc9002363a84d632d8e1a2b1bd04ac8ed13 |
| SHA256 | dda6e828c3a41e2e2f3a0e860926c544f7972fa046aa8917def20a9b8b72755b |
| SHA512 | dd1e7076bf6b81c1f11f47f3fe605511fedce1107b2549a016b181a70d6816beb6ac993d1f08cf9c0557215ca7f5a489213b8f2c3d724112ff73d9ee16d5ca57 |
C:\Users\Admin\AppData\Local\Temp\SYYu.exe
| MD5 | ab60d4af299c68f9ed44bedab90f9771 |
| SHA1 | 32c484be370716098c03bd156538dacc316bcbab |
| SHA256 | 3787e33e69ca758143f9484b6521180926d3778fb838ed7c52bfc79f42ee65c2 |
| SHA512 | 569d36e0b0acc5c00dfebb62ee44ba606049abfb7f2b53914947da57849e61d4ab5f054a40850fd740d946e53221326b0422780a2fdeb9e9ca612a58651a0ab0 |
C:\Users\Admin\AppData\Local\Temp\gkYU.exe
| MD5 | df690062139d94fac2e44fb5b1103ea2 |
| SHA1 | 00e48ab9f9fe974ec63ce47aec28bc34ed845f7a |
| SHA256 | 54ecb816efcd7bcde1abcd4438f112965a88758dee815203304967b6e4458408 |
| SHA512 | f34a705c0f9c0c8d83eb9033bbebebe8deb47566743e893002ab9e526602bebf7331f484c9f81f86ccda499a35d62c382d4ab32a734a76b37b7b559368751d29 |
C:\Users\Admin\AppData\Local\Temp\YQYK.exe
| MD5 | f909340870428335884f3e1b30bd66c9 |
| SHA1 | fce7779f8e17b8dc4c985355ca156d7f41c4ce2e |
| SHA256 | bf41c509cac3db3f6ef1547c83903190b3b1c7c86a09df015bf340292bc48af6 |
| SHA512 | 227eac2fdd341512a2e8fea599ba78eee400c3bc9c752b81fef53e812b3f06f326dfc1b9cb98cb88b7112203ca497372d51060f9145ff39b203c1a880078a971 |
C:\Users\Admin\AppData\Local\Temp\wAom.exe
| MD5 | 62c2a4238215fd5e468b42e00080faeb |
| SHA1 | 644ac43f4ea1281d6c5d9a2211e8f107b1ec9772 |
| SHA256 | 438f301a720f3d840e9a4fede240da9a05380d415fcae5ed951956add2e1fb7c |
| SHA512 | 8f1d4f65bce84b5388ba9173337669e7b34106a47f1aced1612992f0539c303d580ebc9b26d22ead0902be0bcc86dd19035054d10f8e5ff424051969c8a37169 |
C:\Users\Admin\AppData\Local\Temp\WsQi.exe
| MD5 | 0e09512e1d812fec588b034fa661a88e |
| SHA1 | e204012009524463b0ed6d23474910456d2038b3 |
| SHA256 | 35c5674c3ada29f0c0160c7f0eabcb6a3c6331953bd28630b9f54c1047f39de1 |
| SHA512 | 7753af33d4d4afae48bf1aa33a435ea8dcbae3d9acb43acb74ac88d2e6c3a5662288e7c098266b0ff39569179ae17b902a87f65d607b7eae4b93c197fc0e5113 |
C:\Users\Admin\AppData\Local\Temp\OgAm.exe
| MD5 | b635c5461c9e988ecdf61f668b2ad8d7 |
| SHA1 | b4e9bb2433988d601f97542b003c06e42c84131f |
| SHA256 | f3679a0c4043a6a112c650537c7d990067864ad533fe878059efd53ddd55464a |
| SHA512 | cc5ac595a85c95ee3557ea8142c02340e37277c3a4318176ee5ae5298471cb7c6e17e69c7e27a623f33c0bea7a40572eb25701b158778ff528083fe5df671100 |
C:\Users\Admin\AppData\Local\Temp\iIwu.exe
| MD5 | c681424deee0fac343a46623938a5d55 |
| SHA1 | e9caf53c9787dcb35439f7f7f7330e5123041bf2 |
| SHA256 | ec2d63e50da9832ccb5cd9ca18249192c037e8abe401ad6355f5bbb9c13f717d |
| SHA512 | 806da8c117dc74adabf8a39ed4d8a32222c824f2ca48e25a0ffaf8d481790ce8b2597b41d2070cca830f3f9b453508576daaf5a142af033956f034e3aa483501 |
C:\Users\Admin\AppData\Local\Temp\gEYG.exe
| MD5 | 88fcaf3f454b9d716ae5037a7ef5c097 |
| SHA1 | 57998c937757f087165f0b4c6156cc8f91dde20b |
| SHA256 | a87c97f296c507dd1ca210cfa759b9e204eb0aec0d1d463f6bf0bedf4228ab26 |
| SHA512 | d38618997f6a9016858972462420109dda34d656c5c6597a0b7354b0768d7168ba1c6b034d982ca0c497f19af276081339b9ad325688da6bfbbca82bb0ff3c81 |
C:\Users\Admin\AppData\Local\Temp\yAQE.exe
| MD5 | 1e925cb8779c168762deb15323586bed |
| SHA1 | d3e9f2372dec7aa9488ed0768b2afe334fce731e |
| SHA256 | 06dcf72ca6fe3606c4ea615b64e2ae8a22e2f2feaaac159c56e8b0837ba41de9 |
| SHA512 | 7576e605e7e5b53ead0fc4d442ca026beb8259df86c6f0f335c1ee760e88d00ca760ee2990b8ffc71bbeaacedb0de7bdd852357de80d35340045a0f0f0d3c738 |
C:\Users\Admin\AppData\Local\Temp\UwwG.exe
| MD5 | e78954377c4f8bf95c789a9568f19279 |
| SHA1 | dd43f2f03dbc1e3d50f13204ceff78a43bcaac01 |
| SHA256 | 3185cd3f3f4e6eca2ae04ba922e7daec0b4039f3b79f650971ef36b978000c61 |
| SHA512 | 2c75e0ad02e7be9a9010f76f8f12e0c8456be4afdcaa1794544aa38863d27fc2fbd7f074c39c51982c4335a66043026f240a898d7040ec7e47ed7b6ee8140876 |
C:\Users\Admin\AppData\Local\Temp\aQIu.exe
| MD5 | ddd880e5ce4432fe911da0906843a6fd |
| SHA1 | b9c6026ec9da9ef8718629c89bb3ad4e6c8fe338 |
| SHA256 | dd340740112e660efbbe7ca088d30ecb81082b23d0acea3c92b4c4f8f85fd246 |
| SHA512 | 4f14eeaebb50edb64a00491aa429cf044c8edbce39e1e47fa5dd84abf3a67538f50aeea66e9ad997b4275c0ad4172ab8eddca52091d7287185d1ef6065a75e1f |
C:\Users\Admin\AppData\Local\Temp\KsUW.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\AppData\Local\Temp\uYcS.exe
| MD5 | fbd511c70098ec711199598be01fc956 |
| SHA1 | b10984dcce6e7f5bb21f793140dcd5444387efc5 |
| SHA256 | 7d188a3e98f377796406017e3cf193c7a9a05c09a41eec1c00b602edd4d7321c |
| SHA512 | 9c85cfbcf03a2de498c92d8908fc914a81e94a7f9e631fce1e80129089c676f3755a8423033b5fd467bcf5296672ba4bded968ec481aad760e950ebebe6826f0 |
C:\Users\Admin\AppData\Local\Temp\GYga.exe
| MD5 | a73675676f512da07f252ed82d23dc06 |
| SHA1 | 2b4d1230502473e17272e2806526cd8d1c2fca93 |
| SHA256 | 134ba7b55fa61f76043c7b4a80d3b9d26fc3eacbcb792bf4f0666e39d181f9ad |
| SHA512 | 6b25d1b187c97ad087b0000d044d18d96f55368f577bcc2772c45d877fcb308e5c0688077d4a4f241975f33e7dad925d25fd61b17211c49a87c7ee93ecb51c69 |
C:\Users\Admin\AppData\Local\Temp\aoAE.exe
| MD5 | 359e2dcb5c1a709693b20dabca028fd2 |
| SHA1 | 521b1094ce9522ab38a3e11d34fad8c38263f129 |
| SHA256 | 002f1b99428829d514b2d297f17de7f2fa49df2b6f8aa4e79430b9c41ed4ad83 |
| SHA512 | 29734bfb3587fa016f8807b74a65e45007d54112018b83d920e2dedd5c91605d41003db5134409a60760e2448fb33ed0dc7c936c7875d34f5e1965b149cb4660 |
C:\Users\Admin\AppData\Local\Temp\QwQm.exe
| MD5 | b2425c41dfeda69ad0aabae1d1b7768b |
| SHA1 | c7e9e10479fbc6fe23c617732c761c86814d04f0 |
| SHA256 | 20ddebcea34997118354ac3b3a8810e61f3a52140afdaf84f1aab28de4cf5827 |
| SHA512 | 65f9a86f5581e75e087b42fe467fa996f34390db5947e088ef977df8c7e2e5040a724464d92d1bb5b618e27f9e16478edf4b2dac7977caeefd938cab756c83f0 |
C:\Users\Admin\AppData\Local\Temp\sMsY.exe
| MD5 | 9e466da3ea45921da361782f6a34aa12 |
| SHA1 | 36b457850f5adecedd2f226addb44dd7a718e6bd |
| SHA256 | c337f04868aafb1d8a8385baebfc914d1fbd0b68ad720872b057c2d2c3e6f83b |
| SHA512 | f41102cc3bf727f5bda25ea16b400ea1ce9c72353345282f953c305c8b5dbbcf16655f4118d08ac2245cbf0df38d7720781b5f8057176ae55ad36e7513a817e8 |
C:\Users\Admin\AppData\Local\Temp\usws.exe
| MD5 | c6292855f98777cb6247148dad01e96c |
| SHA1 | e653ce4b17ef0f93ee87f287a25a5a93c8f7400c |
| SHA256 | 588c52156bd13246616c3abc69dc16b0d22959e027a4f3d53fd9ad84df9deed8 |
| SHA512 | a1a67a07301eb519d8af129361978240353e49f25701df06f315f482de521763c947a7c179884009fab77b0060034df2acdad0df90d8aa53653856d57a757edb |
C:\Users\Admin\AppData\Local\Temp\EYoQQgwQ.bat
| MD5 | 5335abbaf26a6df9c709fc6a72da3bd9 |
| SHA1 | 5eb6bf7e82af89ab173436bc41b7bab1f7a78855 |
| SHA256 | de74afebccb9147ed84b65fcc828f5901ffa779c0e858c38db735b8f13332fda |
| SHA512 | 1e9e5720d08f07d4ae34c8e5c35c2dfc4d927655214919ffb2f9cfefeb3148487529683cf08a0d9eefd3762ca7172ff16cf6689bbdd80fabebcfff53f480c977 |
C:\Users\Admin\AppData\Local\Temp\AsIm.exe
| MD5 | ae5fad0b6eb1650d4e2c028fafa9cf5d |
| SHA1 | 2cf2bf09228a0b3e6fbda19e5c6e74552d2ab17e |
| SHA256 | 39d30d2a470a185874786335002beb87830ed32e0d861535fec9956df7dc5f47 |
| SHA512 | 2536832010c54e89fff7bc83e895401c050e4b292894f12bca778960f90451e6be6245dc898855b486e5d868b72ac55bc012ddb7a2c2570d72eddc579a7822cb |
C:\Users\Admin\AppData\Local\Temp\KQEE.exe
| MD5 | 67741690492429f08698dc84bcd7612d |
| SHA1 | 7a2afec03287b74cbe29531b1a415fad5aaa9043 |
| SHA256 | 0ce11f65dfa993f8105b20df557108fae7e75b198f1b53d8d8a9a8c7277243c5 |
| SHA512 | 07e9b7121e7cc30ac4e6e88d75f6e3c138bcd241c651b42fd21bc93515be5cb5ff071c694b8f328c15955a37968fe48d4b15fa11be5f5fbe531acb9a5e3032cc |
C:\Users\Admin\AppData\Local\Temp\eswY.exe
| MD5 | 859b3466671d8d676c9dbd40151f0cc2 |
| SHA1 | c542bd7724cbb9e24899a0f8920b6699202a37df |
| SHA256 | f05f19bf880aaf0ab8437643fa45faec501dae1a8344401c3d7ba96554466604 |
| SHA512 | 95be732fbc72b0c1fbd0d85848921360124b93d8c336f67e203eccd1a58973964e5e95726b3a2f10aa28743442141560e111092d66a672e2e699b51b52f97053 |
C:\Users\Admin\AppData\Local\Temp\QcUO.exe
| MD5 | de2034f1589147a402b609c1772b5115 |
| SHA1 | 263a7c35acb3fcbe61a0178d6f168003d643fc36 |
| SHA256 | 4d854356e8417d000fed27efbf2be4b8671109db9baf12dc359761657a8aa328 |
| SHA512 | c8fcf75111868d7874153b815518d0a7974e3a0ff67db6ef8ffe0fa6674620c8e2ebf4837cc552120afd17f2b0c939b262e7d79f3c4a1a85586485b9ff980741 |
C:\Users\Admin\AppData\Local\Temp\CAwK.exe
| MD5 | c38cf5da7745a3a794e64ed4f4bfbecb |
