Analysis Overview
SHA256
0a948418020958101baed862d3f0f1d1db28567cc58a8b0b9a40d689aeb15e8f
Threat Level: Known bad
The file 2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock was found to be: Known bad.
Malicious Activity Summary
Modifies visibility of file extensions in Explorer
UAC bypass
UPX dump on OEP (original entry point)
Renames multiple (87) files with added filename extension
UPX dump on OEP (original entry point)
Deletes itself
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
UPX packed file
Reads user/profile data of web browsers
Adds Run key to start application
Drops file in System32 directory
Unsigned PE
Enumerates physical storage devices
Modifies registry key
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-03 11:40
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-03 11:40
Reported
2024-04-03 11:42
Platform
win7-20240221-en
Max time kernel
150s
Max time network
124s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\KugUcMYI\nIkwgQgg.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\KugUcMYI\nIkwgQgg.exe | N/A |
| N/A | N/A | C:\ProgramData\ECYYoIQY\UoQwEEIM.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\UoQwEEIM.exe = "C:\\ProgramData\\ECYYoIQY\\UoQwEEIM.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Windows\CurrentVersion\Run\nIkwgQgg.exe = "C:\\Users\\Admin\\KugUcMYI\\nIkwgQgg.exe" | C:\Users\Admin\KugUcMYI\nIkwgQgg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\UoQwEEIM.exe = "C:\\ProgramData\\ECYYoIQY\\UoQwEEIM.exe" | C:\ProgramData\ECYYoIQY\UoQwEEIM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Windows\CurrentVersion\Run\nIkwgQgg.exe = "C:\\Users\\Admin\\KugUcMYI\\nIkwgQgg.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe | N/A |
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\KugUcMYI\nIkwgQgg.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe"
C:\Users\Admin\KugUcMYI\nIkwgQgg.exe
"C:\Users\Admin\KugUcMYI\nIkwgQgg.exe"
C:\ProgramData\ECYYoIQY\UoQwEEIM.exe
"C:\ProgramData\ECYYoIQY\UoQwEEIM.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ReUkcgQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DEogIcEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\msQkckog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eSUYMwkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YasEkEYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ngIsAYIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UcwQoEYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UAwYQAAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hioUYooU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "13049230491699223443-1534842780587935857-20660286321453587969-1008503816-295019298"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1387502174-1809383503773113780369651906524637295153864835216159688531256306737"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1690861738108166748534812822-1637751843-1629837362-2026801901263688041-2076603899"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nYUYQwMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ACUEkwAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-552611793-1042887880-774240560-18085289281475922683161618989517368255661643700606"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NaIAUYYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2001515542-1630881160-6666113949129084134711870431717165140-989100021-421667768"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\piQoogYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ncEUMgwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-598236359-17215523161496414196449690018-14910377656562281052125075043303767801"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zcEkAYcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QIEYQMgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-116044673613480677151161828265-785252581-142791030-7661412313780374621789980075"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1907384248737199082333269269124622077520392532982738678403123276461003419126"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JmcEoYEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "727745580-1859909793-1281666379-18021219901267761737-1595812777-11572413661832040752"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ayMQYkwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1457707918118777919481274292-960760263-1120058800-5773257052000348749-1105968352"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nosoQUss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PQoYIgQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WQMgEsQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-9216068071707711488937419187-1595772917330052304-1098944966-224630667-717748089"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kqswAMss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1116244869-1261105237-328821897419725192-10821589871077798313457306736-577229753"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zwgMAQEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-16360815752040769532-1317041449-1654603551-18975761331950420045-1386842500-978310695"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uWAEIEgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-14249641652058381148-133423365110255627748203409771151664948-19270988201638190473"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OOsgMUEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XMckAwYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "337105382-590698994-1782279060-105052335560925761740735941-11061369781460139245"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-338620193-2009763348-1064201970156230785425128572620206355372052986053-1683103896"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SUoIMIME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-317497873702186015-1250560051-1664611719195485515-1869567497-1479303305-561703719"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fMIIAcYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-182444573019159715502092003097-1251939625-992726107-200389861113853236191395403427"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| BO | 200.87.164.69:9999 | tcp | |
| NL | 216.58.208.110:80 | google.com | tcp |
| NL | 216.58.208.110:80 | google.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/2012-0-0x0000000000400000-0x0000000000436000-memory.dmp
\Users\Admin\KugUcMYI\nIkwgQgg.exe
| MD5 | 50df4e9cb20c8965b0796a38e2b72c68 |
| SHA1 | 31c61c7799c8d09e727db04074f65a7e662d46c6 |
| SHA256 | 69e578677cca0c6c16190daa72c9f3e9771e628d146fe6cbbfd69d3b37599605 |
| SHA512 | 92aede80f0d14138439cdafbdd0368fff3bd1f42c4165e6fd067171a7cde897a1b32782989f2ea76ca7c28d1e602f0b9398a70dfcc0cb5cd8392008146d91420 |
memory/2012-5-0x0000000003DA0000-0x0000000003DD2000-memory.dmp
memory/2604-14-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2012-12-0x0000000003DA0000-0x0000000003DD2000-memory.dmp
C:\ProgramData\ECYYoIQY\UoQwEEIM.exe
| MD5 | 3a43ae110d8bdbf1be9a54d98d3ed359 |
| SHA1 | 1e60d8d1f8a8b1631f2f11b183f70047fbbd6e82 |
| SHA256 | 3a742177a145023c91c08da114bed39c25079316b8e452b757cfb96626d301cd |
| SHA512 | 607a7f9bc7b0dd27d909764611a298fcc0377c54884ee9e7d56e9c0d0e6993e2e30067e93bfeb15ffe55bc18fe76fd9c7cd9e5b8321fafdcfc07b0bbe3d55770 |
memory/2012-29-0x0000000003DA0000-0x0000000003DCF000-memory.dmp
memory/2544-31-0x0000000000400000-0x000000000042F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rWocoswk.bat
| MD5 | b0cc491e42d1da2b7b98553c3c2ca0a5 |
| SHA1 | 500459590851436a02a24e6a4a7046f73b8d8bb9 |
| SHA256 | dea0c44ec0b907133f146a2091016064635c1a95ac97c2625d5dbc3055bc03d6 |
| SHA512 | 314d9e32e9158e858b9aaf5df2070a4f4ad048f791a1685ff7b445ae26afcf085bfb197e302c519da610d69f081595269cc9abce0a7b64eebf320e05d9351da0 |
memory/2736-34-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2520-33-0x0000000000270000-0x00000000002A6000-memory.dmp
memory/2012-43-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ReUkcgQM.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\QyIUYYsk.bat
| MD5 | f03160135653d60399c48ba0719e6310 |
| SHA1 | cc59fb24131b136a2d4a4d17492ebee785ba95e8 |
| SHA256 | 90239bebebee64c0da96d0a02e0d44e0d1a7233ea4f60477183891b2fef0360b |
| SHA512 | 4cb7481afed5696b72f99602da8ecfb1ed945292d96bfc431832fb935ffb66952234b51923660618673be642da7246bab3442c0998ab9b6391c438e5add042cb |
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
| MD5 | 8243501c8bec7c2fabcac8cb47d98048 |
| SHA1 | f03c28e2f966b10efdc0eafda6ed6d3ab14b7d43 |
| SHA256 | 4f5230f4e5338c433953dfe6fc203f2cb1936ca7ad8a9d6aed0afb583a1639fd |
| SHA512 | 5de50003977c1b5c4f55132465d0a5589a32a00f388c6c57fbc9da42fcb7368578ebb6e9b541e2656dc07fb9c0a77cea75f990316be67ed5bffeed47385a5aa7 |
memory/2736-64-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1180-66-0x0000000000400000-0x0000000000436000-memory.dmp
memory/436-65-0x0000000000120000-0x0000000000156000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\WSUUQsgI.bat
| MD5 | e6ae5c26e51f2155d8634057677d287a |
| SHA1 | eec810c433375890220d13a0498847cd9673c8d0 |
| SHA256 | c8db120f6453e06a4dd6111ef1f83a21fbfddefeddd8d33f354c407cb4f2ba34 |
| SHA512 | d1825ec4781a9362c316c9f99d7decac513559dab4af3b27be5ba0c20a151eda6d617251e71377f8d04b9f4d1f1ed9ee20831a942c28a5bcc8d76a6d02023dd0 |
memory/1180-88-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1660-89-0x0000000000400000-0x0000000000436000-memory.dmp
memory/840-79-0x0000000000180000-0x00000000001B6000-memory.dmp
memory/840-78-0x0000000000180000-0x00000000001B6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PkQkIIoo.bat
| MD5 | 148c8f5f6faab9663fa97fd245d2620c |
| SHA1 | 9490a34144f8a189a4f001f861f19175dd85baa2 |
| SHA256 | 5b3e080e3d2d558cff7ace1bb5b909a977625723afbdf67cf94ef62cd55eb21c |
| SHA512 | 8dd7640f68dfd322dbf68caa4f53e705a08bb410a6ba5fde81c398405cef91083c97ee7f27823014976f3518f3c415ba02935286035b5d88861305b4c340ac9f |
memory/1216-102-0x0000000001F00000-0x0000000001F36000-memory.dmp
memory/1864-103-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1660-112-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TIUIskcQ.bat
| MD5 | 2ee80b78aadf3e5459b9dde7be0a5e90 |
| SHA1 | 277a3553a61b3269f6aa3679db7d661160b536a2 |
| SHA256 | 3ade4ed1c2d518480907cdb4299560d73240a13e66143a09d19a39d2087aa155 |
| SHA512 | 63ae02aacff22ccfc6bcbc7c72e9dccbad0373539b2cf6a0b2e200f0427c18437bcadbc973278dfba6db0db0a3ab06e55f6e6d42a324d48d5cd97113a5e12e5d |
memory/1724-136-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1864-135-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1404-124-0x0000000001FA0000-0x0000000001FD6000-memory.dmp