| SHA1 | f35c11d1a121c8a13dd8414210733c106a53a5f5 |
| SHA256 | 1509c4dfdd16202ee0096300f4294b4832c34d30949ec1c5d6c3c552a42ec9e4 |
| SHA512 | 78728e7b95261031b581d68800fd9360c7f8a7ba2da0d3a537476dd26da9f58c4f2b885a16cc3528f31dfe0254789946475ebf675c30113a21cc7172bf20ad26 |
C:\Users\Admin\AppData\Local\Temp\sUgW.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\sQoY.exe
| MD5 | 533981f0cbcfb02feeed2efa443c372e |
| SHA1 | 475303010dd34f799b220627166b197fa6ce579d |
| SHA256 | da3dd1b492cd903296476939eaf5c240197a662b885ab46c67fe91e4442502b1 |
| SHA512 | 888e9266108dcb70fa374b2a6354db0f396859029e408d4b0a4ee6c15220d13f326837f6b54a9358e303edc54cd100f1319b29257502f4691d02f4d1366011ff |
C:\Users\Admin\AppData\Local\Temp\oAUW.exe
| MD5 | c4273afc06179a70cae0c03a7bdc1ee4 |
| SHA1 | bcb2f36325394e4e4f220d405efa3116b285252f |
| SHA256 | 52d953e61511a05d8adb580a1b524c643ceda0eedd288103479884e0ef60c08f |
| SHA512 | 220f8a03b60c9133b91607bcf53f847443bba2d131b995ebb5d431ec8dd538bb6b707a501ab0999baa684d57053909df5fc1216dc4a0993ae075afc3f6c117b8 |
C:\Users\Admin\AppData\Local\Temp\ukcs.exe
| MD5 | d85ca17121f5c4405f21d3d6efec3b1b |
| SHA1 | a1745a6101e91348a15e5d2d2469ae86d0852b41 |
| SHA256 | 121e1325057a96d2350f37ad9114f9f791a4f2ef4ad879668c677a5aae206700 |
| SHA512 | 79fa5e3b4c83f8892beb1fc64b89095c44cf8243b3d374b32befeb5d01ef22645794d4cf5f3a202b234838399351cdee59e05d28c48b1d777bb28d36ce3f7e8d |
C:\Users\Admin\AppData\Local\Temp\aUAM.exe
| MD5 | 190891a7d7a0983f09adbfdb3b47ea1e |
| SHA1 | ae3b30308b4899ee1d89fdaefcb6f2f913f4daa8 |
| SHA256 | dfb4fff64ba3844b689569a26e7ea6a1741db432ffe2e160e129bebafd2b84d4 |
| SHA512 | 1636f461ce882bb01854807ea7c273a6692da29346ec9abb070af98838d24f547045c3238b5ff605cde5f3395dd3d75dfdeece9849ddcab9207f411cdb0afa04 |
C:\Users\Admin\AppData\Local\Temp\hoUosEIw.bat
| MD5 | 0d050142b5735bd728062109a839882c |
| SHA1 | a60454357024a507b15575d769efb2b29f50f3ed |
| SHA256 | 026693d1060bbc7ff546946c022568721df1f3dce42a006269b868c078bcd2ad |
| SHA512 | 190fcb44f8d8e1e8464647279630b181a2b0392c096649e116f11927f2c4789769df7cbf1403b782925dfc2a836bb66904ab8e89ae930d661f8ed1ba67a56cc6 |
C:\Users\Admin\AppData\Local\Temp\IMAIscAk.bat
| MD5 | 7b0a6d85fa9847dff1218bab16def274 |
| SHA1 | 0c0b32cdbe5380af8a502de3b4b812661f9522d1 |
| SHA256 | 7c9646cc3f0e9fc93456fb6e602692f77b364e91b09cf533efa9d7194b9ec3b2 |
| SHA512 | cdd05ff56b592fd284031af3d82c8b49929251c58ed3367c8af29cd996fc5934fc3016243f4f5f4e1b65028ca1319287c5efa6641e3edc86556da81385016708 |
C:\Users\Admin\AppData\Local\Temp\QIUIcwgg.bat
| MD5 | 8d22e4ca96ca922942d98432a091c741 |
| SHA1 | 13e3864255e54c22ad1d7d5a2d40d3fa42cca266 |
| SHA256 | f5bdb5e8d4dfd8a144aef6191740d16fc4b90c114dd25de07539b4e1002cc3a4 |
| SHA512 | 9695b1858127c8e3b7255c7d3ebb352b9257961d832fd8263c4646429adb650229856e9700f97b76dc11f0d9493939fa77cd4f05787cc3e0f3665abf424e96f3 |
C:\Users\Admin\AppData\Local\Temp\vCIwwoYc.bat
| MD5 | 370e55425383f01670f9dcaccc9a6ada |
| SHA1 | a9e40802baf76339f0c63c9ec1db7521675d0975 |
| SHA256 | 5c15050d039f10c6ddfebd5c10562734b8066031a810141c56a7428bebbeb40b |
| SHA512 | 2d0818746d4f7fb41145198c132f6a36edf19655b0e602c726de57a9f50ea4c85114ddd52654a5d37d4ae52d75f616a62a90567d806117b8cd586ae0f3fbfff2 |
C:\Users\Admin\AppData\Local\Temp\iYom.exe
| MD5 | 267dcda39665a6bdacda9a311dc5a14c |
| SHA1 | a233994c279a29bb53aad769e83aa836e0758502 |
| SHA256 | e3ba0b87974f50a970a23c0c48ae5987be7825b9c9152d8da1722f2a9c134039 |
| SHA512 | 7a6effb32dbe9b1cdd1b7d745e9cff05c569b2c892ec2a009d6d286504101f5cd3c38ff17162f703947a46998d470e7a2f32408300400305fa129f26d5f3f205 |
C:\Users\Admin\AppData\Local\Temp\uEMc.exe
| MD5 | f13d80928bcb4a6896aa52821adba436 |
| SHA1 | cfe0d37a14884866144df99257f47a0280296a60 |
| SHA256 | 44ad860908afa4a4190e5ca06cfd92055165d64145f8335aa4d9d01eb785fa5c |
| SHA512 | a2c489d5e736380a6bae4e36d9a4d1dce4c22e8e705442debf45e392ea1ce2accf85d401dcd58302849b1c8abd500e804ebc92deaff065e07f8c95e8e8b7e97e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-25 17:38
Reported
2024-01-25 17:40
Platform
win10v2004-20231222-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Kinsing
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\System32\Conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\System32\Conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\System32\Conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\System32\Conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\System32\Conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\System32\Conhost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\System32\Conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\System32\Conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\System32\Conhost.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (81) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation | C:\ProgramData\WMcoIUoE\LgMUEkoE.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\FkQAUwEE\GIocUcss.exe | N/A |
| N/A | N/A | C:\ProgramData\WMcoIUoE\LgMUEkoE.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\LgMUEkoE.exe = "C:\\ProgramData\\WMcoIUoE\\LgMUEkoE.exe" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\LgMUEkoE.exe = "C:\\ProgramData\\WMcoIUoE\\LgMUEkoE.exe" | C:\ProgramData\WMcoIUoE\LgMUEkoE.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GIocUcss.exe = "C:\\Users\\Admin\\FkQAUwEE\\GIocUcss.exe" | C:\Users\Admin\FkQAUwEE\GIocUcss.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GIocUcss.exe = "C:\\Users\\Admin\\FkQAUwEE\\GIocUcss.exe" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\WMcoIUoE\LgMUEkoE.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\SysWOW64\cmd.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe"
C:\Users\Admin\FkQAUwEE\GIocUcss.exe
"C:\Users\Admin\FkQAUwEE\GIocUcss.exe"
C:\ProgramData\WMcoIUoE\LgMUEkoE.exe
"C:\ProgramData\WMcoIUoE\LgMUEkoE.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sYUsggQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gQkUoAMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gSMkkYso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XGMMcskg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pokcsQcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fgEEoQYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GswckIUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aOUkIwAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EWMsoUEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mkMIIwEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TOcwoMgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xSsIIsoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pAYgYAIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hQwssAgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eIMMoMUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eCgYQggw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CWkMkYUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\owAYgEEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dEwgoYIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PMsEYAQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZAMYUgMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tUwokowA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\amcYQIYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UAMIogMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WkEoYgQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MIQcsQYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KcEMEYYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZSAIMAEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NCEswwsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JmMUwUAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YCcgMQMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OWswYcgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UgYIgYUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tCMEwwcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vosQAAgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tYEAwwsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DiQIkowg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\System32\mousocoreworker.exe
C:\Windows\System32\mousocoreworker.exe -Embedding
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\okgkQcsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GUAosksY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dqgoYkEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VAkAkMIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hgcUMQgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BmUUYMwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qqAgcMAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YOAAowAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kgAIEkgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xYMgIkII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VokckAYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nQkkksQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kmEAYoAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sGssMIYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AosMMMYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KMgkgUQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PWkAMUUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XcAgMEYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NiQsswgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QiEUUEog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MWMwwAwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KsIwIYMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FMEAAEkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RcAkYEYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BUYoMIQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NMgocggs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KUoAsEgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mKMgYAUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cmoEEcAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ewIUcEQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LQUcQoMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TcAsMwEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nugYMkgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HWoQIQME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oAgAwkMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WegwAUgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OQUEokso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FeIAQgUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lSkcssgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vkkcsUgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aCcsQkMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WIwYEQgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\quQgsUUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uSwcYsAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DaYYEUoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xaAgcQII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TicEwAgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aIIgYwwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ckwYUwgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EYAAQAkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qMUcwsks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tIYkwcIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZaMIYgQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vAEEooQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RsAYcMwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AkEskQIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OYgwoYAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EkogoYQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xokIUQYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bGowQMMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nsEYIgQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zuMMQQkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CcQAcoUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mQEMwMMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UskUAUwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\System32\sihclient.exe
C:\Windows\System32\sihclient.exe /cv uxCLKlW2z06qm+DqSDmTag.0.2
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LqgMYEEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZOMcMwoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BuggcAcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XgIcwMUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OYkYUIUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IeMEEYow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\asIkogww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kOUUIEEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zKwckQkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jcgUwkoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fKEkkAsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QiUkEEwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\miUEIMsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gEMIQUAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YSIYocsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\feMMcssU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BIIwAMMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FkQIcQAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ocQsUowk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IAMkIUcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YuYQQwMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\umsUoQMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\buMsoUYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BkgIYAQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TysEogQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\USIEQsEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\emsAkMgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iwgEkQII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fqYcAssU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xeQwUgYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock.exe""
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.180.14:80 | google.com | tcp |
| GB | 142.250.180.14:80 | google.com | tcp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.160.77.104.in-addr.arpa | udp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
memory/1468-0-0x0000000000400000-0x0000000000454000-memory.dmp
C:\Users\Admin\FkQAUwEE\GIocUcss.exe
| MD5 | 392bfc2ee95d0256dff31576a7d4b776 |
| SHA1 | a80955a60f886ebf66b4feb56634c2309fe90745 |
| SHA256 | 5c9c953b78179b46d1e3f1189ab6802e001521c0bd1c181500f88db00457f144 |
| SHA512 | ace4f632fc04de688e9a232a378b6649af38838a4102a792efcf84a74d0ab87987b6e8914c26f894610e9884fdf153876a4120c541539e160dd47837b35dc88d |
C:\ProgramData\WMcoIUoE\LgMUEkoE.exe
| MD5 | baa2ff1d614ee330aface8408fec8995 |
| SHA1 | 55ed08e2712151ac45cf1e354cb9aad8fd19d821 |
| SHA256 | 63eb82b906b833d861865f780ea487f357b07f59b863491b41546ff20e49793e |
| SHA512 | 1e5db1cb27e120d4c9ea9be072d3a39f6c37ab7bad1dcc980e57dacf3549acf4a4cda5cfce3ff5a2cbd18c54e8aeed993e1c31c53254975774436d1166436b84 |
memory/812-13-0x0000000000400000-0x000000000042E000-memory.dmp
memory/4808-15-0x0000000000400000-0x000000000042F000-memory.dmp
memory/1468-19-0x0000000000400000-0x0000000000454000-memory.dmp
memory/8-20-0x0000000000400000-0x0000000000454000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\sYUsggQU.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\2024-01-25_d6d60e591fc168d89850fd7f7b0faf81_virlock
| MD5 | 9adaf3a844ce0ce36bfed07fa2d7ef66 |
| SHA1 | 3a804355d5062a6d2ed9653d66e9e4aebaf90bc0 |
| SHA256 | d3e8d47e8c1622ec10adef672ca7a8992748c4f0a4e75f877462e7e661069698 |
| SHA512 | e6988737153a0996b14e6baa45e8010ff46714fe7679d05a2676cc18e1c653e99227e7507cdae4f2b6a99b3c31478630e7e1ae13d0f7c12525406d8cf9867ca5 |
memory/8-33-0x0000000000400000-0x0000000000454000-memory.dmp
memory/3304-41-0x0000000000400000-0x0000000000454000-memory.dmp
memory/628-45-0x0000000000400000-0x0000000000454000-memory.dmp
memory/3304-56-0x0000000000400000-0x0000000000454000-memory.dmp
memory/3500-57-0x0000000000400000-0x0000000000454000-memory.dmp
memory/4252-65-0x0000000000400000-0x0000000000454000-memory.dmp
memory/3500-71-0x0000000000400000-0x0000000000454000-memory.dmp
memory/1124-79-0x0000000000400000-0x0000000000454000-memory.dmp
memory/4252-83-0x0000000000400000-0x0000000000454000-memory.dmp
memory/4696-91-0x0000000000400000-0x0000000000454000-memory.dmp