memory/1404-127-0x0000000001FA0000-0x0000000001FD6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\eEUUowwE.bat
| MD5 | d55dd76918a3fbe917a7545bae493337 |
| SHA1 | 3957f185aa8db8c91696803576d07e8cf62f2efc |
| SHA256 | 35b511e14809576be6c2b10ef935017fbc8a1917a02386c9cba1dbb33063df02 |
| SHA512 | e2f6b32d7d093e9797521f6085ad8be4089e3a0f420e1f6f81eff03281259336c95fae66de33f9d9590ee393907f47fd1c81195530a2f82424a2e3841f05778b |
memory/1724-160-0x0000000000400000-0x0000000000436000-memory.dmp
memory/576-152-0x0000000000440000-0x0000000000476000-memory.dmp
memory/892-161-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lsYoEAQs.bat
| MD5 | 7cf05ca735b81fa30cfa98a930096646 |
| SHA1 | 28b6a25a85e5cbf6e2206d35625e7e263f9a8f08 |
| SHA256 | 74207468ad1e7e1a262d8ce8f423664692c47896279a6b542686388ba6f4f73a |
| SHA512 | 770dee0eec1e3615076ff027837a5d94dcf9b54eabb933f7c2233e22d6b8c1da191dd7024a25aa0182dd7e8f8b6e297ae522d650852e9cca82aa4108b94a2faa |
memory/2500-174-0x0000000000410000-0x0000000000446000-memory.dmp
memory/892-184-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1704-176-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AeUoMsQk.bat
| MD5 | 941229c0d83e1e2a98e88ac33db8904c |
| SHA1 | 91e00b917b4ca872524189f7b367959f11625168 |
| SHA256 | 92514d84977fc6f396ac9cae4f607ad9a31d93a551dc3a1a1865e0987bb5ee93 |
| SHA512 | 6431c25425e38bebeb0b7130873ff9e0d6e545406363f5667711d05c87918ab94c2341089584dffda60cb866b3b508b3d412079f305fcd312e7b38d678d030e5 |
memory/1704-206-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2672-198-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2660-207-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\xWUMYsMQ.bat
| MD5 | c922d79d51b2730cd8219088d8fb203b |
| SHA1 | 6065b917d702d5454002d297e0481fda80d4f932 |
| SHA256 | de87e0d1e00fd91335a947d74ebb6daedac1a65473dbf4065dc40e0e8248ae00 |
| SHA512 | e22f7f1c96092c373b4f85908a3489cdfa8c413ad7051a967d05c999b9b158e791c0e3114195db7c91c3888a39c3f6a1fbd18486e603174c9d8b7c46c69a3abc |
memory/1760-220-0x0000000000120000-0x0000000000156000-memory.dmp
memory/1096-230-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2660-229-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\HckgYYEw.bat
| MD5 | 2642a9e6ab8e939033bfd370faffebd0 |
| SHA1 | 3b8d20631857afc82531378e298c6a152a03a28e |
| SHA256 | 7f91836accfa15a57584b125576d551fec915cae707b16fa7e84b128dacfecd6 |
| SHA512 | 83345b60dfd20574425b97b50cedb066a302b1388749f8ab8c9722fce6e10d4955c7e229cdb237de411ddc3cea1f2456681b6affef514e2616c9cd62d0b415c4 |
memory/1620-245-0x0000000000430000-0x0000000000466000-memory.dmp
memory/1096-255-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1620-247-0x0000000000430000-0x0000000000466000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tGIogoUE.bat
| MD5 | 7d5f3f0eb73ea1cb81dfca44df2327a7 |
| SHA1 | e07c086371f3073e4f289b0437a72756a78534c6 |
| SHA256 | fc5bebcb6ae52bdc8f7d8cb52868f77c6a0b5af5d17e3b843a9cd3942bda13ed |
| SHA512 | 445fbe552992e60b92377bb805bf55678d95d8242110c7efe0367b71a44144d09cee6c855ac65e5e0f5bc38ed2e8fb2879b2f01d8472914e4b36c6f8c5793f24 |
memory/2972-275-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lUIAYQEA.bat
| MD5 | 2093734f153f16def6ae793e0445461f |
| SHA1 | ca17798142c8b16b36838222b8686833207457c4 |
| SHA256 | bbf537d6031d1d15ce27007a6de3add2d86c7c24a099c97ca6433ee7101f9a92 |
| SHA512 | 3b7fb8871bdb21dfc2f1aaf2460dde25f91529d00036e23922c6197fda24355909c8a4f449a34eeb540286b2d3ed1e44102ed5d4f4d56a209e19a9bde2e18505 |
memory/2900-297-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2788-300-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2128-298-0x0000000000160000-0x0000000000196000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gAcooYAw.bat
| MD5 | 0f2e2eebbf09a8b0d5f8bb9042f5fac0 |
| SHA1 | f5258c105c162fd2a8173a004b7a75454c37bfc3 |
| SHA256 | 99c296dfc14caf7ac895b7db4d9844f108548650a678ee491da56315c5857d95 |
| SHA512 | cddf5759f71d01ef6d81ad0ff67e30f55e67fc4bb76e613e7f6a28090f69d2f5d3320573a121f85d2fb10b74167629e920f9e03073fe9f41de871c43255d053a |
memory/880-313-0x0000000000160000-0x0000000000196000-memory.dmp
memory/2124-315-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2788-324-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nCooookA.bat
| MD5 | 09e7c9d34c9d85eb4c9ffb43daade0b1 |
| SHA1 | 2a1c365571eef14443ff8b051e5e1f3c4448960b |
| SHA256 | ad59c38fc950064a350f67ca79c516f1727a6453b356935fbda9a5dc06ded2bd |
| SHA512 | d36ace4be050db15e4f42a7b039285332b3c69a594c73abd44b1c46e237c53acbe8fbcb0735e9154f9f903ca086637c87fef2093d7f13089aa1b4289a745a775 |
memory/1704-337-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1112-338-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2124-347-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ieoAkccY.bat
| MD5 | 3ea18337c73b710232b348684e88b718 |
| SHA1 | cdd07d48f2c77c0ffa8f82a0fa954c3d2cf67f02 |
| SHA256 | 89542ebb78c8bc73f21dd7c4da3a653f51fd666ef5f63be526b609a25279fc53 |
| SHA512 | 6fdd36faa29414bad1945b8487b38984826a3ee423cb5475905e596a9d95c1a2d1c17ccb564b84c049244525d6c7854a4efd29ddc296e394b87776dd5e27f4a8 |
memory/1676-360-0x0000000000120000-0x0000000000156000-memory.dmp
memory/1112-370-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1424-362-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\eQoYIEMs.bat
| MD5 | 6a88077a164a3df03bc8ef74047c42df |
| SHA1 | 791a15064488a522b563df3197aabfc1e5689e17 |
| SHA256 | cdfca94fa5ee76113978d238aa3ca01bd8ea8d76fba82e9319f78c42f412b97a |
| SHA512 | 0b4d6fc19a5741adbf1dea778b8cec72acd1409cb6e6df5a4eecaf8599853cd8dec0c240cd619e432646d5dce0d6c58991138804f9e2b8990d45f91d6017b331 |
memory/2340-383-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1424-393-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1924-385-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EwUkgkkw.bat
| MD5 | a1d7df73f1b47968271f12bcef5cc17e |
| SHA1 | 2e5b76fb8b61b74b083b0ab66a03fa0bd33c99ad |
| SHA256 | ef5d4e1247821a4afbca3df5d2b5e3ce8dd06e236910062ced55d261c0a92306 |
| SHA512 | 78ea341fc88dddca3441adeafa5cfedb8bc4c9a2b27aeffbc5334b5e092499ead2b05c1d9bbc5ec1437e926a1aac7f5131ec059592766ddeb90b83a3b7e98d42 |
memory/2276-416-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1924-415-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QwkcEkEc.bat
| MD5 | 732927e6a19ea9947697e5408c26123d |
| SHA1 | 6bb9f65202028a93a9ea2e51f7ca2540bfc8ab3c |
| SHA256 | 2317350387253cd50f277de88e12818474d54de83fd3a4cf879342745fd623d1 |
| SHA512 | 428ca2268d4907c2dfe7821500dfa78aad21b1d989604950d71d40fcdab82743a313657dd32309f57d269dd406011dfffd3867b5495097d5f51497ad3e1c76d9 |
memory/884-430-0x00000000001F0000-0x0000000000226000-memory.dmp
memory/2072-431-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2276-440-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KqsEYcso.bat
| MD5 | cbb1fbc6c63363433a472890aa4029ec |
| SHA1 | 677c64b9ada1cae93b7a5e1dbd78e1491af32d2c |
| SHA256 | 0e29ce581f35274243d6cd0361b84c3f9cfcd354a7c168121777646278d29dc2 |
| SHA512 | 6695ae7065ead9d42bdedac2def573bd6ee9836a3ebfd3745120417161669232f28486dad90a8191017eb414120f9b964206222aecf4e996965b8c763d4fe609 |
memory/2332-462-0x0000000000120000-0x0000000000156000-memory.dmp
memory/2072-461-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2400-463-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\LYgIwkgk.bat
| MD5 | 70d33e14612544f0b428c96e61aef0be |
| SHA1 | 542c4f8fb5ab5e495fe3aa9e1746ebb0b56aff7d |
| SHA256 | 4014390b34e3b5430696f4271b34d3319ba5bff28c6215812cbdf43dd6b83150 |
| SHA512 | ea2ff72e49e18b9ba930babd4d9907d32e43596b381745c38023025fb43ea115b8b7949879f7bd33e7ba87daad0943a4a0a4f19976122015bbae4c3986aa7061 |
C:\ProgramData\ECYYoIQY\UoQwEEIM.inf
| MD5 | 1cd35cfebcdbd44f5d9062fd7b59e802 |
| SHA1 | 59d22e97c3cd1c79db81628d1c6d3d200e7b1ce2 |
| SHA256 | a558e3861610590bc41b973d4578c5229b6e047392626456994b00588d9500bf |
| SHA512 | 492505806b63ecf7664535dff0b16a11cc5aebc2b9aaec7c32ba7042d583c526391d5a03dd87dd84a4245f58f1b3da5ae84ab6317b3219d9b9f52aa093303624 |
memory/2400-486-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2644-478-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\KugUcMYI\nIkwgQgg.inf
| MD5 | 800adc6c8fe093fc8676508ee0f21fbb |
| SHA1 | c84afb0248fa02cea56faa44c6a5f6677fb244a1 |
| SHA256 | 007e11480edf1786b58e72a62a95e9cf1ed201fc1b9d708867f51b8e7d8da6a4 |
| SHA512 | 6d6c2ee5b54db7b8731347c89b1a73ad8898cadbbf779acdd57c188a444f9bf0f0401398a83f83c9a8ceec1416ed30dea07ebe67f4f17d837f8610cb8c11efb9 |
C:\Users\Admin\AppData\Local\Temp\JgYUUgUQ.bat
| MD5 | 3bc2efa63ca740547729c7c1ee74905a |
| SHA1 | 9b92d53bf941cca4f1f77df293e51824a7f33811 |
| SHA256 | a8529c0ae73937d93cc0c6506c242757171457e10f1ca3438bf24747b7576298 |
| SHA512 | 2f5749e1da905a8cfc6229dafa848fd0d94c3f3a8b5fbc1898c8cc105d38cc8ea171e266f3641a7f00fefe34ea70c2097b4d3410c0a85753c2dbd750ef9c0083 |
memory/2060-508-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2644-507-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\DEscQogM.bat
| MD5 | a739372226833c023b6440f448fc6589 |
| SHA1 | 998c1560f6f08dd0ebe0ec3ed6540e7c24a4b24f |
| SHA256 | efa613b821c340def1a617ad9a5ac448a1eccbda3c9c5e9d8f335116fb854866 |
| SHA512 | 24a58abad9eea49b0578b34653ed7a4d26232d398985c13ca4c8d69e29be5072d676305f5e14a6ccda7d3336e7306354b6805a01e13858ba11e9d3319d9425ac |
memory/2036-518-0x00000000003A0000-0x00000000003D6000-memory.dmp
memory/864-520-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2060-528-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QSkcsoAU.bat
| MD5 | 481b1d448155983b588fcf3fe415a48a |
| SHA1 | 785ad78dc8ab4315497d155208e2f590916d381d |
| SHA256 | 73b126dbaca9a9f20e7849f2df6346a440a459d579cf9d8db8a1b8146208a9eb |
| SHA512 | 016dc42a6805d4d97da8c8b05a56eb7164539f820b5784f3423ad3df5e8d4ba8b128633bb085a9d69a3da44ff1b653f8113c5fc7f5658234a4d8be8fd7e5f2d9 |
memory/1660-538-0x0000000000280000-0x00000000002B6000-memory.dmp
memory/664-548-0x0000000000400000-0x0000000000436000-memory.dmp
memory/864-547-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\LEcIYEUo.bat
| MD5 | 3b31fc03d603134ee5f1a58eef617c46 |
| SHA1 | f34e35fd107675184ff7474fa8af1a72fab7074e |
| SHA256 | 4c1f82b1e7ca170e07aac950b384abe742f0c43052b27455d9a30de23e655c73 |
| SHA512 | a4fbb7ac8cc0453310ee54658d709b04f1e564183737132ad98f2bc2b5de7127fde4ed56532c6abb0ac032b9499c1068c5f820dc87b6a885aa32618b203c91b8 |
memory/2784-558-0x0000000000120000-0x0000000000156000-memory.dmp
memory/664-568-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1552-560-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\hkUswwwY.bat
| MD5 | a22f9e18ea166f752dc3c8d333c13007 |
| SHA1 | c93cb13f028c801f6b86f601babc7f82b4b5537c |