memory/1124-95-0x0000000000400000-0x0000000000454000-memory.dmp
memory/1812-103-0x0000000000400000-0x0000000000454000-memory.dmp
memory/4696-107-0x0000000000400000-0x0000000000454000-memory.dmp
memory/4936-117-0x0000000000400000-0x0000000000454000-memory.dmp
memory/1812-121-0x0000000000400000-0x0000000000454000-memory.dmp
memory/3752-129-0x0000000000400000-0x0000000000454000-memory.dmp
memory/4936-133-0x0000000000400000-0x0000000000454000-memory.dmp
memory/3752-145-0x0000000000400000-0x0000000000454000-memory.dmp
memory/4632-141-0x0000000000400000-0x0000000000454000-memory.dmp
memory/3496-153-0x0000000000400000-0x0000000000454000-memory.dmp
memory/4632-157-0x0000000000400000-0x0000000000454000-memory.dmp
memory/3496-170-0x0000000000400000-0x0000000000454000-memory.dmp
memory/4532-178-0x0000000000400000-0x0000000000454000-memory.dmp
memory/840-182-0x0000000000400000-0x0000000000454000-memory.dmp
memory/4532-193-0x0000000000400000-0x0000000000454000-memory.dmp
memory/4824-201-0x0000000000400000-0x0000000000454000-memory.dmp
memory/1044-205-0x0000000000400000-0x0000000000454000-memory.dmp
memory/4436-215-0x0000000000400000-0x0000000000454000-memory.dmp
memory/4824-219-0x0000000000400000-0x0000000000454000-memory.dmp
memory/4772-227-0x0000000000400000-0x0000000000454000-memory.dmp
memory/4436-231-0x0000000000400000-0x0000000000454000-memory.dmp
memory/4772-242-0x0000000000400000-0x0000000000454000-memory.dmp
memory/3792-250-0x0000000000400000-0x0000000000454000-memory.dmp
memory/4632-254-0x0000000000400000-0x0000000000454000-memory.dmp
C:\Users\Admin\FkQAUwEE\GIocUcss.inf
| MD5 | 27146e8092ba01f097e01503cbd0f5dc |
| SHA1 | e5eb9a5e4659e7af2e2531f1305978be0a5b0d01 |
| SHA256 | d955139199d95fb0fe4bcbb5edc1d6f0a3dea94ed03ee510491939e64f953f02 |
| SHA512 | 67cbe819e76af6bde0a4764bbcfb51f9b5bfa12243fc54ac952401c104610a92703528a7e455e8ee08d95f34a9fc844af26d1a6fd0dd5c29761a12ba86dfcb52 |
memory/4244-264-0x0000000000400000-0x0000000000454000-memory.dmp
memory/3792-268-0x0000000000400000-0x0000000000454000-memory.dmp
memory/2064-273-0x0000000000400000-0x0000000000454000-memory.dmp
memory/4244-277-0x0000000000400000-0x0000000000454000-memory.dmp
memory/116-282-0x0000000000400000-0x0000000000454000-memory.dmp
memory/2064-286-0x0000000000400000-0x0000000000454000-memory.dmp
memory/1556-291-0x0000000000400000-0x0000000000454000-memory.dmp
memory/116-295-0x0000000000400000-0x0000000000454000-memory.dmp
memory/4168-302-0x0000000000400000-0x0000000000454000-memory.dmp
memory/1556-306-0x0000000000400000-0x0000000000454000-memory.dmp
memory/4168-314-0x0000000000400000-0x0000000000454000-memory.dmp
memory/3744-322-0x0000000000400000-0x0000000000454000-memory.dmp
memory/1636-330-0x0000000000400000-0x0000000000454000-memory.dmp
memory/1404-331-0x0000000000400000-0x0000000000454000-memory.dmp
memory/1404-341-0x0000000000400000-0x0000000000454000-memory.dmp
memory/2296-342-0x0000000000400000-0x0000000000454000-memory.dmp
memory/2296-350-0x0000000000400000-0x0000000000454000-memory.dmp
memory/4416-358-0x0000000000400000-0x0000000000454000-memory.dmp
memory/4968-359-0x0000000000400000-0x0000000000454000-memory.dmp
memory/4968-369-0x0000000000400000-0x0000000000454000-memory.dmp
memory/1556-370-0x0000000000400000-0x0000000000454000-memory.dmp
memory/1556-378-0x0000000000400000-0x0000000000454000-memory.dmp
memory/3708-386-0x0000000000400000-0x0000000000454000-memory.dmp
memory/1856-387-0x0000000000400000-0x0000000000454000-memory.dmp
memory/1856-395-0x0000000000400000-0x0000000000454000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gooc.exe
| MD5 | 3cf3f6cb817acd082dbd569034782562 |
| SHA1 | dfc3ab3a77338f5399a6b7de37874fbc2b6e3c00 |
| SHA256 | c87d881f4ae87a9be069d12318d99963778cc20bd1537c54cbbb369cdd0030dc |
| SHA512 | cf3fb57abdf3d086d3034cfa3f41a9f6ec02b9ec7ce8301badb6f91d5e6aad8943f595edc7e93dead851ae0c6decfcd455958c2602b1ca5d8b90f167aa02cced |
C:\Users\Admin\AppData\Local\Temp\YUom.exe
| MD5 | b21450f68cdd9a9e5c684abb953bd3d0 |
| SHA1 | 835ee63bf08cd6d254ad578438f13be323dba1fd |
| SHA256 | a26cbe9649a3a3e60757f0d7ca31bd9a470b46aed82ff98a674c027be7ed9e70 |
| SHA512 | 3db54518d7c13e440e1267b2acde00c38739c7bd2a88f8f56b723b9b63ba0c567b889199f0fd8c4a8cd4f2d678b35376c64e618c59ca1b505db215e8b5111d80 |
C:\Users\Admin\AppData\Local\Temp\GEQu.exe
| MD5 | d92cbf58086418b8c8109662d13113a7 |
| SHA1 | 598eddb0f929c8de107c0562305260fa4a765a76 |
| SHA256 | 20516ab7db5877011db5c0258e5c7ac6bdf3b7a553db731fdb069d86b8ac374d |
| SHA512 | de96c7dc70900d597e6ae5c850c4292a2f7f7907ef074b85baa5b02c0bae571f72e8e1ab18e88e9fa6e7d148069a595cbdf19bc287331b6b03eb122f5cf3696f |
C:\Users\Admin\AppData\Local\Temp\aAIo.exe
| MD5 | fe3949424129220be8aeeeae19fe45f5 |
| SHA1 | 1ced2c9f4b9672f26e3689319512a193bad80762 |
| SHA256 | f66536b7c6edbe0f090bf3e7015e66a4109d062bd832a509d3915815e299b4dc |
| SHA512 | 029540b54b881513cdcf50af1215cd67c6aae7d73fa19a5c67764cc2cd0c2e3133690af75e50c5e562e340be6e05ba942ab0e5737ebd9c325d25efcc0eddbf8c |
C:\Users\Admin\AppData\Local\Temp\qkwW.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\Users\Admin\AppData\Local\Temp\EgYw.exe
| MD5 | 3d879083b85fd312c5c16b6eeb350775 |
| SHA1 | 4a44b597360e02cdc1632f9c6019ae7a66758b3c |
| SHA256 | 0d55c19bdf617dd7db14873441e8d26986a761eb6e671e1c6e01052696ca93d0 |
| SHA512 | c0f5daf2d25f00266ac86d1931863aeec1a5a0de9c255f3e893ede1c083aac612db1b214fd1a1b345a9258de9a2ed9af225e590ea9ac60217f55def5733bb8d8 |
C:\Users\Admin\AppData\Local\Temp\eQUa.exe
| MD5 | 358169dee32b1ae05fe78e3f7075f5fa |
| SHA1 | 204b15146eae9a6afb996d9fec36f573aeb41562 |
| SHA256 | 6880147c72c177ea6f396b4ff40d9d4af8b6ef7c188fd7f51d30f5c9d565090f |
| SHA512 | 053ebcb046693548106fde7111e8173d9d818b1713eac7fa14fc9225558b93c65e73be079a794369f026bc7af281c3afbcfdb15f3286a907448427700d9a4933 |
C:\Users\Admin\AppData\Local\Temp\ekQM.exe
| MD5 | fe5acc5f7d7f96ae2c0062bdef02693c |
| SHA1 | 6255fa045e217fec406f332dd6061a0f354e78e6 |
| SHA256 | ebe10ef698be975303890f151a0c60c270cf7c15e743e4de3f84374b744ce2e2 |
| SHA512 | 90e306cbdedbaf33c29d8a11b9d50ba5b9d8c84baf4d374ac724486a71ea46f1ea65abcce709d122d4cb6c3558b8aa59e74b764adb8fb7c75ffe80c8d05b3d6d |
C:\Users\Admin\AppData\Local\Temp\OoUQ.exe
| MD5 | b1b1a914c5e858223b1dcfb6b3314ed8 |
| SHA1 | 45c6dc44df765826bcc773366d28aacf5964c966 |
| SHA256 | 3daaa77189c70232c078bfa1d77d14318117287c7d3cf21b8266c940d546da56 |
| SHA512 | b1a543d8335932ec838d4f5f415b0962421cef9ad1020073a3be56d1b82c910f73855ae827939086d5ad33a07ac3ca88efd92a5f362f9e85d0d36fa21dcd8e77 |
C:\Users\Admin\AppData\Local\Temp\GkAm.exe
| MD5 | 3c8c60779a9de8e468f745c166c292ae |
| SHA1 | 11ccbdd50758b8fbae3d93311b20d38f387704f2 |
| SHA256 | 3a1bbf23f35f4489de8ed19205b65c45120e6d336f3a02c817a765aceb2085f3 |
| SHA512 | b8f02ecefa2cd9fcbd907c80a1071235ee2d2504546f40cbc61f1db703a8080cb3418b90f533def9f26b6223d08e8954b46f634bc7527a2c4940f4d20a12b452 |
C:\Users\Admin\AppData\Local\Temp\CMEU.exe
| MD5 | 72e05eebbdf9221478dc2c90c89a6359 |
| SHA1 | 898dffd83684778bee368f24f1ba3b4def99447d |
| SHA256 | 95a46f7288d9f5051da47822f5f4b97493e6bd13a62c70cd37a0f6afc2106860 |
| SHA512 | 4f53433add3d53822b76041b821fce1808bb8e344d07cff4f5d5cc55e0f6ce4518a5b645f27bfc10c86a3cc9ec64013f2bafa40a199218834a944d7892520cf7 |
C:\Users\Admin\AppData\Local\Temp\KwAe.exe
| MD5 | 4d0f969c38d42c1f974b2dd5a44651b6 |
| SHA1 | a902ebf27841a09fc7404d0166286c5b545ccd3c |
| SHA256 | 5d158f1df954038183c1fb1d2462fd81ba01adf820f0b8c393a9ba5cae06a967 |
| SHA512 | f81726e34ee1c03113e1303f20c05a51d33044ac8d415222524ae69121bad168837d768474d3781bdc417e7bd669694fa8334fd56b6bafb7019a31ad6c2b8717 |
C:\Users\Admin\AppData\Local\Temp\ukkc.exe
| MD5 | cb67e3f2a2b1dbd9c900d92824329985 |
| SHA1 | d4620bb1e5308a0c0665ac0338eb2d196e1ede25 |
| SHA256 | db032515ec0d7ba3d7885f86a03c262cad98e02cd6ffff3c510fa9a6866d7113 |
| SHA512 | 0a46fcaea31ebb9e1622ce01f70887d991a73388767de58245bf8f92256cf54b2942772d58d05219f382221c177c09115d7101dc9c35cf88584b63c99daf4612 |
C:\Users\Admin\AppData\Local\Temp\KEkO.exe
| MD5 | 70976f6f843167c2680225d8c56b1aa1 |
| SHA1 | e8b1b1a1487890a8a802da188a9ba56bad8760e4 |
| SHA256 | 0a5cccaf00e176463660750ede912de3e5b1cf7cb9228d6e8230af85595a75af |
| SHA512 | a126400652e27673d1b176526763f4fa56d89235bb65f2c9278f0511684792279c05ad42018cb022ed4fa0e7dc61c080883724d9c747730e43dc03ea68de84a2 |
C:\Users\Admin\AppData\Local\Temp\cEUy.exe
| MD5 | c0752b19c7e3cd8806b98de64cbd1034 |
| SHA1 | 05eb4c7e26fd4d1ff7379fe3951f527bbac27139 |
| SHA256 | 4dc938d4b7dba6f1b436493f6bb50be3f01a534e5b8c33a3b7da4b237a7cf446 |
| SHA512 | bf1926700f960f6ab0423adc65f21de61174e6ddc23d515d68eb91c1b92529e3238984f2161507f4007c04e7d01c3597860297da5824fec04dd6aeb0638869a0 |
C:\Users\Admin\AppData\Local\Temp\YIwA.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
| MD5 | 5620b88b71da37271a54428afe4090d4 |
| SHA1 | 64ffe6df6d04e0e3e00b3c4cc84ab71c0da5673b |
| SHA256 | 9021fff046eaadccc75ffd8534b0025fababe069e59926ef5eebff623406c1ae |
| SHA512 | 65c1e56b9f12bd69c28340377cef47a25475c998e8919d38647b330d37ae56831141e691c78d5e21c9813dec1987d6b99e8a27d97bd7bec4d305ff750c4127f7 |
C:\Users\Admin\AppData\Local\Temp\cssc.exe
| MD5 | e88bb9255f806c48d558d8569e6d055e |
| SHA1 | 327cb9f03cdcd7c4764313f01c384389ea172bc3 |
| SHA256 | ad56148a963d5b89a283c061ca3a77080882df5a4c8cc296aa71a2fc75a52c95 |
| SHA512 | 1a8fb0d2f3f2ad446b0a6cc412fdc0e367b78a9d78797cc90e99fe0646363ee2694dd490b983be8385b33978e3826beedc1fbadea4e78807060f128e5578dd5a |
C:\Users\Admin\AppData\Local\Temp\AkAa.exe
| MD5 | f96920e6b995efc764cbe3dcb7ddf3fe |
| SHA1 | 3c6e5b2a0c60809442a51e2044d9df4d685f4aa3 |
| SHA256 | b3df55e154d664ac679c9ff2ec14bc2c1b09b5126bd2d37875269a1800b2253c |
| SHA512 | da4c8c2a585e9310c55938dcc29e9873ded6f2d7bc1039c1c069b959588a2e5dbffcbd58a58cca66a44d1da882b47be549b63f43d8ff9436dc95a6d0439c2bb6 |
C:\Users\Admin\AppData\Local\Temp\AAwO.exe
| MD5 | e8565d41d064d9e603e26d1bd6459b33 |
| SHA1 | d2b154c1a07fba774cdad8ab225a2b7bcc9ec3cc |
| SHA256 | 93d8c02f515c0b5866af9838a5742cfbc702c0ee3c8aa4bc589093f43e9e7269 |
| SHA512 | b0c6bc105724b08b25464b847a01735c6192bcf1e71d188958065f780d2c7d561c95ff22f33ca1ecf7827792be879bb840eea7f9ac3a111113fdbe85904b1083 |
C:\Users\Admin\AppData\Local\Temp\YwIU.exe
| MD5 | 1035ea6df342eb9fd20461c8124182ff |
| SHA1 | 102cb9bb8b6e1e92c8138d439b39741488078e9d |
| SHA256 | 1505df6990bd5112be9e9711cb3b8ec60c68608966464e90e1d93bdf78eac64b |
| SHA512 | eee24085b8337b2b1bbdab36ebab265d5de4e56a900cd1c558de45f307611f67f906d70e56627398f27e79da955c5d084637ac86bd56a6c25f2aa5a04d6660c0 |
C:\Users\Admin\AppData\Local\Temp\sMwi.exe
| MD5 | 8fc6c63f9456f444e6cc521bade4dd32 |
| SHA1 | 4bc01dfebb2d7b422440f244daec2f9cf5e6ff8a |
| SHA256 | e0b1ab526ecabbf68f951a0f7a8076d300d31150b2d25b34f904b6e7fbc07365 |
| SHA512 | fd326f359d8a80458c48ccfb11118f5c721b24c89648c871541d3e32ff7493fe87a01f8c13d59c2bb351de49297493ce5ef00517df3aac4c255ab899f766f26b |
C:\Users\Admin\AppData\Local\Temp\GwME.exe
| MD5 | 4f199d9b013889200b6a90420ce5011d |
| SHA1 | 9f3277d0d5d022c9ffd86c7052dd626612b0dc9f |
| SHA256 | 6495f098bcb9b74f1f4dffa94d396c5460d0cc759130fe41f762a0e7bfdd502e |
| SHA512 | 0376fff85273b20b40dd2d8d32fbc6efd72c0741bfc83bc8fa95f9e83ddd5a306014ddc1fa2fafacb81f4976be6ff856d5d2934a6dc8f24b8fc3ebfa218d1358 |
C:\Users\Admin\AppData\Local\Temp\AcwC.exe
| MD5 | ede609fabdf03d562dafa081c10bd6f8 |
| SHA1 | 5dee8c931c10e997b6694ce6b643338c859160d3 |
| SHA256 | 298c0509768c7549ab70a071105217302841991a2755184f387ddb3f52454f3c |
| SHA512 | 74ee72c53d715e676b947363e3902a66e25413d887dafc52dd5d6a65d362b3f89d2362bfadedfa582129d8e9b1439b1fe2e2a4183830b55efc4a79015f370cf2 |
C:\Users\Admin\AppData\Local\Temp\GUEM.exe
| MD5 | 8be84e85399c8cb3092266e85d880988 |
| SHA1 | c8ef2dee21bdd57110dd65ff996e5d024c789fca |
| SHA256 | 43f1d2083bbc3a0e07f7b09a2f1be0c6b8172d53d13d9e8acb401dc33120a2a4 |
| SHA512 | 8a9ecbea49751e363a54b0021f6075635b6058f8d702589fc9f6ec154e911a568e3e2c083688577772dcf973891728840b3964169d8d3124b626db02cdc108f5 |
C:\Users\Admin\AppData\Local\Temp\gQwy.exe
| MD5 | 04289a55f0d2ace587b04f3b070ca439 |
| SHA1 | 97f4339afd8919e7e60a45b11e848b982c70203c |
| SHA256 | 2d00bdde507d34f4709fe308dc23622b89bd0795a76ca64673dc7cdeddd258c5 |
| SHA512 | 26f7b3939117e33d8f0b77b24f94bd6e9c822fc35020623018ad182b5b97b0698ca13360d52452da72e9ca3408f5905038e580fe991d9099e833d0436af6fad4 |
C:\Users\Admin\AppData\Local\Temp\KcUm.exe
| MD5 | 5e06bcf4994ce4c7232e82e23910d484 |
| SHA1 | 0ab379b821675730ee28b374775f465843b75c6f |
| SHA256 | dacaa1dca3649ceacfa04e0521bd6492859516da6ecddb4a3249abe66c0a652f |
| SHA512 | 1c2f4eb0f2a7bfd2bae88ad02f51700bf7264cb7461bb97c57284cbf430bb5ea142cdadd9e6b099a50785f5dc7949ef5cc819b0df4d201e028286542686cb796 |
C:\Users\Admin\AppData\Local\Temp\cgMW.exe
| MD5 | c36969f2a470d5ad6e14a582c8bd02c4 |
| SHA1 | bfeecef8a6d7f8d05d99d3aaaf52844d4a828f87 |
| SHA256 | 2986fc855db1f922c4e247c89a88bc46581e5e09742e2af1637367edb540a9b0 |
| SHA512 | 1d2cc1c61feba78cba0d2b0be0e9c5ad20f939b946ce2da528776efb97830e564b96dc5fb98e6d6cdb1a44153579e7388a4f843ed7e2e8f3becfc4a8ce5cfe05 |
C:\Users\Admin\AppData\Local\Temp\ugIo.exe
| MD5 | 3f0a7c269ec4289c208606a14d0c3a78 |
| SHA1 | 61b8693ad2221ccd52ce4fcf1ae520fbe1b927a7 |
| SHA256 | 60954b0358d64db7c38bc1b23d4699ce3359fd225b5b22cfaa8df8ec8b82a5d4 |
| SHA512 | 09a7257c65b78a2e07fd5fbb9c697a478d35bb3b764e8c2e26d25436c93f66cc8bd1e69286e18a847d60ef4adf26157fc1db50f1b84a159e84ec8146a25ac58d |
C:\Users\Admin\AppData\Local\Temp\aocQ.exe
| MD5 | d751f0efb6ea1a6553ff6487f3f662a3 |
| SHA1 | 24ae6c0d87cb129fbef4410814d136115ef9849e |
| SHA256 | 5e588c86d9fed0c31974afc19d728529dba3db5c5f2474f263cde4038081fde0 |
| SHA512 | 49ea8ef3eb7040c6d65a2f2fb90167a3bb791e4592b6fd7abeeb8568b1f33da1ccf303d5b427d4a33993fcde33871e4694ca44a6e664c7b1cabc7687f348407e |
C:\Users\Admin\AppData\Local\Temp\mIsw.exe
| MD5 | fcf22d2791b4d2f5d5fa6b0244786ac6 |
| SHA1 | e011f637c1f13daca65911d5e46d56060b6088b0 |
| SHA256 | 2e6c4fe1a48dfc030e6a0a7a95a05ca5b910b4a5537d4d177a5752e02e8cd4e0 |
| SHA512 | 39d0c7520f3205329edfde81cbc4222df5d309441641b7015636e8b20a07ebdc3091636f8646da9da0c004b025be98d50eeb06395a3bad41445b300610e2e0f9 |
C:\Users\Admin\AppData\Local\Temp\eEQs.exe
| MD5 | 496f9e85fbe18e4dcdede016551cbb53 |
| SHA1 | 66d46d8dabe1ab6f50588c1bd6a6a0b641a630d3 |
| SHA256 | 577c8a9413160eba9b3f13f89159581ff1a9af46ab3e2e969504ca43265d7488 |
| SHA512 | fabdef5f395e18b914879e49f273c786273257bef317f92c83d0a29baeba3ab0dca29ee307bf9eeaba5d5b9c5978752d986174710f3295829b88f4be7ce5ef6a |
C:\Users\Admin\AppData\Local\Temp\OcoE.exe
| MD5 | f03713ebafbe9e356c14f87416ed312f |
| SHA1 | 49c03d112a670bad9e8a019068f131efb1dc04d0 |
| SHA256 | ed3c528457592519ea68303260330129e8147ca3902607dc01dfb687938c4627 |
| SHA512 | 460e7023ce6fa0bf5b95e5609168f9623b24276892ab115d5d9e8218e42c7faf4e59abe9ccc30a0ea7a7aad20c9acf7286022979ddda447b5d71f6138ae5c819 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\128.png.exe
| MD5 | 37c4646a64334ed5a3faf9517c182cd1 |
| SHA1 | 5f9946278cd6b2cf46769ca8f5fcd0be83ea9ebb |
| SHA256 | f82cc289b866307e07dd89cba94635e4ed13e200968becff6bb4fd57dec7a8ab |
| SHA512 | 62ae0f6a46d633fbe20d60662312359f5cb1c37d1127565bda1e873d51a871b4ad0ade0066b30840dc3e0ab5fac071043c52315be41be24242603c19f97fb26a |
C:\Users\Admin\AppData\Local\Temp\gggS.exe
| MD5 | 981835fd3e37640bb23d27896302ff74 |
| SHA1 | 7bf5ca4f0d927caeb25fed489135b8c05e25020a |
| SHA256 | 28aded3031e85b441456a116d3deca714bb1ad858c425f658457dfa25d509cd8 |
| SHA512 | fcf6b9fd67ad069a180a5610ee38431d8c856c4c6bd8976f1268bbcc60296b1ce34d6777cb2ab6424ca198397ca5638cb4de9f74c197177b8e4a6288011d698d |
C:\Users\Admin\AppData\Local\Temp\qoIk.exe
| MD5 | e9c7bbdab128cca7d79f67f62590e308 |
| SHA1 | 304e2fe096c358a278766c68ab50d6eca8751106 |
| SHA256 | d490f6e349f272f835baae94240f5821cd4a4e270402c6b1dabb579e63bcc22f |
| SHA512 | 35e7c3d6f432c32f0a569f9a30669591dd414779bbe29b2afe85e89a145e6c47e6bccf6d674683b4d0a693eede84ade6111bc0f5a09eb667a5acf2093582d22a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\48.png.exe
| MD5 | 7860eab1f8717e423c72c340e5cbf719 |
| SHA1 | 24b1523336159a55d2e6672dd494bc20b696c2b2 |
| SHA256 | dac029cec424749e58caa120194f73a88400c5077b8cf0e52c043b61a83e8e8b |
| SHA512 | 6369244fef612059659364166230181a2c81dbd6aacc67367c910df7802bcc2c9898e22d202ad8bbb6c3077a5e15e1dcff7e8b27756b640929e003e1719efe4f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\64.png.exe
| MD5 | 72c232943b6c79181a3971a502692963 |
| SHA1 | 0bf6a3c7a0bff320f83b44c5dfdceadc8abbf280 |
| SHA256 | 84052475de9d6f309967ed10e6d437a6b25e05e0c034d1d57158e7cf239561cf |
| SHA512 | d4327f35e27e35260be36b54ceda67afcf600ef65594911f6315e70265cf5a26dc19cb94553eddc578d9d23a6bf92c962a5cc14115ecaeadbad9d1f21a995929 |