| SHA256 | cf8c56c02b563ebcdea499a3e364e8d28e78f034d004ac29446a3fa28b3c15c1 |
| SHA512 | cbe32d849ba0bf184511d8ab54ac857f603fd2fc0a015f594c07a1157c57516d825c5ff7f185608f511bf78553d05931bf7edc410bc56033d4a4dcdb9848e46d |
memory/1552-587-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2536-590-0x0000000000120000-0x0000000000156000-memory.dmp
memory/2448-591-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2536-588-0x0000000000120000-0x0000000000156000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MawUwgoo.bat
| MD5 | 0689cf24ba9a1d08131420108486cdf4 |
| SHA1 | a2fea3fb06d3b2e510291fe4be08ac75edd19a84 |
| SHA256 | 84882943991655770e2f7a1a0f8752162c058f7f8eb003d7ffec0f5efd9d2f99 |
| SHA512 | 18781ec14ebcb50a696bc5976f7ee23d5a3a98618350d87a6556591ef1dc00e9f9c1ded7a4047b26fa0a487613c56e7572ea72901b108587074bd7fc58bbb146 |
memory/2208-601-0x0000000000120000-0x0000000000156000-memory.dmp
memory/2208-602-0x0000000000120000-0x0000000000156000-memory.dmp
memory/3004-610-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2448-612-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jWMEcYYo.bat
| MD5 | bad53446b216d5dc0055580fc1213d02 |
| SHA1 | 1afdd7d6309f8c661053c52ec50f793c297a2bbf |
| SHA256 | dc207f88047d8a0fd8e1645df0922963ce487985c72971fbb77f61b6c3854987 |
| SHA512 | 0613c9cf03e5c0fb756cec0ad5e6cd888f63ceb0169286bd49a3c4ab51e083d77bfbafb3ccf267ce5e87264344aa24a83bc05034971981dc2c9676d636bd6df9 |
memory/340-623-0x00000000001E0000-0x0000000000216000-memory.dmp
memory/2088-625-0x0000000000400000-0x0000000000436000-memory.dmp
memory/340-624-0x00000000001E0000-0x0000000000216000-memory.dmp
memory/3004-633-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BGUgYAEM.bat
| MD5 | 3fc858468a67306a23ba5dac27480475 |
| SHA1 | d2c007edc76bc600f01a155a48acbc7646a3be46 |
| SHA256 | b652ddd2431c4948a94bb5ce7829ee33d828df9193330eeff7a430639f06580e |
| SHA512 | b26e086c442f7524cee80e9a9af2c1ef3baca5fd3782147688dfa04fd0873e2e7fb87c0e34e824a53542e0b241599cdd9eb72ee0c486b7e1e71eb8c7a9ec8817 |
memory/2088-652-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Twka.exe
| MD5 | 39b9b48d0e93112efdc17650ef05f673 |
| SHA1 | 4186a5c6d4e2d1b828d351ee1c5e86e603ee6dec |
| SHA256 | 0f53f35051a4dfe49833baddad55a75dc70362ac164dab8e70392bf0f4d364f5 |
| SHA512 | 5fb81b3249db0e5b0f09152e6f97ef1d74d2b757f93ef2c0a61a11521e8b68554be7766ad92f31b06f8cabdc890a43c59f48fbae5739580075618d795f2b47bd |
C:\Users\Admin\AppData\Local\Temp\nogQ.exe
| MD5 | 2474c6ae312e974bb7c37ce4edd7318b |
| SHA1 | 316abe0010b29b9e9e83f76b9695eb9db4d5fb0b |
| SHA256 | b9a13cc77d811b6e07337d42465e6a7311c666ca762e7dfdab0606d64b67743d |
| SHA512 | 61ee3501cc04c3d3e967fe728fa8f05f94c52f7f911d7a3639fe4ed8ad76983d5451a293cb0dc3a5e55ed3df0880194800d01687c57f12b5f11f73310febcb7f |
C:\Users\Admin\AppData\Local\Temp\MEIk.exe
| MD5 | bc64f9c811c12d6cb2fc509457f83e3f |
| SHA1 | 7ff196dc72f82f22db96998b9adf5e09aee31483 |
| SHA256 | 677862398727cf57dcdaf454f808cb851267b563c0f7e7cf49c4cf4d9ccf0051 |
| SHA512 | 43d07b07022bc7ddf07c213b44f9b8a253e9f932e014a18ca78c0a0a0ab431e1a83b346e2a280cfb7ac49b15df763f2dd145c26cc38c0358b8029c8bc3582ca1 |
C:\Users\Admin\AppData\Local\Temp\QQQu.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
C:\Users\Admin\AppData\Local\Temp\WIcA.exe
| MD5 | df42003d55fc5aebc01069ced901008e |
| SHA1 | bb29d270ce890c67f244d1d7a4b7d2858828efb8 |
| SHA256 | 12ced3c1ba2c779a9662980f321306df17d27061789bfe87e0c4e4ee5e809c35 |
| SHA512 | 22a2ee28fdb18acc451420a3d08801e7396196e97244226ccd30904339ace48b00905ef5c0db65cf766da261088854859532d33d947ae21c6e05613df15b16af |
C:\Users\Admin\AppData\Local\Temp\JwEi.exe
| MD5 | 27c34b0f5af6a9d5e2f30c96fdd232a5 |
| SHA1 | 2621f7f80266c063d9ef0c040e62803f5ccf7ee4 |
| SHA256 | ca063cffd4af89bc4882de3ad9503c8157afbbcf29dfbc95139fffd0561fed0f |
| SHA512 | f36e0705b571eeddc5a02181a53baf438c08e31a597dc4883e71dd2f0ce7e44ee3105254c562232234b2222612a4033fac3dc28e57403ae78b71a9d75d2454e5 |
C:\Users\Admin\AppData\Local\Temp\gkEo.exe
| MD5 | 9f50a8727f25c3e1e145b678d3eeeccd |
| SHA1 | 05e668fd408ce678d8e316c0f65130679eca7250 |
| SHA256 | a1c77ff0076f88693ba0c6212c96f17a7b4dfaa84de7dae21a987406fce4a7e7 |
| SHA512 | 767587a3b53663d1a2ee7523f2e7d82b58d462abb4e3b938caa1d2d408ec0e31e9c087a43e65716cf0f9231ea27b0b7651768ec61bb8d7d400791c26f518d0d6 |
C:\Users\Admin\AppData\Local\Temp\AsUC.exe
| MD5 | 1bcce6338814c55cea0b22f2f6257efc |
| SHA1 | 406bdd092f65cc0eb5fd3c2aad00ee61862fc043 |
| SHA256 | 8b293b1573affc26cbfe82e67c5528c704730dacc5a89de8dc00912402f26983 |
| SHA512 | 59111c6aedd678d8577cec44253963e0b6e047bf8c31d6a4073ce62881563b105219985310e4855493e89cf30f8792785c91d06cbeb7eee7369550fefc6f78e8 |
C:\Users\Admin\AppData\Local\Temp\nUAY.exe
| MD5 | a41599b66de999ddf580a425616bb198 |
| SHA1 | 59c9192da5d0925d7f1f5809c926f71883eaf3fb |
| SHA256 | 14d164c8e2c0e6b134891b621d67a0df13ac67baa59d54e373f6cd6961b747e3 |
| SHA512 | 765390e9c3f79a14c5f83d26022f377931be75fa83c10b0e1435df61ad5f7177d960b610e237094f3c49142d04f2dbb7fdb9f66e07f890e09298656b70ffe2a1 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp.exe
| MD5 | e436e6554be1b3dec28b7ca5cde2e3d2 |
| SHA1 | 1e1b799ecbeac3b0ec34fc866b2af4afbf5c76a3 |
| SHA256 | d797e45778e20ffcb24ee7a67181a3e43caffcbc546bbba12229c89529520a76 |
| SHA512 | 607a9af88f5d5928f8a4e6ee6b7327e33989266b2c9882f7b8d4744054afd896abdb17af67202b66ba476ffe291d843d4523d9fe490383669f07a9b935a98c01 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp.exe
| MD5 | 11193fa5392ff7513b0ac1cf0f04a10b |
| SHA1 | d4eedd8b928750eda5f38fbec0491652d9c94753 |
| SHA256 | 1a4c8679775a58e47544c3ce77a6b66a30144e012777b33c40eadb4d3d67489a |
| SHA512 | fe0533dc9db33665b5fe308bb78ac4e4e5689a8254692b3c951295bbbb423431f0bc9557dabf032c58ee492561b441102f710b1d2d03f9433f5c4ebfd2ddc4b2 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp.exe
| MD5 | 2f1c88f0b1555ba9eeadaff661e2b0a3 |
| SHA1 | a14fa929f589658134c1b89bccb3ed619eb4bf87 |
| SHA256 | 184a1968ed46ef2040e4242f13063a79f41d26d1c05519d6610041a9bb93df32 |
| SHA512 | 6355110ac8cfb5d99542cd71fe840b64bcb1bfa131f744aff5b9792ac50eea68240963e43753c15f6188896c53c27e7feed9eef139e853d555a52e703b916855 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp.exe
| MD5 | a86d6f040be4a8402ac0b8a277074db4 |
| SHA1 | 60b692fbca2cf6d1160b1ccd0b30cc5eb72f84bf |
| SHA256 | 21c62475a3137201fbb5e04f22c55c3bf581500ddbff4fa4a38b4c886681f881 |
| SHA512 | 9de5ceaddd16b229505e6310d67cc409d29eae4b59c63e6d7d163b2f01a38870a8ec7561ce06d503d7a7780b41d88a73863a6cc1500edc00d9bb744894c6074b |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp.exe
| MD5 | bcc8bf3201f72bc40e5e3083efd33cff |
| SHA1 | 939e3dbc4d8e1720b4544bb7804efaa563402428 |
| SHA256 | f3825f27ded80d790632fc2dd96cd4874d2dd5496c5417b4a2466bdc046d0cf3 |
| SHA512 | 7d1ea9150126e1c2b28846a1972e1682ea8ef625e1c2bb0b99a0d5f60f7b041e017aa4a9153edfc338fba45429b2ab5e221273eb9265059a5224cc6747b309c7 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp.exe
| MD5 | ce1509e9243cb5fd32b104759c8c3f2d |
| SHA1 | 77067179e0e99382ad3cb0454d54f8e84e0072f6 |
| SHA256 | bd29ddd4da80717d2d9cb637f367092f99fec4607efa51c4236b1c61d0fa7a01 |
| SHA512 | 97c349681ce2d3edd759e313152b64dad491ad69489df2fc040ca6bde2ff6711a9226d5bba26fb513e4f6f647a9edc9a5d8b961dd874b4782eb0f3c12528d3bd |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp.exe
| MD5 | 1a9f066f8fb033556ef897792346748d |
| SHA1 | 26ba1b87d3b6531b3ab41f8b18fb506e3b45c3ea |
| SHA256 | 7b9fed9454896eb9ed6fe219c94e2fcdca2dfe0242cf66f940a49d90788d0f4c |
| SHA512 | 083dc959fc45111b4004d01a4f81232110234d2b3a5fd194493cdcff27adea8380cfbf77c3bb4fa03c0e76d3445897dbfbbeba54e085ee082586f4a30ff4a614 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp.exe
| MD5 | 38ee9af9e5b771a5be8f5b6b17882df6 |
| SHA1 | f9bacb9d61e23a0df6bf107197e64c823bd5be76 |
| SHA256 | 88932812f3369b3c9b7db55a4948545d238b0102a9202b6ee7e4da325ff67f15 |
| SHA512 | 443736d7384b57675312ee729407f6c455139d3af2b515b379289c5da0fa4df37fe46a2eb570d6c53a12b6d71ab7173396af9e95c8292e95353329ba4a2ea283 |
C:\Users\Admin\AppData\Local\Temp\ioYK.exe
| MD5 | 1f5a74e8e867d8e7c634ef820a16abd0 |
| SHA1 | 846da91362b16302750ca1378ae25c36cbf1d98b |
| SHA256 | dd7aa8c912bc330695e08b84527f2759288666299c558517e05ad34bc4450fed |
| SHA512 | 06b72bb3102b71062e33af0ebcde74fbced3fe2f2d81142f72cbd7a813b4ddd2b11d9d7c74bbf77d975eac9078f1ecab00aeb5f81683e62d99c9b73ef0dce70d |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp.exe
| MD5 | 0b181a6d09f59d075e092d742cd1bbc2 |
| SHA1 | a6cc95269c4d36fa79bfcdbba19bcc455df495ee |
| SHA256 | 47f0b07bf93f5b7cc52a17aaf591136384f1f244f789171fd259b17aebd35419 |
| SHA512 | 07e37ffcf11c0e933f564089a38a576d4922fcfbaf1ba5d45c2b503353de783943606db9822258756fd76a322b720f1f8ff51740633a4f012b6ff1f66686a1da |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp.exe
| MD5 | 38f81fddc56845263e36fa49856f54e3 |
| SHA1 | 09adb804c1f93b6ddf4b4997772b134ab7389d88 |
| SHA256 | 1ce4307fdaa9ed7210b5a7b209f9895f84708392ee3047a7ececcf0706d59113 |
| SHA512 | 2ae1361ea8079e9f0bcd49038432153875128e3beebe415931ec4a4a8fa92c415e5d8be64a2f2c158218ef53b735191b687a517df035aefa68fead509d3bdf55 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp.exe
| MD5 | 067fa62daf1528b73146e936307b7f31 |
| SHA1 | 984cb705eb8ad1bd8373e70fa8b9b2555f6e912d |
| SHA256 | 39889b5e86e10aaeab53167a35650a843892748374ad4791bf555ba0e276388c |
| SHA512 | 1b57043a306b0c45a46239518ac01a053299f370c2fc8dae581de8c138482cbfdbd529e3288fc2056f04abef526151eaeecedb44a0a20f78e58bdf32054b3325 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp.exe
| MD5 | 38338652a47674f361765933f6257e0c |
| SHA1 | db2b974d8cfe84353b9e689daa9c9532c8063a16 |
| SHA256 | 3a5ec970dcc44a4257ead0617462aee47930a4e3eedb92208752c96497569a44 |
| SHA512 | 1be0042687af689e31757cc79daa6ab3ca2c9aeb6cd746469ad342f28c91b08e38722e0e62d310a6f77746e2be3d21481e83c1dbb3ce0af6468efffa9a40256e |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp.exe
| MD5 | 87a7f84aaacf4ef73a2bf9ab731a0f45 |
| SHA1 | aa495426a51748fb1e26ab1d8a3ae80e779abd7a |
| SHA256 | 39b710e2ba459b9900162346bc13dfe01d95b8f57d693191f29c5092ac55a516 |
| SHA512 | e3c87e675a82f323b65816972ebac7a49da2ca788cc8d26575f1ee3f2fb76bfcd8d343f995e6decde7f474b48cb3abb548b31c3a4914f1d982bdc3e1efd22432 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp.exe
| MD5 | 37300cff43e16ea07e27eb9f1bf1bd6e |
| SHA1 | 7ddf201b543e8d37707c62e536a9d2712b063f4e |
| SHA256 | dcabaaf2f8124812df02081776488a929ad2def1aef2084f98a970a2251a944d |
| SHA512 | 0143b85964ccf548b208aabef35e8980d57dffcd9f4d7b27e895512f48f2c70ed0b431125f3f18d09071ae528313b5fcf122eea4edbe0d2fe39b694ff7b063f2 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp.exe