C:\Users\Admin\AppData\Local\Temp\swcM.exe
| MD5 | 81fcbbf1cb6b293d78cae691e7c7ac15 |
| SHA1 | 8fd9dccf94ea26712ffdbf2ab1d7ee97181df12a |
| SHA256 | deea2a0100a285c72bcb1f3a6d4486e8dfb620312a33273d42bec5c84558c8af |
| SHA512 | 65b487d966b3b431c09f3e080164048a0df877a5567fab506de5d7f3f29e14a3dc098de48c097dea711287068b2bdcca9c334d682bdf89f35f679993a84089a4 |
C:\Users\Admin\AppData\Local\Temp\YgAc.exe
| MD5 | 5463d9f4d0f8574456885338113dbdbc |
| SHA1 | 3d7edc14de2dc80bc7c43c5340c64879490cce5c |
| SHA256 | adcf968ec2bcf9503ead5d47acd4717ce28ce1c8167606deaea46c79417d650f |
| SHA512 | 6ddd84b281e1197912046682a2706ba50500fa45be3c735bca79a7e425ab4390ee816251c5f31f9e4b92ec4177eb14df7ebea4ca50c766620cc6ea02da75da0b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\256.png.exe
| MD5 | 535fc98b189bed5b71153aa9469fa8e1 |
| SHA1 | 8da3ef8c90d7625dec60afb478ed3bf4e04bbdb9 |
| SHA256 | c9db565dab322ae2fde1679fd0f1c177f9dd6f7b8b71eff7142ed733c9c44f59 |
| SHA512 | 782d37d8d9abcd5e6dd1f2e5310565ce824462ecac2eb8422768e726b8e71fc32d707bfaab999db030cc304bb3ed8e6cea6904b036b4bd04c547a3493ccad55e |
C:\Users\Admin\AppData\Local\Temp\uQsC.exe
| MD5 | 1ece54c20afb029931e7877a0c0d3da9 |
| SHA1 | f15ca562ab912a05367084fd1923c1406f18d796 |
| SHA256 | 57f60a0789bdfb4428464c7d0e0a74be659c941e0990f18b3e9fc6b8cd2fe872 |
| SHA512 | b3223c9e0af9527eed7df20e8241f6c254ab10ad0e9fe25040dd703a556aaf1d95f5d8798e88d35dc68c34f28032afee7a2c998c5050b91bb22d2a901dcb3fef |
C:\Users\Admin\AppData\Local\Temp\ecgA.exe
| MD5 | b4c4fa510ef474e33c581742906f2b01 |
| SHA1 | 0f90d32d4334d87ae3166be7ab7244397812cd9a |
| SHA256 | ecfc6b2e7a09df08d22e8400439f533311213ebc7800d1579d3b4bb89dfda089 |
| SHA512 | 4a02644e029359b9ca68c9d72c7de0f40e9bb5975e3180d1179221dd04b8bf3705d1394026c0afcf1facffe16e6e9d547baf726e5aa1b5d07d9a0d634482e80f |
C:\Users\Admin\AppData\Local\Temp\scEM.exe
| MD5 | ecaf579643d346693230f7a1175f4705 |
| SHA1 | 3ee04b234176c854c4e41ca060a304f3a2fb3dd6 |
| SHA256 | 813286e86d70fb469a6437f62c37a9fcd4a0eb5283a5aa973616b114aa01fe29 |
| SHA512 | 9f8f640c3a9c7a4768d900fe7f66c5a017c7d7e00ffe9acca22ab93bd4a04972642fade37faa2f9f38f87d43920d6a46b32c6b69af7a4c9ef437b13116f38f05 |
C:\Users\Admin\AppData\Local\Temp\Asoy.exe
| MD5 | 3f5158a434bacda61eed05e2e65d1656 |
| SHA1 | a6862de8ba6c2362236ec8f786279af2a3beeeab |
| SHA256 | 883769e39c7ce8675e3290a29aa0a2a1d31402fdad3c83ff0024e24b1ad2b17c |
| SHA512 | f0262fb075fa75677f6beafab754a64d0ce47fffda9887ab2827b54f9109bb036f1cee7eb7c65829f72a8bf9931ee346f918620d00f7c69ec7e4364d5276c5a9 |
C:\Users\Admin\AppData\Local\Temp\swgO.exe
| MD5 | 65ec0c0a9642d7185d533fbc402d0527 |
| SHA1 | c29edd560c32129f930c4e5651906869cd25a3a7 |
| SHA256 | a3b293b333f5cc89e6ddb12dae57eea1bc00280752482d1c0a811ce7ae94bc9e |
| SHA512 | 4df05ebd84b9b39b5994f83dd3649fa743aac04f6f90bc67d7dfc9149c937bc133ec50d097fa1bbc9baf4ce7ce61cf6f012b798435a614ab0feb150d8a393013 |
C:\Users\Admin\AppData\Local\Temp\Ygks.exe
| MD5 | 0197fa13fc9274f3929123a4d5b9be0a |
| SHA1 | 9797a724f4842a93186762590e150e8f52557e76 |
| SHA256 | 196b986008e5a873ed48bfdd4ad0e751e9ea251070e9802ce6350f61c8fe5724 |
| SHA512 | 56d32933411ac61cd88caac3a6bdfcc98c772a582a56fc041ed431e961046d7e2fbdb9b857818d71bec7c54e9f57c7a13c64ce6e9c3237b98582e0ec78ea043c |
C:\Users\Admin\AppData\Local\Temp\KQUo.exe
| MD5 | 96028fa2e10863934160fc7ba70c4438 |
| SHA1 | 798f1492d1b7d5555eda1d4011593920c72e501d |
| SHA256 | 6da095eb72a3211b99c2efa1c1ea46547eb4bf80c8161d26248075a6ad90e69b |
| SHA512 | 96072dcf632df4551fb6b77d83d7fd7f6cd0ddddec9de9b1c583cc08b553f796eddf6cfa2c5061fcd3d59ec89bc833163a124d1da8e0caddaaf31d9825cd4237 |
C:\Users\Admin\AppData\Local\Temp\IEkq.exe
| MD5 | a5fbe1ef332ba261f8d2bf8ea298a9b9 |
| SHA1 | 86a069c3ae612ec8483b87f0921d87a17644bddb |
| SHA256 | c5531119c617a02a77d08f629d7eadacd5cbf136517984aaeffadf113dddb7fa |
| SHA512 | 31936ef6885b91e1c91fe9b7087e50dd001e9b37b22ba84e51582f453df243984d188de4fcb0fb2fd1d463f38769075de948803751e5a496a53ec681770cd155 |
C:\Users\Admin\AppData\Local\Temp\eccO.exe
| MD5 | 1ef4861e149fa030f96e4c4c875bdd9b |
| SHA1 | 8426a4db4a61e770582f1e4825b0a421324f59ca |
| SHA256 | 2d71f89f02f33b0512786dd2d7616a2ed94930a065bf2cd45be5edc2cf6bc9dd |
| SHA512 | 348f93b08b34999e7c55c67350b63bbdfcd5d2de966bc54941a05ee2685cc6c5f763e96fe6fbe5d90b7680c380e83900f2b0a90c6737ce31de90327a19668bf6 |
C:\Users\Admin\AppData\Local\Temp\wYgG.exe
| MD5 | 945d10977f89a1cc922fe863737981ae |
| SHA1 | 259c7dbdb6e36044c4e7d551d581c7f4be216dbc |
| SHA256 | f84bc71a91d080ebbd085befa48fee6acec68fc04561d5f4f0d2c7d3fed4b129 |
| SHA512 | cbda93e365992480b23b9632f7b76500bc3d7e2dd22e7aba760c310d5490a44c9dbfdba7dafa39333676796f62326f6b9511ad8ff6f80cd851c8588496fbad93 |
C:\Users\Admin\AppData\Local\Temp\OAYK.exe
| MD5 | a2f854c31a7c6b4c2d57a2c3ca8b0490 |
| SHA1 | 24116c59ba3adba7bcccc908aa76d7886885f664 |
| SHA256 | e4ea100a34cbbd1e76129ef39226956ada094088d9db7b5c7db84107225897a0 |
| SHA512 | 6ead955c710bd380948cd1ca20a1ef026f2d7d8d218d2c3e652990ded5f5be7ba4563421634b420388a6c4e44e63cc352b3f05034b5965784e84d860c88f1d2a |
C:\Users\Admin\AppData\Local\Temp\iUcO.exe
| MD5 | 5e73c33678461ff431b508b96939e90b |
| SHA1 | 3190a9e1c0e03014587c49cadddc06be7a25a6db |
| SHA256 | d80095f981ca0fd82d0908bfacb38dd789872664e20839da7cc6cd8945ba783a |
| SHA512 | 081e7d603877f49d6de7ad92fc0882ecc53f28a419baa8256bce5d000d14e8c41a368cbf36433489fd08622f4472e296c7d9998629b9c0c05e62ce5817828f8d |
C:\Users\Admin\AppData\Local\Temp\mIQq.exe
| MD5 | c7bcb0416ea2d3fe85f01b4a242636c5 |
| SHA1 | d217feed2e5ec427454d78e24b78c99b80c955b9 |
| SHA256 | ef7f6cc9ba9d6d5d6f119414cab67fbcc731917dbdbf7fc07a74b20982594bb2 |
| SHA512 | 9adf45b765d5b5c6d1071c22e7dceca4ad9a579d6ba724cd81832bdeb3451923db732b7278529963dbf2b6c323a55bf16ba3abcff0cd7c3e5c75200753dfd1a6 |
C:\Users\Admin\AppData\Local\Temp\Qsss.exe
| MD5 | 2ed1001a8c05766c759bad1fe0ef44b8 |
| SHA1 | a9668123a6c856372fcb749635e84668e61d2842 |
| SHA256 | dc58993089d4717dc9c94d451c2800dacf9bcfebdcae0814092b4205db7ee9c7 |
| SHA512 | a6ecdd0324e2e7dbd8581108f13b81dfb409646a0e7a9061cd535cec3fa31fc26b5db4b46766b495f0f5e12221a09ba4fa8414bd6a382d0b6dea3810ef0a323e |
C:\Users\Admin\AppData\Local\Temp\ggsg.exe
| MD5 | 8d8a5aa3469e9ac9a900fd6513681d5a |
| SHA1 | d1d2645c5d2cc7d2d98254186ad36eebe3f63caf |
| SHA256 | 951e3ea004606920cb88eb79e6512c0d9f3aecd60ef80e75ed6a099b9654f229 |
| SHA512 | 9d2b3d4261b4c6c00955c3a76c261c44ff6571577ebefbc788b32a877804fa767ce440b7671f65a78597f7f4b4c86c7f4f16221b6c8ba00a283cbd0ccba55a25 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AppWhite.png.exe
| MD5 | 1365289a416533cfc8ab539459288689 |
| SHA1 | 1af219345e0db4e7d9e62580f2230ced3d1c745f |
| SHA256 | 946ea57c740e73faa3b2a51b15d184a77ff88e60af1b8c38729b7341552f3e0d |
| SHA512 | d55e00fa1419d65e90a3d34de82efa09752d34e4a6c90198aa9e871a90bd2c83ebb64fc0ac7f38057b93c1bf8587da0780df7f96c94cb58cdbebe6fec6505f3b |
C:\Users\Admin\AppData\Local\Temp\AQQk.exe
| MD5 | dcbacf457ad5ca3f0df49cd6869d870a |
| SHA1 | 1fcb5b4ee07a23e622e1ce2ae2f3eed078a2bfc4 |
| SHA256 | 11a40c4c32276a38b7caf858124bdfac683892f1a45834968e096e4f19092ffd |
| SHA512 | d51aea6764224b51433d754936bfb64fee3ba3392f688f255f3c36d0d62ce72007db91713b72e4dbaff45b838133920f1a8312234e37b1283a829e5d99c6a447 |
C:\Users\Admin\AppData\Local\Temp\GgMg.exe
| MD5 | 1fc43b06c79a480b0c7ca24e9d9a4bd0 |
| SHA1 | af5de494dc526d3e45fbb646a3a9094856c079ea |
| SHA256 | 207d6db16b6f6a85f1acd60066cd31daf8c24f8046ab37b2fc5619b0386c6517 |
| SHA512 | 8cbace0958b8c9b89e47cf1cfffe3f6d55870bd193819edc59aba8bdc719312e0dc4f06c2816fd7dc47c45d8bc4b9012f81132c1aafecf1a0747c802ce256f0e |
C:\Users\Admin\AppData\Local\Temp\SYMq.exe
| MD5 | e08f1c108ccb74f5109e3f0cae465832 |
| SHA1 | 5d2f04d4c84b95c7b7e77e2a69a77ed6bdfd5d1d |
| SHA256 | ef626a75e0ebcde8b5c3ae29fdbe7b3bcac1050f693872aa48fa94383738bc6d |
| SHA512 | bc563bff42afd55edfff17e25d87a4deb84d74ae14219462d4dda58068a9d81f3b5543e65ae402ac8d9717de8389c342141a8da1875d6c55657ce7b1e0606e72 |
C:\Users\Admin\AppData\Local\Temp\UooM.exe
| MD5 | c362067937101b1dc0b5250f6b7b7b8e |
| SHA1 | 65378e05d96bc0cc2d6f1059f2d85531169cc876 |
| SHA256 | 4b8882c883c28cdf978a0adee7ba7f344d58aa8c1e79b00324ed283a952cfa6d |
| SHA512 | fb2cd45a6941fe3b24d31d3b0077667cda77071b65c2a6a578341e7f28c77ed8ec6cd8b39f0ca1ab5ceff061458b8ed5c10c1c2f1bd515559838545cbee5894d |