| MD5 | b426c0b5f65ca891097c201c0006bc53 |
| SHA1 | 5e29b12fca167bbf8fc796d81576b8a9c8591da7 |
| SHA256 | f03a4c85bf03024e47cf5a0c1a563d1e0e9458ccad322eaa793621376c1eb7bb |
| SHA512 | 102d4cd2fa79f3c7a27d6b1f4eb4556e42720d76ceec8c5356e69a300f55078688e4351b458d02b7b9d4cee98b044b374fdf78d35d3a51c32a1cb004f9a5404c |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp.exe
| MD5 | f7ef95ff67689a76399daef77013d1c6 |
| SHA1 | 1dbe165e3f67db233f9711e07e5a0b33e64fd42c |
| SHA256 | cf3720314cb961b3773ee1335b85497de86865a5fb05e9eb11228c436a76be48 |
| SHA512 | dc67db77ac4b3b23efe9d5ee12f1def7611f5d4e929b0fbdb0b21172a0ce3a1ac8687201459ea21a0e1a17a8468962a3a3b306764b20e73a4922fa8671384e0a |
C:\Users\Admin\AppData\Local\Temp\BAoK.exe
| MD5 | 15cdb1c448955b8f6d810f9c29ec1ad9 |
| SHA1 | ba448ef71d5dd4c99443f1de4da620379b12cf06 |
| SHA256 | 7fa3fb0cd9d458c8cdadb36136624ddb7cf56780378e9ffc1f0cfff0999bb3d1 |
| SHA512 | 3b7d743d8159b64b8bf31e2489a1cb5c497185d4400f3cd3092101d42edd14ddc4c5f8af50d566f9bca90b98fc2c3d8151e4e5d14f2a276542def0e12e12489f |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp.exe
| MD5 | 9f38a5777850db4231d4863bf314ecb1 |
| SHA1 | 09381ceb0b4411fc631784cd1b151e88c6bc9dbc |
| SHA256 | 695e6dc01c5e34a2dedd1fd3f1ac82c32518f102479f1cfcd69bae5dc9a470f4 |
| SHA512 | c3b0c5cfa5cda18b37fc4f1434f8a5440465513e62d3148cd1aabb5c2cf8843d183c42121fab629c95451a812ab6bfd86a9d28d151b42379b08c977bb395d473 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp.exe
| MD5 | d1d88e30393a40cb76d674aa5ec0de25 |
| SHA1 | 5ada43c738ceff9d6c0656518830c9509974066d |
| SHA256 | 3a858850c0a4d6eb4bfebfca19b1824c40afb009503b68e351bc4b84a6a7cba1 |
| SHA512 | ad8171c274597390b13afa573bc16494bbaa2386a3a3f9e8180bf92540ffbb5ae59a4312d3d5ee5c5ac150959ce72c42aaad2f9ce5acfcef683bd3ae033444c4 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp.exe
| MD5 | 3530de910ce34bdacce92e12fca2ebc8 |
| SHA1 | 848516bb40c62fa71a0de36d77774d76b825fd2e |
| SHA256 | 291e843d7e7ab6d995a605d0766c5dc8519cfbf762901452f89cf596c33b6e1b |
| SHA512 | 1483fbf4a8a53401349e0d978c043300f9c6bfb5e919ed4db17dce6ca9cfc5ef99c999e3a169220c5918d5727641ccf7db046f68d2f2af4065f43d141cd18970 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp.exe
| MD5 | fdb70cbb1f337b0c09c4dd9309df7afb |
| SHA1 | 8dad3afe5910ee58b759347cfcf5b20df95c1228 |
| SHA256 | 3b6ec3211d01d34c3b54d1fe357d862f4d5da850467509f364c86c87047aa48e |
| SHA512 | fdb6ffe097a33b65ef9b82b437e23da37cf404b475220a719800c7661e90e79ae183fa2091006f4e2e9c2e1c2ff6d886801760f12dc660fb8d05d0bfa2af3d65 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp.exe
| MD5 | eba9beb99a41107b39a142f004fde359 |
| SHA1 | 2d240aef1f1f907b39bef967edda929be9b28d66 |
| SHA256 | 69bc4f01faaad05fa6d782cab8a6f6dbc5953df1b4c7dcd8ed0d9dc4be22aa58 |
| SHA512 | ce42e619ae496f1b1be29b820511d094e01db34e4dda269c41cb494a04382c98baf9ea5deb597e6cc214e18f3c0eca49bbb671266fbf536bbbdc231f5124b065 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile40.bmp.exe
| MD5 | 2de18eb5571e18f4e3ef7228749336ce |
| SHA1 | da3c71a3df959c344db3d53f569d1b4d87bb02a8 |
| SHA256 | 40b175231a2e148c79f44a3e5601d2467541c093dbf97ef2d9f1036df41ec2dc |
| SHA512 | 9076b7576ae63f8080c8cf6f069cb6482668de40783ceafd33f9d21207047d933ce2c92739faaee53593ecd688f91b94e4bed40541b27b0636365ead373a06a7 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp.exe
| MD5 | e3b343c3d2dba15ba013ee5ac12ad7f9 |
| SHA1 | 6c41f2eaf9b816463e8963aa206139c1898877cb |
| SHA256 | 63499109a19683130341f8a307b8701d3eac21fc4c85498128dd8e232ed77f11 |
| SHA512 | ef59652fbb2232873d4af07d3b9a19a93ab00bfc82db2ceab449401b2df33e0700a4aeb833d6f19083738b2f85fc58332149bcab489bcb6dc697269be58dd4dc |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp.exe
| MD5 | 574f06c1eaf65c39ad68b7cd1ea80bf3 |
| SHA1 | eb72e93e9832482ca54a158dea09dd47596c26b6 |
| SHA256 | dadaf6fbcea4be8b1c7af6011688b648d7d5506cf736a95b638dcb3f2f27cb62 |
| SHA512 | e803582c9af29e862fb9ca340f492278dda91e66237a8f4838661a555fce4406c0d4b20c90ce67901186e2b275315d3abbec7c163491dc5ff757856d41f31e1b |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp.exe
| MD5 | 5252643fcbb3a218e64f137eb9b059ab |
| SHA1 | 093467ffec3bae604370b473d1ff9d7c37d1f2d3 |
| SHA256 | 44b5f1ca2e3ef800d35f865e281e2f6d8435055d29918c672c55f961d4f6c74c |
| SHA512 | de30876658f4094dbbad40b9a214203b8b9929c951a964a2e391635168c5cc8b3af2a251e20d15227f9cab9c85cc1ed0c1970cd85a3dd9af3b8bf6a80b3ba8a9 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp.exe
| MD5 | 0e3631651882cd276ceb8ccbd77e6abc |
| SHA1 | 2fc856d5c26adb26587e4408f14eab98ac423790 |
| SHA256 | aa30687d140f234009c953c6ee6334d46608242ca3b9b8de2363bba235849fbe |
| SHA512 | 60484d7f932b2266cb24fbe27afab1f365c693396537c91278c0fce1435ba9db9d53ac49166386b80fb4aaa9bc9117fa8477b4ea66db3d8c6b07cdbfd431fabe |
C:\Users\Admin\AppData\Local\Temp\hUgC.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
| MD5 | 108c146f90e3de9aaf8146ae3c4307a9 |
| SHA1 | 2cf8b4943d8696b20088c1f6f1e02b798c12e84a |
| SHA256 | 23946e23e06099ef6dc0687185e7f080b35a2e21f46e46ad802d74b24e301a6d |
| SHA512 | 99e53d2414713316f00fadb20bcadc6f31b69e9fe51130c4d60fe792636705cb3baff068ae44141e311a3c8c3607f2dfe310c3c3b2eb1209ad59f71b6832a1c4 |
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
| MD5 | 43ff740a272407877b574ceef85ee252 |
| SHA1 | be3039d9dcfa0ccd63bc7479b400a892757f5183 |
| SHA256 | e50571a85ddc369dfe165359e7f360b03b348e1d422d6f86e28ad6908037f81d |
| SHA512 | 92fe4f1683d9e2b51f620339864635b7b9dd1b86987160a7c53c89ea0d650c2eca9254b6bf6234e8f4329136f456f43d64c6d4f009e29b3aef10855b65489f36 |
C:\Users\Admin\AppData\Local\Temp\GQIW.exe
| MD5 | e4f2b467fc987dea52ec877866057149 |
| SHA1 | 2f19fd0637bd1efa46f80d8eff22edbde88c0ad2 |
| SHA256 | 9719d9b214cd0c4ab898c0d2be365c1f2292221ca00afd952ee6a1191b833b94 |
| SHA512 | 98405645fb10e20cb0f2af1da7863707c4a93fdb389bfea86313dd302f91142558f96f37999633968cf99799dc1da858d071e358cae49ac513cf435398748ceb |
C:\Users\Admin\AppData\Local\Temp\HUYG.exe
| MD5 | b3dac3a9a6a68525c284fe2c7e5b80a3 |
| SHA1 | 7feb07e1d80bce0312532dbb5f72e6813ee9c99f |
| SHA256 | c2e4e638db9937be7dc379b236786c58a3f2a97cff3b47229146f134089c9987 |
| SHA512 | ea93b4ff4654093d01717f5fcf9840edbbe06091381541c0bd55ff0fc220f1c381f6bb73e47a3a1fcce05c95fcd78b8c69996a48b93a1c7b0f14547663071fef |
C:\Users\Admin\AppData\Local\Temp\bsQO.exe
| MD5 | af2e80e97da9bef35b9d41009ecd7898 |
| SHA1 | 8c16935daff8d4ab934b5b02d32a017dcb5bb9e1 |
| SHA256 | f5c2c4584eb17400b27bcfc0440f0befa20f0f8751e113670263a149eb8f4251 |
| SHA512 | cd43835b9154275a3f9e5fa8575f5115193a160909317dcbe212de1b9761a89122d15074b8b49308658b1a7189a41ef0786520c5faafe303b8b4e9d3e6293af9 |
C:\Users\Admin\AppData\Local\Temp\KYog.exe
| MD5 | fa7835f2726f1891019774f6dbcfc791 |
| SHA1 | 3011110cf454af418361644a647a1b5d08656de0 |
| SHA256 | 1648455ed329a6f4dfbc70058523a0ce832a69226acf95ac150a5f55cd71d1a6 |
| SHA512 | ca27c366f127675a7d27c7af62a5cfc933ca7b1d4734eed587d49d82bf61f75146982f1a4a035b030e70ec4b6d1c51ab511b5db978a7a6bc495c629413467cdf |
C:\Users\Admin\Downloads\CloseResolve.gif.exe
| MD5 | 83e5be002a404447633d52aa758e6f70 |
| SHA1 | 88b025eda7cb0866658939ea0ca0b4f581ae2a49 |
| SHA256 | bd6d3c00e0442ccf898a5be5e2b661899831e15a51ad0a4cddac11f09f5d97e8 |
| SHA512 | 61346a7ff5ef9bafccf67efd0787d9a33d0c239ea898d0741d4949dde2d352bb5d7168f42edbaae19b63b2b28c30b478a8cb6ef2b79356e2b45c0ff16f7139dc |
C:\Users\Admin\AppData\Local\Temp\SUgc.ico
| MD5 | 5647ff3b5b2783a651f5b591c0405149 |
| SHA1 | 4af7969d82a8e97cf4e358fa791730892efe952b |
| SHA256 | 590a5b0123fdd03506ad4dd613caeffe4af69d9886e85e46cbde4557a3d2d3db |
| SHA512 | cb4fd29dcd552a1e56c5231e75576359ce3b06b0001debf69b142f5234074c18fd44be2258df79013d4ef4e62890d09522814b3144000f211606eb8a5aee8e5a |
C:\Users\Admin\AppData\Local\Temp\OMQU.exe
| MD5 | d027f29ea94ec5b34b245127b5ad4faa |
| SHA1 | ff3bcb9e1355d05bf5d6ec474f532aeb76f269b3 |
| SHA256 | 398d4189f3a95f0839394f04852a2974d1eb0a6944866c38a42819ca034a616c |
| SHA512 | d2865c98f59481ac4cd17816b4117809d9e4ae47fdce4714b1e625a7e639dc37aab3fcfe7579cc912da75e225c3f0e38ef3d6977ac12f17b4541bb385c011c0c |
C:\Users\Admin\AppData\Local\Temp\HUUk.exe
| MD5 | 578f3e44b2d1c6286e19eb31f17d0a67 |
| SHA1 | 6a59f01753a782ac83eee7e316416d029f36b1e6 |
| SHA256 | 76bd9655de97809997662f3ba6e6d0e3a2ddf5eeb902e07933683ba3ef613c3b |
| SHA512 | 2c708b8592c739362b0bf5f657b643f54c3050d7f610e713b6d4c08d48ed8e6137180745c101af425148a12100a0181747c2bb98d3dafa3a9df2f4dedbe39bcb |
C:\Users\Admin\AppData\Local\Temp\egYY.exe
| MD5 | 10ad3aedcb0d72a1c450678cfec4c1bb |
| SHA1 | d6719c6eefbfb792e0df2fc33b81cd37cf230646 |
| SHA256 | 73da4c26c2d9b243bf17723c2bfbdaf6a189e7cd52e1e0434306b675b91f68a6 |
| SHA512 | e658a121a279da4ea751a4fab42d2e38449a7d943b689a226ef34176c9ba7288b99e70878377759dc90ecddc21125a75894d041b2b5ff3edbf2d9cf35585c2ed |
C:\Users\Admin\AppData\Local\Temp\akIM.exe
| MD5 | 377f12bb7c94720210df95e1fe77a2d2 |
| SHA1 | 5fcaa04d805c2e6f24c7aa05f6ccaa28bcb256d1 |
| SHA256 | 6c2b136dcad6e82f5fe0972086ab9fbfe52578f25aa5859cf6fb99a30b4a204f |
| SHA512 | f8290625dd4ad78eec216b9e87a810f63a1b1f8fdaf3d3c82bfde65270598b5a1a8e02a5f5e66e2b74f418c0db902cffddd7379cf04679a76ba6d070fdb73799 |
C:\Users\Admin\AppData\Local\Temp\ZIYe.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\AppData\Local\Temp\pYAI.exe
| MD5 | 946b642beeeba57b0b547e083411cfa4 |
| SHA1 | af6ce9b95faec69091f9ac9f021c3049a2e2e6dc |
| SHA256 | 3f60b5354c4f0ccad9665197459e1a93621da5adeef5866471184b9b4337449f |
| SHA512 | 4d1e63a7ef2cbda5d9d0503869bd50bf851a96518dc59167e7494b09206b30681cfd0bb9e07e750db7838c485fd2ae95b22bac233811677a36d7d6038b0f53d0 |
C:\Users\Admin\AppData\Local\Temp\RYUq.exe
| MD5 | d4a26408ff79ab5917a9e4a3d74efabe |
| SHA1 | d348f033aef3380efe7933c77d8e87facbdc8dc9 |
| SHA256 | 5a893fe22e26c0d1c3f8dca03f2a2daa1d3f7e7a8f41d1664dbeb5ecb86dec6d |
| SHA512 | fc10925b9e3a0b3146f473865de9f203b814076193e73f5c07cc06e32b6e86cfb03e428c0a14f4830c4a7541135283c93b2e40c1870991d63cbbffe5f14de6f8 |
C:\Users\Admin\AppData\Local\Temp\lccI.exe
| MD5 | 2b2eb580ec1277edb264e63e5e2a9e3b |
| SHA1 | c37bc905d4b815661b452767ab909c0933d3e782 |
| SHA256 | 2d88fe6e2ac1019935e2ac68470e94791370c4e20b0a077e70134168cafa3f7b |
| SHA512 | 7bd3e675f250737cd6228ef5c363b4283bb6039fa2ec20e44ae4b97715591a188ad2a70b4ed78077445808a1f409232faec4d7a5a5674378ae0ff6ef3bc0692a |
C:\Users\Admin\Music\SearchSet.mpg.exe
| MD5 | 27741f060465e8add7d199b0d63358d2 |
| SHA1 | b615a376fa4e43baf8dd022f490b5ade588f290b |
| SHA256 | 7d44169ad6ad2b9b176780a5b6af87dd6d9459b0469acc6f97d8855eefdae784 |
| SHA512 | 0b59b5237f411ab7a9e30773936a5ef69421ee0aaed06250dcc761272c94ff0b618ee0c955b8536f93651542a9044aed79d4ee9fb81e3cce8ca4959b7cf21b15 |