C:\Users\Admin\AppData\Local\Temp\EgcA.exe
| MD5 | 52c6fa501e69de5b2a65db0e70d848ba |
| SHA1 | 16b03d873f2ed555c20b942ef7c9133ff1a6e2e2 |
| SHA256 | 8c396f23439264d82b8cd1f8c2e699c5052126e476d0a14d102232b468d6f445 |
| SHA512 | 137e2928dd62da354ce5628ae3ccabd25e8d5f558125fc3805b46913bcea8547bb585c78c46d0d512da617b70f478081ec374645a8663b89b7fdc6744c281806 |
C:\Users\Admin\AppData\Local\Temp\Gckc.exe
| MD5 | 8dc958d90959e1b69413451de2077f33 |
| SHA1 | 2a01a48d2afff94f80e61359ab0c61238f366529 |
| SHA256 | d57a7ef57869ce38b34b66df511f0627402987809e451d4eb6575c68ab5ec2df |
| SHA512 | da4768faffb8a792625519ca391afaa97417138cfb584bab782241d5e35079985e9f723f90ee024633c26fd0ec0f0271e535bb6e1469a6add51ea7df6f2ca6fe |
C:\Users\Admin\AppData\Local\Temp\OEEi.exe
| MD5 | 232da2cc8ad09f44ea517c3fbdaeadfd |
| SHA1 | f45df1bde8d1d25231719542fd0b681558740cc4 |
| SHA256 | 09173f93689d78fabb92b549f68d777cf73f838333b53e0c1d2ae12a7c3ea7bd |
| SHA512 | b7d7c53aaf4e65a922a3ffb9164d75638191ebda0deac5fb44ba337726e440f0921de5cbd5789fb4a66bbf4ac352692dc9835bf5754e91d712f9e0281033a5b7 |
C:\Users\Admin\AppData\Local\Temp\WAAW.exe
| MD5 | 0837c485cab608d22ff52a0439215551 |
| SHA1 | 0eca30b7e1bab3c2b863b2e2924d756ade11d03e |
| SHA256 | e66f4073debbe50a85c8877e9223b906539a208d6d9f61440493d153deee2fa0 |
| SHA512 | 9e9daf374cb2cf72b53c0780db8e3827cd20eb5eea1508dcff2129bec46893b5bd6ab008425226a2ff0198b95f932f1ffcdff64304a0b34bd6a97d99e7a80104 |
C:\Users\Admin\AppData\Local\Temp\QYwu.exe
| MD5 | 378e7da43979781e35e9dd3d3f9e1f62 |
| SHA1 | 6969e218927ea7229322cbce51152a72c0934a1c |
| SHA256 | abd001a396885f0fdf39a28360574d0eb051fabb6c897c5f6889e7246131c25c |
| SHA512 | 0e8f367ffb194bd64c0f1e7590048ebd1c90dc116f0e166380d2db0f3664b19dacfe24a6baf67d905124ea691cf9575f82d8af4f76688c32111d5355a707299b |
C:\Users\Admin\AppData\Local\Temp\MsQe.exe
| MD5 | cab95a432902074e8df652b7e927d59b |
| SHA1 | 0b5f6fd03a702cf17c8a32858bfbe46bccaced82 |
| SHA256 | 1f3cbd65e321e2ed5a2f3a9cd9777849edd0c1dd966cc316563f16992deeed0d |
| SHA512 | 704708776efdb56e49eb486b2d518c6e31b835f888e9b1b79835283e2dd731e3558bbd980c440d7642f0e23254afa5bc2985b3e26b2be90e0b18906f4aff6bde |
C:\Users\Admin\AppData\Local\Temp\QMwS.exe
| MD5 | c680313b10db60286e32adec49304c86 |
| SHA1 | ee73bdb72713ef0a8fa9e5345aaeced8f60ce560 |
| SHA256 | ec1e2a7c8c8a2ce4eb9794a0e81b8fe709c0ba597cd8bffff4f7d7ab211ec78b |
| SHA512 | 3455081d4335a57d6ac70ca781e9293a7bec38e47189b664cf23a108855948e1b9229c1dc75898215d434e17991a98b9759f674b63cb1c53e63a506014ff6c1e |
C:\Users\Admin\AppData\Local\Temp\QoEW.exe
| MD5 | cf36e434d83daa65453a369e53f92cb1 |
| SHA1 | 95f1a85f4618ba692bbd63ca3cb30207e93545bd |
| SHA256 | d1a050ee62ef8cbd45132ec37cb02ead486e71151b44f12c9576303534c83deb |
| SHA512 | 83ea4a121274adcd46c932875816e514b96469b885ac406a0a66768ef3ac3b11f4cb849e9a70516bc46d96b35696816d7a5d40a14293666f412ebd7be4b40018 |
C:\Users\Admin\AppData\Local\Temp\ucwS.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Temp\OsIu.exe
| MD5 | f9651d138232d148219decaa25e9ddb6 |
| SHA1 | 21822f4f190e015a23b4018c0de4e247f1cc4f21 |
| SHA256 | bcf2692c0c37ceee249df97669000a09caae55206f4cd900c103eeffe4cf4d87 |
| SHA512 | 13b454181b5ebdabec01ac02d74a6f51d43777804ef17de0d7c54d52924ece17c008caf62cbd7ea28a2a8bb6a30d5d5ae81615e7e5f67b62734794581a9edf3e |
C:\Users\Admin\AppData\Local\Temp\aIwE.exe
| MD5 | 62581923075f6c221e92656aa794c0d6 |
| SHA1 | 3046c41737f9dcc31817d4c255b77783407c63a8 |
| SHA256 | daf631c59d33a227245f925dfef7bd1e4704f155d93e390421599a29d8f4f124 |
| SHA512 | b6b04266511f0b9cbfe2a4e900b9c8b2458fc210d31ffdfab33c191e68631d6e9154bd03fd8bd7acf3c43171326890de3edbdc43894431dcd8a40a9f56e6467b |
C:\Users\Admin\AppData\Local\Temp\QIUQ.exe
| MD5 | 8bc6527259dc6075640609cf15d674d0 |
| SHA1 | 40d3e579dd1443f13fe3680f03389a8f0d42bcaf |
| SHA256 | a07a4412d58bb47a3a57f098339f0fc5d22afd0252e4a5b5fe617cfd3ec02fef |
| SHA512 | 2368f918278a42751e3dcdf487b3e488873795311f28bd9e447b67c90b3347c5196a9fee4db9ecba814fe378ea68ff28818fb33ac3293889569fec4bf088f3b4 |
C:\Users\Admin\AppData\Local\Temp\aUsy.exe
| MD5 | 055231bcfa38d8319dd07a0fd321e689 |
| SHA1 | 1d5a24a0f57079b5fad8998afbd987a087408cb8 |
| SHA256 | c52654373980eee23687b2cb0bad7a5143f6c24c7ec8e7a15c92a0ff07c81a1b |
| SHA512 | 0947cc326edf0214d1c7b728f2e80a14169f6fccbc538ebe830bd0f71af87800b2381d9d7417a45de60fdcc18a75fa78f240e9837b41f065ae77fce8f74a6335 |
C:\Users\Admin\AppData\Local\Temp\gAYG.exe
| MD5 | 0bcf8e460b1eebeba25f6e2b8a04c6f6 |
| SHA1 | 7525ebf1e39c580f92c0d0239ff38f8bc3fa1ba2 |
| SHA256 | c16b88278d8dfa808c7e3c2ffa5b83111f512b18c8580684ab9e17ce20ca8ec2 |
| SHA512 | 832dd776df45ee01b1c2798d0549dae5886fa91117a122fcadb2d6ce851a9c87b1aaf70be8f44790d0e28f6949bfa6227ae327018086899137a663a41c2d717a |
C:\Users\Admin\AppData\Local\Temp\uEoQ.exe
| MD5 | 7bf949dfe6cee543261cd492d1b0c729 |
| SHA1 | fba15b3e7e8f22912c4e7b8a390e21082190124a |
| SHA256 | bbc58dbe99ffb54ea6ba22e814816b50a033b420c9372e689ca2a0c48398f9d5 |
| SHA512 | 13a9b8bf245077f1dc20f4490bb771d890909c49d833855cc9cc53e11625531ec34f80b2f67c3796fc9487c37f1d03f3f9c90422381557b094a0315b9940cb4f |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-400.png.exe
| MD5 | 2df2443d8670d89f2e89ba8c4300d07b |
| SHA1 | e4ac95fb354fb5249959c98d7c5dd39a3576462a |
| SHA256 | 42eb650301e0e18dc3a285a12f86662bc8634d74361daba88b3a382752bc21c7 |
| SHA512 | 8b0fbb3843c7ebac5870956addbcfeff04d10fb79be7585d4b092fad1e0676aa561d4de1cb32d1cbbf3f02554bdd1f6adff20492379ea96fcea0a0f4b5a44f97 |
C:\Users\Admin\AppData\Local\Temp\aAwY.exe
| MD5 | 7eba3e19fd1c5f6999f32b21834c9590 |
| SHA1 | 7c959d3fc0104adf4b8a23750b4e8a96bf85b001 |
| SHA256 | bb5a5e6ff516c5ab47f9ad0f4738776af07d850016cdf85848ff59dc2bf7cc5a |
| SHA512 | c620a42efcc207c14e1a1af0c6186960efa5180f4c70616c85a403f7cbe9b16c818c9fd6e080cf3f3d5d310e4ee8dd37ef71a001b181caf8de3ad9cacdd0e572 |
C:\Users\Admin\AppData\Local\Temp\uUEu.exe
| MD5 | 1965135eaf9628f15bdc0d355c6f1302 |
| SHA1 | ceb9fd23a278c535b14981871e287053a62c2049 |
| SHA256 | 0953514d88a7dd097fa7c5c680cb999b9bf9d9129f1ee314fa60944507426214 |
| SHA512 | 17be1a382f22f2a2c041b9cd2c6a6575856704c7817a52c9237eb8a3259fc05459496b2500a092815eea35a8cdbf78d7dafa3d6bca60d099dc454149bf9ff150 |
C:\Users\Admin\AppData\Local\Temp\yAQW.exe
| MD5 | 679b007cd9f2e68949493019020084d0 |
| SHA1 | 2d551d05eef45b087c7579cb7c8e3f9b0b3f53fd |
| SHA256 | 2ea6f3ac62dd33ac8e24accb128806847d86f4ed9bd692b2a1721f5dcad5d896 |
| SHA512 | 11d6bee9346af50333951584574f1d1ae57a92bd897a192ef466d114a716cca6cdd65c6dba95c29fb58133dd7abf7c420658ecf688e58dfdd2c8a563feb72b9c |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\26310719480\tinytile.png.exe
| MD5 | 03a66860d254735e0d7cb2e7b9894553 |
| SHA1 | 2add6a1633f72b26b370835425834381124446a8 |
| SHA256 | 27fe629b365f1a3923df5e59ec527ccb3da39ef13e550f0888803d08fbb17015 |
| SHA512 | b1457f895b8dd1eaaef0436f8708b927211f4aaa78041efdbc7621278694b2add611e935362bc36e85bda0a2a2b37d9e31e1d51dbcb8cc654d0df0487c2e743c |
C:\Users\Admin\AppData\Local\Temp\eAYC.exe
| MD5 | 78e922c76e6ad582b428719593dde99e |
| SHA1 | ce0c8b1cf3cbf10b9d5efe52fde993cbad19bb69 |
| SHA256 | ab921086d39dd6675b40ab5b5bc86516deac10e0082dcee18a984359fe8fe3dc |
| SHA512 | 73a0abed624d25731cd84adeedabe0794dec95061bbd722c4fae5fca5c833d05acca2ec77d59183fb13484e91b54fff1cc15ec9dd9249b16fb15cc03366a6847 |
C:\Users\Admin\AppData\Local\Temp\OsMy.exe
| MD5 | 7b4264e8724857aa2210e318bee0318a |
| SHA1 | 60f2326eb292b29f96d85ba7b29dab5e7660beb5 |
| SHA256 | e83bb0f73ae06e99d02187a4882f46fb082cb457626750e942dec471e0fd914d |
| SHA512 | 2703444a8be37377401776d9d3c8a19b087f73ac3e2da1a871fbdc74405c38d15c5923e5d26968b4c778b323bde98a0cc5c9236ac41818ad24dd63191b76009b |
C:\Users\Admin\AppData\Local\Temp\uksa.exe
| MD5 | 7b77c525fa7b463f87b1b1bf45b06f84 |
| SHA1 | 2c2d981bcc92946fee0f58cb790889690a82a71c |
| SHA256 | 174f9cfbecaad8b77a83dcce35d412b33b2be593a0df0aafab422ba6f0430858 |
| SHA512 | de155182b0c7403faa8f30f3dc859413dbda1cdd46c9c7618712d2209f59005dd86c4e0a84f8b41fe5e49b0bd2032e755a758292f2b275a501dc07bffe2f52e2 |
C:\Users\Admin\AppData\Local\Temp\iokq.exe
| MD5 | e03fe6b54833c6f63c88a5ca27c2d36c |
| SHA1 | 29c553466aa7d1fc428b5bc2774910fb27d41035 |
| SHA256 | a91c460053fc9321dff4cc7d39805e81543189d2f76544ea657ad030cda1ddd4 |
| SHA512 | 576b93d4db8f154eda6aa0b53eb0c04bbbadece417fbd3a70a06966d914bc15bca31b546b619b0010294088b6eba796e0ec6053019d5c1f7fc83336728277148 |
C:\Users\Admin\AppData\Local\Temp\GcoG.exe
| MD5 | e94085bba6b002db96ab2ac1d5428e55 |
| SHA1 | ca68437edb78212ca7f479660f7562a038989687 |
| SHA256 | a7d52ec2e36ef69c8c6a3f1fb45a9cab1966cb5dcddb54820dd9ba6c98a4d545 |
| SHA512 | f511927fb50fdf71e017bbdc6874f08ed43298133a47b63362cc6db13200b02a2805b992e1783ebbbda0fbe4f72bc257c7aeb21bd766abaee50d43f9fa72b718 |
C:\Users\Admin\AppData\Roaming\SwitchTrace.mpg.exe
| MD5 | 496dd926a7e806319119aa0d6d64d5aa |
| SHA1 | 912eebfa0437529b92b9baaf4328ec9db2704e4f |
| SHA256 | 6223bace5ca91c324e8a6f02e27b3d09fe453b21c096c19a6a3b015cdf715c46 |
| SHA512 | dfcb4158c4910150b3b792a2dc9bcd17e6377bd97926dc6a139b6e961e23d0251f5ef07f2e20cdfdfd91cc534fd84cdf0408c49f0f78191fb10134e434021722 |
C:\Users\Admin\AppData\Local\Temp\SYgO.exe
| MD5 | 3512e188a1d49cf7aca2df3c99a31a9a |
| SHA1 | 065583559882a176f5f7e1c4699efab6a802c341 |
| SHA256 | 369186f02bfd39b140d289926233ad6b40a0089fed4e7dc1838ce63abb384076 |
| SHA512 | d91dad117a0f851a7de0ec13fd8ce24d1f970465175c0fe0a1dcd72609aff432d3533ff3c547eae4eccff72f693add4e4571140e0fd1da7c1b44d3b636dbc492 |
C:\Users\Admin\AppData\Local\Temp\EokQ.exe
| MD5 | dd9124871691d8fd79523f2fceabba47 |
| SHA1 | d3661daf590ad915e45263e27e5ac3213fd45ce8 |
| SHA256 | 28da08b465f2698e2cf1411020428c11338e9a1c4c7d4efa7587da7fdba6c1b0 |
| SHA512 | e91f24ea7d9def67e75113acafd3192a5d60bbe422fd6ca84594c4539f1e95377062b77621a094b39067123a82bc21b968bffebd2a19b9385b603e311306e0e9 |
C:\Users\Admin\AppData\Local\Temp\UEQC.exe
| MD5 | 8b82f18c130882f3454851e22c6186dd |
| SHA1 | 21bac2091d37417197997c53bdd35274e91ae481 |
| SHA256 | 9d679cf84ea65663f3c76de40fad4fca8d838da68eaf6129d4f2b76b3abc41b2 |
| SHA512 | fd1b15ade2448f1e449f65103729d642da65887963994369622c6de161701f5b62de646d6f68ed99be61d16efefc47d85a694043bb75b51904645b3aa30d6d6b |
C:\Users\Admin\AppData\Local\Temp\qQMu.exe
| MD5 | 810d6ba9215160907e40cba69e3bfb8a |
| SHA1 | 3e71d5ea3db3b8bb718a708ff91a7a4dd3f27a9d |
| SHA256 | 0fd8a34355326fabcb5b00f98200c647ffe046c5da38b36ba55506a56d954389 |
| SHA512 | 5fe9d491ddabf8b7b93d2dfcf8cd16dc29f20f82368fe18460d9579e81161d675eceddb8e0dac06fecd0baa6839f0fc2b29d31e359e0c5d3cdfcb2e0b021f08d |
C:\Users\Admin\AppData\Local\Temp\QoYq.exe
| MD5 | a2ea56681c19b9bdf29e5fe4ea4927e3 |
| SHA1 | c40625a2f99961c3fc11778ecccd8acbba59ea00 |
| SHA256 | a852a0fc32d362dbcb73a6d90e73d8b41221b28355c448ce871ef0990210bf82 |
| SHA512 | 6e99fc3d2624dd906abb2e8c7c6c031e39408db84660a064bade57ac7c3e73afd718604555b72a96b59633c7c23bc9f92c54704fd04163d718cd467ba2cd7382 |
C:\Users\Admin\AppData\Local\Temp\ycEq.exe
| MD5 | f552bb069653e2f0153c2013a1d914b0 |
| SHA1 | 925ce96e910cbf2213ebb334714e327dd1bb3e40 |
| SHA256 | 128e21e8de5fd829311da1b453b4e646f49614157bca105b9bc78f83985ad570 |
| SHA512 | 0b2cacf639351f818498299f6d7c43db2227daf027b0bcdd5de67cfa6c37e62ebfe9226206adfcb85e636755db13ae646aaca95047316fec0c231c9a622d7744 |
C:\Users\Admin\AppData\Local\Temp\Cooa.exe
| MD5 | 41c8ae6318293168e8d76d6939d47ae1 |
| SHA1 | dfac682d99b6cffcbac12deffffc303d465448f2 |
| SHA256 | 6b18d674faba7b01bc45b7a0c53388897e3b33b02680644b0e66f81ad9353a90 |
| SHA512 | 7ec09f82f84e51c3cde4ad66d40c896b69fa5c1ad96d549b8662ddf831049ff1913f3ba56db3b76890b585e6fbc9a9198e2251c40110da066aa019355fdb7501 |
C:\Users\Admin\AppData\Local\Temp\SQIw.exe
| MD5 | b470709e97830ec61528fedcfda37dfa |
| SHA1 | 1ad2e04674a70dbdeb50b71ce3c45346a6412fd7 |
| SHA256 | 02c874de904b4a5454f88e1f22c646c8c8fe308aacca48bc57eb2a528c3d6e8d |
| SHA512 | aaff532545b8ba36fcdfa3b1c33e15b0d70b309ec8754b10f1c550943abd3f1308cc40918c2a535608e756b3acc7caefa9bbd576654653a199b93421e3607af0 |
C:\Users\Admin\AppData\Local\Temp\Sgcs.exe
| MD5 | 949bac7b3b840cf1fdb8bd94b0f951b9 |
| SHA1 | fa247f09a58ff9bbc31eda48dc4bddff68d1dd51 |
| SHA256 | 8dafd473f6fc1f1a98bd47b6c2ad7d4461cd4d52af83a9a2eba091f6b2bfcd1b |
| SHA512 | 1b9652061a55e6f1c0f01837a847cb6291ff262361ed85555aefdf0a553fed12d495e8d7e69036ef9e95511ad25784e2cf76c88bcc712e9a0faf346ef2725135 |
C:\Users\Admin\AppData\Local\Temp\SgoI.ico
| MD5 | ace522945d3d0ff3b6d96abef56e1427 |
| SHA1 | d71140c9657fd1b0d6e4ab8484b6cfe544616201 |
| SHA256 | daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd |
| SHA512 | 8e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e |
C:\Users\Admin\AppData\Local\Temp\skYA.exe
| MD5 | f154b9a4f0a8422f4150e230cb6fc362 |
| SHA1 | 15a9f7029f91b8ca35494be7683ad2fd0a623e80 |
| SHA256 | 2ab30be380222d96df35fb15d8f3a82069c5b716875033abfe835c72eb2028c2 |
| SHA512 | 8304fada0d40ff777e2ab3ec004c9a92212efd4938d638f64ca405feec1898b5017fdcb863311572ab31dee9cae159cdf7eb0d8b595370f0c8cb1cbd2973ad42 |
C:\Users\Admin\AppData\Local\Temp\kscC.exe
| MD5 | d6c840c638fb27ad136fe2e6bb3b9bb7 |
| SHA1 | 2b204f1109812ac1472d24604e97163547fd9773 |
| SHA256 | 8bb58446aaa4a076be38fbd4616124d4b29370aae805c85f3ef6101b99fc41d4 |
| SHA512 | 2d49de6d249f6911cf140e0e8a54324c69fc441c9affbf5b3da761671bf81269fa691c3e75049d123aafd7bd7718eeca9a772e88e36abfc6090912c8519181dd |
C:\Users\Admin\AppData\Local\Temp\ggAY.exe
| MD5 | a136ca4ef3fa80bd06520dd1fdbcb4f7 |
| SHA1 | 705a837d4a46d9bc395357d43f3b40a867b42663 |
| SHA256 | 01cfda96a5ccc1acefc14368afcce48b3d876582f9f55822927089c96ac5fe0e |
| SHA512 | 604e4403858f0b7322c0d0a443180f5882c29101fcbbdfa6f1609c12a6e7c621ff88d4c75e610da60a4f42db5f6f750d7e755c227d3f69ffa28d7548d9829a1f |
C:\Users\Admin\AppData\Local\Temp\uEEU.exe
| MD5 | b0a0c3e152b1f80cc99ba52cb17a4fd8 |
| SHA1 | 0d92dab840b2ebf2787dad570b0b804251f37cf0 |
| SHA256 | c8fc7033adb48a8187a4c2e6332a5b69cd0f117a5ae12fe3cccada5baa253e10 |
| SHA512 | 3c20c6d517503bd50a255edbdaa02f6edd7dd6dbbcd5ba97f410848f0eceff8ed1b1bb8f19966f38d459f935791f8b97bae5ac88fbeccd81a3a0fd080bd8ea88 |
C:\Users\Admin\AppData\Local\Temp\gkQc.exe
| MD5 | 4d2c34f3a474a49974377bc4f327d812 |
| SHA1 | 63ec6b1fee0d1cc0f2e99bd7a8fa60508ccf868d |
| SHA256 | 1e1d4d9f5418f32589bd012e448787cc4778fcaa8e4dd7359e92c81bfe1bb20f |
| SHA512 | 44ab238422535bf303dbbf149d3c7b2ccff37e95d171b0bf3d8b339143b1294d1b2c2aff6832d1e0b5c491f6ba4946b5c6a725b84b4382f63d63ff3d210425e1 |
C:\Users\Admin\AppData\Local\Temp\SIsc.exe
| MD5 | 9bb630bc40f236bfd896cb9e6b38a64f |
| SHA1 | 2ea70712f2cb5e40eb0f65bb7eb5504968bf8560 |
| SHA256 | abc05a18d6de86af07beae3544ccbdc1b6752215c483b4477215319dc428899b |
| SHA512 | 6636945e4da22c2d19c1cf2960b2dfd89afbca7ff7645bcc22271e3a5b48c3963c0959d3b7490a888fd40f6101028205d3041be452ab24b4a9ffe8395f8f849a |
C:\Users\Admin\AppData\Local\Temp\YgUm.exe
| MD5 | 7ca056671b129ecaf5e467c3775724ee |
| SHA1 | 64dc92d2b84451efb92dd3fc58fe53bdca2be1ed |
| SHA256 | e674cd548810d7746886063a0aabac6447ba26a5767aed5689748b5083498594 |
| SHA512 | 7d29827a1f826145ca7aec904f06e5128a7878a9ea50b080f8013e1b0216eb3043befb687378643cbef9a033f8fdd2e48e680922570e50f01037673ba669f303 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.exe
| MD5 | 7671456add01a464db67e06232c94e31 |
| SHA1 | 9e28c2206a93e80ca2151a3bcb942e804e07a3bc |
| SHA256 | 60fdadce0bed6225c23424c9f8cb66210dc1a7c70c2f5bfa23c29c8252d8f17a |
| SHA512 | f3663913e2fa6e4b3f3d78a25d463abffaa33b8d78e2040695c13a06f18c314a6ea81854242ff442a49d7de664f741355ac7c15bd63b293f2418799edc517019 |
C:\Users\Admin\AppData\Local\Temp\UsAq.exe
| MD5 | 5496fef629fff4bf66f731b9c2420165 |
| SHA1 | 8bdf3060424c608b12079fd3514e56a18537efb1 |
| SHA256 | dee243324f5e7b3f758bb269dd8bd6f4f5b20cdde90c210c44ef05d2ec063838 |
| SHA512 | f0af383201cd2fe75d1682371239d27f36c42622eeb5bb818a86929b7ddcd65dc877ba8519094891550efdd797c4c425dc31923a966d068db0e81de9edf91155 |
C:\Users\Admin\AppData\Local\Temp\WcMo.exe
| MD5 | 0e3852e160bf60d54c3bc25f1594cb45 |
| SHA1 | 78a62c52fdb27ce040d85bd745487964c1faa557 |
| SHA256 | b2fb4d82e6ee6338f0d70be1b18062a1c1423fb4c05af471835fc3a043d77571 |
| SHA512 | 0f7dbe53068695af4ddbcc3618482ce38cbbe5499c5b20df8d31a63dbd38b0a77037c5f49785168b9c30574b3d959b173cfd3d0dad1df0200cd66ee2ca3f84cd |
C:\Users\Admin\AppData\Local\Temp\ysYI.exe
| MD5 | 361a62885b9d72b01895dd64c3257aa0 |
| SHA1 | 351b6ebe422935d35533d56e595b7a0bfce85de3 |
| SHA256 | 054c478c48891f6f76b5c7595e82972d8aea6dc348e81fa3b2e256619697ffce |
| SHA512 | 510934c974c448805b338e5a7083205bc5f67cff006d54c43c22cad833c5d58039ecc6a703054f2f032d7eee17a63fedbe783dc9411e7de6011e84cf3c72ef3a |