C:\Users\Admin\Pictures\EnterRemove.gif.exe
| MD5 | 9929f142f7c8561f40d13c1a213e63e1 |
| SHA1 | 95515b68708e0a41a95b79f4a6c8a39adc9db507 |
| SHA256 | ff42ebda684f969a50244bdc000085c5c436c12f3c13708f4fd930a6edc425e4 |
| SHA512 | 61edf15e17d586bb3a6f4ef95ed0bc42c0195404db3e2bb8e1f41da2de4a88cecd5e473f0f7e59d609cbd8db806a74ec6f856d30f6e0b14963588f2dfb44831c |
C:\Users\Admin\AppData\Local\Temp\QwQY.exe
| MD5 | 66cbd1ed92fa2d771aa430d95a46bea8 |
| SHA1 | 15e5b718ff96857921d3fbe7e2708ff9569f6d3d |
| SHA256 | cdee8100aa98a7d73e8560a129424b022b2c79884a18d8c021be2002f5a6033f |
| SHA512 | 08e2557c15d1d76bbe3d5a72811316ea34ec2a23b11d64e2806bbbfa584db3be3ab9bd7db39aa30cd1e10a0c16adb153a32350084a167af7b389550c54c5d62d |
C:\Users\Admin\AppData\Local\Temp\CQwA.exe
| MD5 | 63f4e26212860e12fbabe13c4f5e6214 |
| SHA1 | f8698a10c51d8d431a541594699ee04add4ed326 |
| SHA256 | 7e30d4e3daabd609f326c9628d1537891b40af1ef6257d8bc9eec860cd7b5fb7 |
| SHA512 | 872bebc1224cda2febbea57b64c542198dae03c568893ac9c696e70c94b6ec33f9c483b4ed6c5fdf1613e75041f6f0e9aa976b6ca09b7f0ac02f119d6039e0e8 |
C:\Users\Admin\Pictures\NewConvertTo.jpg.exe
| MD5 | 1ea9c04a4060d14809ba3a7b9e3d730a |
| SHA1 | d5a7448ee89daa0c9aef1510afe711c32237dabd |
| SHA256 | fc7278e37e1ff84c9ad03c1d7c77be4f68c99b06f4dcc1f65f5860da7e3bb438 |
| SHA512 | 3e929eb9d41c056072bab2d268be765a469f50b197a1e056b6b4e7a0464967a048712c5761f8bcb67af15a8525a6175c40df50bfee91ec9f6789629414ca8a17 |
C:\Users\Admin\AppData\Local\Temp\bMkO.ico
| MD5 | 964614b7c6bd8dec1ecb413acf6395f2 |
| SHA1 | 0f57a84370ac5c45dbe132bb2f167eee2eb3ce7f |
| SHA256 | af0b1d2ebc52e65ec3f3c2f4f0c5422e6bbac40c7f561b8afe480f3eeb191405 |
| SHA512 | b660fdf67adfd09ed72e132a0b7171e2af7da2d78e81f8516adc561d8637540b290ed887db6daf8e23c5809c4b952b435a46779b91a0565a28f2de941bcff5f1 |
C:\Users\Admin\Pictures\PingRevoke.bmp.exe
| MD5 | a913efb20e811b7fb7897a0c05fb38bf |
| SHA1 | 4b3e71d6d6dc6ce8767a5bf3f9708de444db38c4 |
| SHA256 | 6b287feb825d0b346c7f57b4a1292dc17a5fb751f5d05d99f1901ad95722f6e0 |
| SHA512 | afb7e706c86c80c6965e68a76607848112c579ddb6d5b55ff37c77a1e792ec574df68fa1205a7c994fcaf093af602d6f26e9aa90ad4fc49a2004b029eaa81fc2 |
C:\Users\Admin\AppData\Local\Temp\GgcU.exe
| MD5 | f6b6e2b1d2f30d2817c98cffdf63e592 |
| SHA1 | fb388535217463b3eebb3c4377a992f0b3fb315d |
| SHA256 | 8a2f449472001e26d588914a86c148a28a553d1dbe1761f04a30cc8d628304d4 |
| SHA512 | 89cc208457d9ddd361122aae056bcd7084f4a56e99bc324629c9f8fb8c459d7447b0a9b3ae67d765c76873d2a546158f602f95cd7f35076f55df56d0deb47cbc |
C:\Users\Admin\AppData\Local\Temp\Ycww.exe
| MD5 | 64ea15eba95c21c98322f44a476e7230 |
| SHA1 | 1063bbdad8cb77c0d117b5e759b635cd05b95fde |
| SHA256 | 7635c8a4419817847ea84c95f271bcef796558077e23366b5836c68e1029f950 |
| SHA512 | 2f8fee565c7e6250efd3c5dd0e6d8ee1450bcf76d151e9af4db4568f588c9b395c45f8b6af3942050a4d5c36b7c7c87290e7673a6ad95c619cfdd722da438f93 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.exe
| MD5 | a7d119f68af551aa920cd7da4757bb04 |
| SHA1 | 5d15c9c30bf254cfe963f1f03bcfb5e47769bcb3 |
| SHA256 | 4dc20cc769f85d5ef60e6660da2fbfa418178ddb37ee7c632df9c7cd74bc9b18 |
| SHA512 | 2f290157425549aa2b0aa329fd03157231037bc5458991660e03ac141ba55888af17a4781dc7f330cb67db612c73c55800ab2613cc750849a7362fc818050115 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.exe
| MD5 | a9f2dd07f3b004e2ad62cc36e9beb4c5 |
| SHA1 | 27fc17c312e21af590927ffe1b219eb22704418d |
| SHA256 | 627588aefb1392fe5051ba0e54e8a8a6234aef0953614cf6d4ba7d7ab3ea0eea |
| SHA512 | c50d7366fb17f70be7d1638e16ddf1e0ca9ae09a8be8fd3a5c3c177197528343591c99692b978c84b371c1d23686a237a931018f192b6655b1e3a6a004fdc03e |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe
| MD5 | 73fdec3d26943af116ebf217bca7b4ce |
| SHA1 | 966f854a24c9e34f6e9c4df285e9b6245cb850da |
| SHA256 | a75dc47631cff504460c9f0e97f984688bea2202ba59f7cc22ff71789e3d195e |
| SHA512 | 48b766aa1f2889420d809c1fd55dd991b26db06d0e76d9db05a10506b7e048c265fc2ebd4a5739c6f95211a5c3b0ceb46d88bf2e5280ce3fd55a817d36a0a8e0 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exe
| MD5 | 17cef6f2ec247a67ebaaa42c40d40cf7 |
| SHA1 | 22417d7f0985404003f10dc8d3dc2025ea4dee28 |
| SHA256 | a8ea9237f3231e1bdf43a1e2dcd962f91980597f847caef410974aded920d37b |
| SHA512 | fe432d191eafaa694f5949e28edfc8355556d637c05191491bff4acbc0e0b232a2bbbb836eb2727b8061e9c6069a23040bb8de247b937dd4c515314cd58d27e0 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.exe
| MD5 | 444a2153eba02b75859cff5fbfc09ade |
| SHA1 | 45e8e623d14b55eb3f0e1f0664432a0befa9af7d |
| SHA256 | a70852ef1a510e1cd03cabb86848221ce473108a8a040f30a856a294e8c7b939 |
| SHA512 | 56b19d4f2f13a0545283cfed14867d08e7cdba75c3ba425a1d1dc8fa3bfc36e9251f20ac86fc57e925903cf50efa0d24906591baeeff7f828c77268e4952a911 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp.exe
| MD5 | 11bb5e82d89e058f5074925956bf94b0 |
| SHA1 | ef3e12b08665357e33c533fdf2848505f175aaa4 |
| SHA256 | 158b8474d4f4080991a024548dc953749814bd3c616ec08a03b7e0528edf13c9 |
| SHA512 | af305d0294514649d8434d63a21826cc403705deb2993d26e1f01a14662e91a6b0c3cc40392765575f1962f6e19f8d9e2ef479934264f9b34496685a18893c98 |
C:\Users\Admin\AppData\Local\Temp\JgAS.exe
| MD5 | 1c5dbae41c4de3e418f3c15541b8e5dc |
| SHA1 | 0694ed6f5fbca77b0d4df63936dce59019f4623c |
| SHA256 | bac2ea6c5326e00d7212c1dfd4320418583e80466a736c13d4c838f5d9dda529 |
| SHA512 | ca3f51b2c25a7eacba56f146cfa89c0b339569d6b6b7fee9b146d0e4f2a247cc13d557736b005c4ded90459c874ca40b49b3fa63420772cfafaa71727f87466c |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp.exe
| MD5 | 4f476a2ddffd8d8c76cb041b6c0dba6f |
| SHA1 | a471d3118a3c31e6cd80c68d5723613cf768aa7e |
| SHA256 | 3b7b2018d9e3e3dfcce2f52d87d8b418afa1ad087661c6eeb548e22e1461c43d |
| SHA512 | fd8a0205d246b4d06ae3f96085ba96c2174d302fb57dee6ca26d4e6ac9668631443dc4e131eddb9527576b800ea832573872efdcec24d3a50bfee7bd7311adbe |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp.exe
| MD5 | 695bf592731461bbebca4086a5aedcdb |
| SHA1 | 4ce12913cb737098cd6845e4af26e82e7f8fee95 |
| SHA256 | 01665bdb5ea75bac1a00bca1f82eb4c63750cf961844e03686c5bd1a27250903 |
| SHA512 | a0512b3fba1199f6b024f87adabebdb6b15e0585bb3839d48b83be8510bb3cfcece75d8750300d7030a0e7fc391cf872e12acae85b6e3128831fd5aab46dc173 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile14.bmp.exe
| MD5 | a8d1c78a548ae5f051394354c00d855d |
| SHA1 | 75f19dab5b5dcc7070c7c0a9685f6cfb3c194de6 |
| SHA256 | 297f7bd7ccf16c2e0873ff9cb64214952a355cdb54eac530b86c0ceedf73ed3a |
| SHA512 | 5e41ed8314393635c8bba026e2cec49e0fc03e12fbafb6e81637518d4a741ba30b7dfcc60e0b7d52067a0df1fc45ea544afeef66864591e798b184b17165875e |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile15.bmp.exe
| MD5 | 05accb32363b40334cff08e4ea111a6c |
| SHA1 | a29760985d402ae814d1d0394d42b2aa2fe3c9ca |
| SHA256 | e4801e70fe156c07e624bb616143b87b0791cc31954272c9dcba28298daae5e9 |
| SHA512 | 627114f69d5668018f34b22304d8431b8dd39c9bbc2977651511db71aded6729c38b513e040b9f58d9cb3bf7656cb2734e7d10b50c0bcd114aeef37c4e620dbc |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp.exe
| MD5 | 8c36d4af1eec53f56ac5fda5c4328f25 |
| SHA1 | 6460739ef76418e3f6ebb549f5cf129f13ba1b3f |
| SHA256 | 4554fc9344e0da6fff75d56b7c98885a2d7727056cec0807ef4e0660992cfd0a |
| SHA512 | 303c2e0d132282aab8d41b78b218b04d4882e4aa7aa4853bc0d79757a408172c6ce8d8a72a209f31b82872213f70b148e5a416e8581bce0df31491af3dc1e8a0 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp.exe
| MD5 | 77cdbc9fbd1fe50d4f0d989bda50cbc4 |
| SHA1 | 6d955a4a25a00020d583f830a65627ecf0c1e7ff |
| SHA256 | b45cf1dbb6033919bfc8e2b97dffe9c7b796946da1774ed3e95acd6634e95b97 |
| SHA512 | 7b4e9b27bbd8ba4d5358d2ca41ffb43d411eb12828ec89d5b5e10156908e66c129aea6ad89a7751564e6df7adb74f2c06a7a9781e85474976ccfc2b99d01135a |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp.exe
| MD5 | 7bc8e7caab0dc5fca83c5b70f54d61aa |
| SHA1 | 9f1a492c55297f74092ffc56ed32e59f1cc6ff06 |
| SHA256 | dc42e4ea47d8d5dba55de1263339c0c2940b1a1bb48be6ccc1f5cf13c492d3a2 |
| SHA512 | 2983365c0695ac35f161a8cc4bb08fbf87014d53afb845e9302629a9e7bf401778ff5148a1e6231218bf7d263f7bb151e9fb929cc6cb39aeb640f0da2b66f956 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp.exe
| MD5 | 438ed73b549517ec0a697018aa3dd4a3 |
| SHA1 | 443b967037306a5c9b77228f200bc0a3f770864d |
| SHA256 | db233e91840055a24f59f913bfef385089b687dc13c0bad6bb946d065186b686 |
| SHA512 | b7afa0f38c4139f61dec9104dc425bcd07abb4d0bafff9f18d92a460d61f764b77f39d32ce3897522057b0bd3987d02082ec4755fe84ad9e2cbe726b33b77b10 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp.exe
| MD5 | 650f3fcdcb9ac92a262f3299874359fb |
| SHA1 | 936ee17a76a4efe9e2234d8c38a9c8f55d6d6bf1 |
| SHA256 | 0f4a3e43eba97e74b2ad4da515c7a808406b18920d6d30159dce807a6bfd5012 |
| SHA512 | 1d231e7a95ca38e41fa74ff0dae964612b346e59122d4a0fd4570afe81cd07abdc79a6126a880efacf839a8d8933bb96d00a3bf4100fbd5b6ce17941ab299c67 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp.exe
| MD5 | 8c2614065d2ee4cab483584939ccfdae |
| SHA1 | d1705436644a423678ffeded1f3a011c4d0cf2ab |
| SHA256 | 6613be18f4cc2ecc62d86ca3903c2a4f0c0e70f164b7accd26b99afaa09945a8 |
| SHA512 | ab3220324ac99093df21a4f4ccae403a6c42d7c35e0780bb82e105cd4cb52d8bcac9625443b3eb918badfd5f16794816b225a4d5a954f23ffc4a446843f43ec2 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp.exe
| MD5 | 12ae32c0f47b2657123ba532ca16ab52 |
| SHA1 | 5035c808fd7422c7d740d431c211ef01fad2f5fb |
| SHA256 | 31c432cad10830117efa80bbfa4df92749bc829baa5c6a580226f7e02917f951 |
| SHA512 | 42e3bd84ee1f1702e718cf286d62303e7b5f9329e7937bea9ac93d394cfc5a9b7ffd2c78c7175aa783a6e5fab2e7733b92ea9ffecbdd535b1815d5530cad0a3d |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp.exe
| MD5 | 518be2beb9c581c44fbe1f699d7ed86a |
| SHA1 | 99d4d4d51f588a10b0fcf4d45ce3f9172541a954 |
| SHA256 | 4e734e17b6c8d011bab1d1d02083248e3a5b41a541a72a8e39ab927bff4ee7ba |
| SHA512 | a28cbc8b66fa3f86256c01af59c2d1a8f2a93f65bbdeaa640bcaa66ced15cf2e6e3abc84d991209227c817edafc1698e67299550804336a5eb8d880871e2d25f |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp.exe
| MD5 | ae2fbed8001f98d0571accf58104b26e |
| SHA1 | 021b4b0444d8a319e7cf9ca8f8c4d2418eb38737 |
| SHA256 | 0456c20356d29af82a0d985aa8ab949b7a61d37c31c0645665cccc77f3032941 |
| SHA512 | e942a2f08ea1254ba96baa6aa9de13e13952ae2e2269b66604dd86b7adadc96f02400a6b103d5fd452fc1e44371d00289cb3b040d0ea8405339088e063267536 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp.exe
| MD5 | 8223263f8cd6e73f6d3691ebf7896545 |
| SHA1 | 6e62b8f8f0820c83ca4813ac3b28560f30ce80b0 |
| SHA256 | 570fdbc66ad27771476959278f963d0bf6f357b51f61b19148cd4a9d3f91e0d1 |
| SHA512 | b98fdd77848886ead2d3c2d3f5558b16a10b246513b260b4cb8208b3b5a965540c02c7a8be0da9bf4ac1bdd460d473070d4d3beb40f904294797b8686ba5d319 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp.exe
| MD5 | 2cf265c757a0a434831393af3e526bb0 |
| SHA1 | 6375248c1cb4336e571a89c6f462475ad7e6d71e |
| SHA256 | 3abcbd5acc7cd9ed4b0a19343d597c925c001f6b2ddd317e0d45ad30cd5f35cf |
| SHA512 | 2b88116c599935329d75b47af08315ba954b2bf23022839efac669cb9d6d8ba9cf071c00b843e579fe2f030397707a38224941afc6d4f7c24f7110c3e126a31e |
C:\Users\Admin\AppData\Local\Temp\EocW.exe
| MD5 | de47afb87a00fa56ab03ae93d98582a5 |
| SHA1 | d97d9c0031b840c213b5a461f75005f2fae330d2 |
| SHA256 | 78ca1939de14bb383f64c43b42ff54452751de538be3037cef7df88d9532f5be |
| SHA512 | 25dcea105cf6e18c7aadca84d674d499716bdfef2b110b636e2d81561588a87e4a525b26a0f5eb1db6bfcfa6548a9e540956713e5afc43bc2b75b53c368b3bbe |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp.exe
| MD5 | e27114ce2b5e687f0011b218cc597e60 |
| SHA1 | 1d3c31f86f79c99610041e718e8ceccf16537e95 |
| SHA256 | 9d7575b345869d6fc9135dc28e565e2642070e1b1d12a723d07493fe770ee6bc |
| SHA512 | a5650686d024d7b00c0614f2b9a386a0627c32b422d3647e2f06fa3b4f058ee1bbca8dfd596c504d2bfe2019c686ec4c48032e425804bcc1aac4c38cc4a242f6 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp.exe
| MD5 | f2d868593bd9d138c7f81a669d1abf48 |
| SHA1 | dc3b97a8a8ff9fb8d958e5dd4a98be7c43857618 |
| SHA256 | 11235a0aa34766f9ededb01b177f491371ff48a04a33a9c04192c4160d90cef1 |
| SHA512 | 7ab86c3ad71fe834c888e0f414e48fda6f619ce304c5c3413cc2051dda471239e7eb2ffbec0d59a65739dc58db57f37bbb76c7d54a023ec8b0d6ab76083c96b0 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp.exe
| MD5 | 3a5d76115ed1aa273a514e9bc91b561c |
| SHA1 | fd52410bda04c33bec3e513c983bf101812faa5a |
| SHA256 | 39b1605f59453de3864a70dfeaf7f67ae00f3b28fc71f89062b6090356ae6377 |
| SHA512 | a74a23c6652264a909218e0c9f9851e6e00e61116fd891aa763205cabe9916caf7425851167910506c0192f01e93f1bb26f6adb2bde3c1b9fb217cec7cd238c9 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp.exe
| MD5 | 4b24125ce11925835a6ab70e4bac3d2d |
| SHA1 | 7e34ff460817cea5e97ffc46c7c5060735dafe9f |
| SHA256 | 24ef015fbc5e5b221b5fac129741d82a4924b6b6f886570552350889117edc26 |
| SHA512 | 854496678d069a8f30d177a0c767bb7fd46ba74a461edef0963be9b8c20db817033ec3b3178e1a0450f095eef2e51e8bf945872b62ad3e4adf3dac60b090299b |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp.exe
| MD5 | db765c59f2e6af53ca7549dd99443e5b |
| SHA1 | 0c1e39a285a8568aa454fd76930ddeba299189c3 |
| SHA256 | e84021c04ce3683ec983084eb861d3b4290072e3b5ea9096cbe2afabc21033d2 |
| SHA512 | 20d30873e78812b1897db725ba5ea30e558d76dccf36b9596a785b7d4ca382c1e13263e523bdb0f97471cb3425074c0dd79c75b218511b7c420e951af3c77e80 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp.exe
| MD5 | af5f6a186e3795b39d95dd34e232bbfc |
| SHA1 | 1483ce1d06516d69b4645b0608f7e8a1c78a21b8 |
| SHA256 | 6c83ed7d0dcee941962d0f91a2e9c4635081befe897b2b97f2be03071b7ffba2 |
| SHA512 | 91892c0b99f6a4df975120ac201bf53cb26914a147b7073b851983b01ede9e255b6f03c88ddf8853dd81051643b91ca6abab588c07ea44d68a106d17136f722f |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp.exe
| MD5 | 55ac84c4ec53fa1ab1fe5bd288aee61a |
| SHA1 | 13ed7beab12edb246d97298d95af1ac9527733d3 |
| SHA256 | cafbb7ee662f0a45cd98a99b05028bc5b86b666bb794971866716291612db94f |
| SHA512 | 3ae2210161f3a0801544c41e6745fac92b4a38ede00e77a2a85596c4c050d95394cfe2734aff41fc0a8b9b4ce972f1ee3c9f578158efdeeeac60f6cb0a8c6bae |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp.exe
| MD5 | 5a7265c26ec660c259dcbe0785b62525 |
| SHA1 | 1ab64727b3bb5d4c55bff1a08bfc7f1ab00b5a51 |
| SHA256 | 49ac31d695a238fd8ca6b1bb17a72b438c7aff89beeb5ca426489116b0cb0ada |
| SHA512 | 7f8be37e2a63012ed28c1de1ce7f94c8163559ba426d7bb298808b29121e9e2410fe385263ab4361b875f09b7b83d4c36398591a520e7630baa96ae6d87d00f6 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp.exe
| MD5 | 8e7abb4c1b6bb89d213992880e3817b2 |
| SHA1 | 7388440a3f42f72423427d3e9bb097c4e817d1a8 |
| SHA256 | 7ba2318bdb8ec5f5750d5ef9b550f103819e1e6472d84a3856d5546a4cc14fdb |
| SHA512 | e71db031e92e8791b8857b601d6cc7160c2d12a5d83ea9bec149e8dd4b78dbd1c355f4bd54831316891075359aff4314472d8a69e9da6b45b83e141d9384cfbd |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp.exe
| MD5 | e000dd1418e6c132ea24824059b0f3a2 |
| SHA1 | 549c69dff5562f29b7a782568199ae0add2612fc |
| SHA256 | b251c633475f34775bd5786b6ec2d9313da374fe856f5e88ba3d346c51ca11d7 |
| SHA512 | f2249471a33b3d3a1448e7251b459464b33023b4d9f62d3894eff489afc0ebda2529d0fa6eff5268ef2325e0492183220dcc5d5e16ca52b605cc89fa02c121cd |
C:\Users\Admin\AppData\Local\Temp\ogUO.exe
| MD5 | 49b6856f2eee58ba9087f5d1859defdf |
| SHA1 | dcdba4e25e40ee05edd5330987f3f2a52fff6699 |
| SHA256 | 08955206f9c202c91c20ab5741b4bdde3e76626edf1764b8f425dc717ee5b7eb |
| SHA512 | 64b0915416dde052bf15f6cd4955305661e9f6aea67dab3175392225d9ad37615f7c4017b34af18eb97cd0de50ea04dffb16b0e89f4505f6b9efa76ec03d6c3e |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp.exe
| MD5 | d4095aa16ddba06ee8a73878ab0234b1 |
| SHA1 | 4fd822aa14b6eb75017ee8a1927a8a13d1dcc7db |
| SHA256 | a531ef34c02d146c768a389ece6fb1ff5b0b3ce4397488227125e1d4be4f0a9a |
| SHA512 | 77bff5ba406239e51ff34eca927dd4d934f29683c54fb873b1d0126d8a652f82b96583291f209669dd575d437637826d425b3e419f08ad8ac72a5eeb84a41532 |
C:\Users\Admin\AppData\Local\Temp\LYAK.exe
| MD5 | 26a2660ccc8773ca0663ba3dc1286018 |
| SHA1 | 365e6d2bed39a8243d2cd0f781d9768fce02d3b5 |
| SHA256 | f4d74bcea52bf0b02ae6d10760aac920b64886e70aa546e32999a6dff0b46c0f |
| SHA512 | 6e5c8704787b7a6b873b8eddb1eda30ec2b9ccf97f48f3249cab127fda95018b8cc46f3fd2846c0a544635036f275b3249dde2d732c1122b97546603c3c5e960 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp.exe
| MD5 | 3e389d4827a2c96b75aea49c0e31aca5 |
| SHA1 | bcf62ce1fe2c29566ff9f7c2bbfa5d4462552645 |
| SHA256 | 4752656aeb034bf372cc361a549b999a0d52ae7da513aa3a514ab75a49240dc2 |
| SHA512 | 34e37b41c9b6ab916b141852bb85912fb65a11a043ebf156a86ba5e01c66237eb434a185c7dead5d3efb69e53d2e452fede80b31c2a070f6a57f1891813887cb |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp.exe
| MD5 | 5d856b50d44e9b5ae1e9c573e0f519a9 |
| SHA1 | 4aa7303f5694fca835937405690862cfb69b2a17 |
| SHA256 | 7ba209f722f359adec074efa74da1e20f5ce741974ff958f546f79dcdbe60c9f |
| SHA512 | c9fe519637cc783569ad52a2e6b00cd12c6131e4984e343cb95589c3788ae412c1dc3726b229541d7e0573ef4c6658f6a7a8bec5ceb91838e5b2c91c7c822c01 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp.exe
| MD5 | cac7de3e9fe1ff833c652e5a069535f8 |
| SHA1 | 99f1305e92ac60067a688c85cd3b3f37276e253f |
| SHA256 | ec861c8ecf80d6b075704fb3012acd5efa6931723e2f61761f54c35b75514a68 |
| SHA512 | db17cd899701a71d15280d5aa5020b6f582e115e95beb5c40500ba18fca14fc834098b683c0039c1c712489e2b55746bb436f6b038cf5c33f85fa678f7c2e4d3 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp.exe
| MD5 | 983aa6be05be6d59d7e80c58413dec04 |
| SHA1 | 5479161ab87ef6381af64fa38f0289aaafbb0b3f |
| SHA256 | cb83fe08caa41e8878dd3b9096a0958b9545f7c66b335c783e562fca1a657821 |
| SHA512 | 38176341860f9e48fb19eab7fa84d92b62081117dae83cb85f3206dc581a28add1480fbd0c9a0f6a37662aff947e0b34f18291a3755be967b0a8281bec04fd31 |
C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.exe
| MD5 | c9104d550b51a294ec7e8ac6d48786ed |
| SHA1 | 966d8886a68c792b4afcc1faaf489bad5b34f40f |
| SHA256 | 80a06628468a318b0e14a73c87d5ac7a4ac91b917ded883a722579f4658c98e6 |
| SHA512 | cf7c236f5d340dee6f46c5bf2ae255fa7eb5b06cbab540d117a9a1a67f0b434c704c5c840cc04ef678b9543b7912aadd35ce24a80c2dc20bf69da73fb86f7b2c |
C:\ProgramData\Microsoft\User Account Pictures\user.bmp.exe
| MD5 | 284d669c090c0cc8b9eff61e531930fd |
| SHA1 | 716a9a4cb14538f76a9fd348e1f9844523120893 |
| SHA256 | 89aba6352ef8cdcb7625c19e059d3e75913253aef9b66af75bbeae37e0de5ac7 |
| SHA512 | 5a69bd39800069c425d9a1ca2ec58a0709c8f462086663ff73fa7ef887a05efa2c07538a588bc1b3785c27746f2a330ab91dda6f46263a6948e566b93046639b |
C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
| MD5 | 8acb36978db5f9271348c3de62953c7b |
| SHA1 | b6127ca7febfa7bdf6c0a4a9437091b39314b764 |
| SHA256 | 0fef15f1f2d1e8759afc6470dbfaa990134f2825b1d8848be35ce23fe0238e3f |
| SHA512 | 5ad1b2b9142a54bd6648aef193e8d2a7ac42a4bd84e0c941e0aa6164573ce40ada261358832feb5cc6b40120f4cd20d1920a96760ec4ec5c55835d699b2a939c |
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
| MD5 | 43d85b3b17398fd4fecd7275d2ef4e0b |
| SHA1 | ace10d4a43ae81a38bb582eeb2a7026c0c34d2bb |
| SHA256 | 7dcef6621b8b536d4d34472497e92ffaf7c2f9d04d2b6db872ed608d2de02b17 |
| SHA512 | 9271a3cfcdcbdc52b9927b9a2f98b8f4536c419d0469f82781630157df207ab41176cf749a6753d691619dd2422ee09c5d79379b3666f6a46557f221ef5a49e8 |
C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe
| MD5 | aa9b5d4d481d5c9152e9053ecdfa37b4 |
| SHA1 | 7b96051b372dcf95b42892830225d4c47c75f634 |
| SHA256 | 2866a70cb96de3db8b5d449303f5f2e5a6ec62470b01b2719e7425bc89881054 |
| SHA512 | 7a6f9e0cda7aeef6657d27626fdf9f4d92d8b3c14d6d2c5fe789f261f9e8eaa289f11f142e135ed33b15f3d0a71bd455998d1a8e78c68bd20b05db7f6b3684ca |
C:\Users\Admin\AppData\Local\Temp\osEA.exe
| MD5 | 707a89bcf4f5de5001dc1b2d3807e12f |
| SHA1 | 7ce1e49697b64d5164b5238c3a328a26fd63cf58 |
| SHA256 | e244ce110010534d03b4ec2092dea7ad3a45d63d16b86ba4330b4f4e35655f3c |
| SHA512 | ebe16a21472f371522f1618b618beeb8939e4fb12dc03bad6d0cd08b450029e0e4c1460399e6c53d2109cd0511862d1d94cfba43cd10515722fa63bce3c1deba |
C:\Users\Admin\AppData\Local\Temp\KUcs.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\EQQY.exe
| MD5 | 8033690659461eee542786927595ba8e |
| SHA1 | 99f10d5f724060e132839705d1bc43e8bd6e67ae |
| SHA256 | 3f70a1ed981b4d63e44f6fce0ed64429c543a0e1b276237612ebe9a25fb93270 |
| SHA512 | 406f82c93cc03a9d0c5c9f6ed9e1d3189cc26e089b100a96fb87bd49736afc2cd1d11b28f2d8e48c31e95ca5231d955947e927bdcd990af78667f4f88cb483c7 |
C:\Users\Admin\AppData\Local\Temp\IEgM.exe
| MD5 | d97d81dde277a09997df2c781abb4c7d |
| SHA1 | 6d5a61cb4a484659382fd6f8671df05d88176720 |
| SHA256 | f4ffa48f8e4f7ce40af2f54bd855fd186a60c821134c54369117353bd3a35316 |
| SHA512 | 0f673db9f779e9e1a03cfb054fe6ca972402b524f3dd3958b0f7357a2a15bb7a63bdc34b59a402248089fc8eacb8f51e424253ea34c9388cc2f2796fc3670b2c |
C:\Users\Admin\AppData\Local\Temp\gIUi.exe
| MD5 | 187ec61a9dbefcb47cf5b21c05b21994 |
| SHA1 | d11abdd3febe9d6a1496ae7dd8d42fb77fc4b9f6 |
| SHA256 | 3d341387e6d0aa6e7e648bba47ebca41a5ec4ea5a5371d7fedb8426b820d9f4e |
| SHA512 | e8b188b39410798091553534d782e3f27208ba9dff5a9a4e112294c1246d58ab0bb11d6fea85a152c4dc6a7c7e0c9ea29d036e2fc37833b14a2905065ceed3b2 |
C:\Users\Admin\AppData\Local\Temp\CoUs.exe
| MD5 | 3b6b05d4f16c0d70d7c11041154d4561 |
| SHA1 | ab63773069fc245b7a58abd0b2ea615d5da0ad57 |
| SHA256 | e01dad3e873b7631a81cf703041a809705bcda3d511f96406a708998d5674e99 |
| SHA512 | ce7d580b05900ace25c81afdf9b3b1b64b2305964a27f3a71881e02cb5b071a72efc990dc83d8b3d5bbb576451628bb0e6f27f52b545f778b35012f782b31740 |
C:\Users\Admin\AppData\Local\Temp\BwYG.exe
| MD5 | 04286a046eb150c4df8bbc3a983e1a22 |
| SHA1 | 69f5dc265a65531d6a8d5119358bb7929622f1eb |
| SHA256 | c7223672bba64e7de5c6e728682a97d505ebf1282e8071a955fba28e7ea3760a |
| SHA512 | e6efe2fe4c425ac05b2201444d9b035f32e7a0c3738ed7266cc2ec18bebab6a7ec1a68f3c88f68969e35acaf691a9860bb75004d918949ce5ff157ea14956698 |
C:\Users\Admin\AppData\Local\Temp\GAku.exe
| MD5 | 91eca85a180dd4cfdfcd21711b5e01c5 |
| SHA1 | 7ab1109b474c6d0f6017338b7dad482b907e2963 |
| SHA256 | 4488358978ce92e155a469de00ac1703d3654fa5704f0be5814177a382c921b4 |
| SHA512 | 69ab504508fae335f0309094ee87933830806821c56edad4b009d1ab14df6ad534e34b90d6f69948fadc72de39f156d19952e097daaeefea9e1782d50bd57aff |
C:\Users\Public\Pictures\Sample Pictures\Koala.jpg.exe
| MD5 | 2d08c94f0abbe85d60044026e8af1598 |
| SHA1 | 01108700e9a3bd8be27cb6c203018be434844ee8 |
| SHA256 | 7245f96f80e9effadf8575f7424c685a6845d1c0cda2706fd8e9da3f83f5a0bb |
| SHA512 | fc01f3f1ec047d2b75871719087d33e1f3aeaca25e9b6c111c6d8705346ea389509ac5087154bc5bac6a0275997dffdd590ac14a73db55383f61613481288815 |
C:\Users\Admin\AppData\Local\Temp\kAIS.exe
| MD5 | 51829238e1bf1b3366ac465c3443144d |
| SHA1 | 2ae85259bca2b19ad5d63d08cec1abd3c6f52f18 |
| SHA256 | e2d65bfdaa950293d2b11d9ced1e9bc2f77f03b4c46c7683d3c9ed1e254788a2 |
| SHA512 | 4d043c39cca13b9f83f501b2e744987fa9ca8e7fda9ddcbf0cd2f9e54d9ba76763d44cd561bf63f219ff5372ad34e503e73dc71f9710b0b0d1b667768d483366 |
C:\Users\Admin\AppData\Local\Temp\TYkI.exe
| MD5 | 550d8a7cc9afba5f725e4d1b3f243518 |
| SHA1 | 6c4fd0e6ff273b2d040ee333c1e074a9735da823 |
| SHA256 | d8e1782b55a95c5b0f8e54950038dde2dbc82044daf9f824104fdb42519695b5 |
| SHA512 | 31d5f548d46fc63fee9ade79da6f97e90649f8c2d55f5daf98826ba1c06a69d1e16959789caed93dcb014dc00eaa6649740cedfa5c4c9d69344dc7c5cf938f95 |
C:\Users\Admin\AppData\Local\Temp\jkAQ.exe
| MD5 | 5da122d918d122e9fe26692cc011d1c7 |
| SHA1 | 64d7f15da73ebc1640bf3cc936c17a2aafea04ac |
| SHA256 | c0549e773db4735e325919bd970e5005db173645f0ea11a1d5153d755bf3aac3 |
| SHA512 | 0ab00527cd1084efa4c844cd7779d1afe7714a061f1aa26bf21e709930bd6228f581f8a01964f1306eb2dd7ef201f14831e0303d78d70eac231b68d90b5de104 |
memory/2604-2597-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2544-2602-0x0000000000400000-0x000000000042F000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-03 11:40
Reported
2024-04-03 11:42
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
94s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (87) files with added filename extension
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\fwIIgsko\ToIkAQoI.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\fwIIgsko\ToIkAQoI.exe | N/A |
| N/A | N/A | C:\ProgramData\pCAwYssQ\uUkkwkgY.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ToIkAQoI.exe = "C:\\Users\\Admin\\fwIIgsko\\ToIkAQoI.exe" | C:\Users\Admin\fwIIgsko\ToIkAQoI.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uUkkwkgY.exe = "C:\\ProgramData\\pCAwYssQ\\uUkkwkgY.exe" | C:\ProgramData\pCAwYssQ\uUkkwkgY.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ToIkAQoI.exe = "C:\\Users\\Admin\\fwIIgsko\\ToIkAQoI.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\uUkkwkgY.exe = "C:\\ProgramData\\pCAwYssQ\\uUkkwkgY.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\fwIIgsko\ToIkAQoI.exe | N/A |
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\fwIIgsko\ToIkAQoI.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe"
C:\Users\Admin\fwIIgsko\ToIkAQoI.exe
"C:\Users\Admin\fwIIgsko\ToIkAQoI.exe"
C:\ProgramData\pCAwYssQ\uUkkwkgY.exe
"C:\ProgramData\pCAwYssQ\uUkkwkgY.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DWsgwIsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XIMswUAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\towcIYIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\skYEIwkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wKQYooog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\csoMwoEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VowEwkYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JqMgkYwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TCMgcEUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pwIcIokU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OmEkMQgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UWsscwkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gAYgAcIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CMIIMQko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bkIkgMcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RIMEwwwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\heIEIcUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BQoEAskc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IagggMgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eyskQoEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AmoUgYEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SukcAgoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jCkIMIkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dCgUsQMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZAcwYosI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mKYMQEwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CcAoQgcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MyEgcIEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\doAEkogE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hqwcIcQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JewMYEMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\doUAQAQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AkUAYYoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uiEwEEkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EGwsIYkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qUAcYAwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hcsEsUko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JIIsgEYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DagQwMYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MkEEccog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WQcQkcwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eOwMEsoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WEgYoUYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FwwsooEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NckEwMUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dqoUYIIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nUkoMIgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kUwgogYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\usQEggcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eagkgEcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KEooIQQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BGsMAkos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BWoAQQIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\buYckgsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eysEkgQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\amwoYsMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kWUIMkcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AwEgkIcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zEMcQEoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fosUgwIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FsQckQgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WOgowQQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gAAUEgkw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MkcYoUok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SqgcEAYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xOowwcos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vYwQYsYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZKIoEsoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pgMsUgkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AMsQEEQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EYYMEMYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qoYkkIcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zqIcEccw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VOUgUswg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BsEQEgIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DCsUsYAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wgkYQwos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YwAEooAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\REUQYoYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZscUQUMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xawcgIMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xegIUcgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\imckcMwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IWswMAow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AKIMwYAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\omgkkgAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vGswIAkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fMUUIUEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XSYwMwsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jIoEgEgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\okIwowko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kCQkUEgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QWMQoQQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MUwswEUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tKsQQgwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TgIAcIEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hOQAAYAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SKQAUAoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AuIocEog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uAIkgIww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oKAQcgQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TkssocIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PYIgIAAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nkYIQsEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tUUEYwss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UcwAkscg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OKYwMcIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IcgwQUAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bqgocosY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XQMMYIQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PIQIgMYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TcMAoocw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MIowEQYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EGUIcIcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QYkEIMII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EyksMwsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xGogAoAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JMoEYcwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LmskAwIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XogoQckU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IMkMsYoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EogQEkcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aCEQkcUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nAkcIkwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NSAcYEcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hSskkYEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BysMEQso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yAoUEUEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qwQMYQsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KUwwoEEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MCkEIQUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mYMUQoQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jIwQckIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rMcswYcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jAkEkIcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VWIQckIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AKAoIUgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ACkkMMQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EOksYAkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eaMQAEAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock.exe""
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| BO | 200.87.164.69:9999 | tcp | |
| NL | 216.58.208.110:80 | google.com | tcp |
| NL | 216.58.208.110:80 | google.com | tcp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.110.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.66.18.2.in-addr.arpa | udp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | 216.203.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
Files
memory/2200-0-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\fwIIgsko\ToIkAQoI.exe
| MD5 | 53bea68353d9bdf53a52e8232d09a68b |
| SHA1 | 92c345ac271b8647196b2327856852c563ad968a |
| SHA256 | fb76903be755cdccfefaa650a461ec7bad164899df5a1fed0fc05008d406b3f8 |
| SHA512 | 8b65e1b45b7b05e2aeed818202eca209396690ca97227054851d77fd3b4399ed2a19e2f40c4d43b8b8a6f474b06a09e0b1ea2291ede79eb0a795a5fb8720ea86 |
memory/4136-15-0x0000000000400000-0x000000000042E000-memory.dmp
C:\ProgramData\pCAwYssQ\uUkkwkgY.exe
| MD5 | 2867c7c8d941058663630afec93ff0d4 |
| SHA1 | 27e2335d0b08c2c6475239875053372ce48140c2 |
| SHA256 | 756f63bce3f424859fb2a63ef1626044b024d09ae42b2cb6e020eff19528d394 |
| SHA512 | 8c7871c7bd46d80a1f7e5a1a108ee5c9cd1a14e9f9103025e7288b29d62427e338888a0df261afe6e28bd5427aa3e30cf537d12a2520791fb1142ab0eb76fbc8 |
memory/624-9-0x0000000000400000-0x0000000000430000-memory.dmp
memory/2200-19-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3868-20-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\DWsgwIsk.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\2024-04-03_abac5eabd200797739a3103b2f2d6655_virlock
| MD5 | 8243501c8bec7c2fabcac8cb47d98048 |
| SHA1 | f03c28e2f966b10efdc0eafda6ed6d3ab14b7d43 |
| SHA256 | 4f5230f4e5338c433953dfe6fc203f2cb1936ca7ad8a9d6aed0afb583a1639fd |
| SHA512 | 5de50003977c1b5c4f55132465d0a5589a32a00f388c6c57fbc9da42fcb7368578ebb6e9b541e2656dc07fb9c0a77cea75f990316be67ed5bffeed47385a5aa7 |
memory/3868-34-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3484-31-0x0000000000400000-0x0000000000436000-memory.dmp
memory/228-42-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3484-46-0x0000000000400000-0x0000000000436000-memory.dmp
memory/228-57-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3564-70-0x0000000000400000-0x0000000000436000-memory.dmp
memory/220-71-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4028-79-0x0000000000400000-0x0000000000436000-memory.dmp
memory/220-83-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3172-91-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4028-95-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3172-106-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2752-116-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4564-120-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2752-131-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1756-132-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1448-140-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1756-144-0x0000000000400000-0x0000000000436000-memory.dmp
memory/448-152-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1448-156-0x0000000000400000-0x0000000000436000-memory.dmp
memory/448-169-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1104-170-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1104-181-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3616-189-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5016-193-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3356-204-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3616-207-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3356-218-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4984-219-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2592-227-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4984-231-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4764-239-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2592-243-0x0000000000400000-0x0000000000436000-memory.dmp
C:\ProgramData\pCAwYssQ\uUkkwkgY.inf
| MD5 | aa109c23fe31bd643aa0d3fa2fb13244 |
| SHA1 | 2c99d1c8e82cdcc24b84a59433a7d24ec914a349 |
| SHA256 | cd653a26f8747b94b774abaf7f3e7469a59db8523ca9a3dab0594edeab9683ed |
| SHA512 | 49a943fbb2c2fc6fd446b375e5e017bedf5fa9b9b21b107b5ce8feb98ae8172794605dc69f7ae338106042f8248574de571aded1537dff123bc36209e8265e6c |
memory/4764-259-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2960-256-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2960-268-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2720-274-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2380-277-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2720-285-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4068-289-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4068-296-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2576-304-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2844-312-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1648-313-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1648-323-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1448-324-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2680-329-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1448-333-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2480-339-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2680-342-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1908-347-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2480-352-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1532-358-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1908-362-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1612-367-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1532-371-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3124-379-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1612-380-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3124-390-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3616-398-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1440-407-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1580-403-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1580-415-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4972-426-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2144-423-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2724-431-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2144-435-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2724-443-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3376-444-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3376-455-0x0000000000400000-0x0000000000436000-memory.dmp
memory/400-451-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2980-460-0x0000000000400000-0x0000000000436000-memory.dmp
memory/400-464-0x0000000000400000-0x0000000000436000-memory.dmp
memory/896-469-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2980-473-0x0000000000400000-0x0000000000436000-memory.dmp
memory/896-481-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3296-491-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4240-499-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3992-500-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5068-505-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4240-509-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2480-515-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5068-518-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1764-526-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2480-529-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1764-537-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2360-538-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2084-543-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2360-547-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1152-552-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2084-556-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1152-566-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5012-567-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5012-575-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3760-576-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2232-582-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3760-585-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1440-593-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2232-596-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1440-604-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4988-605-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4988-613-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4564-614-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4564-624-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4664-625-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3892-633-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4664-634-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3892-642-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4868-650-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kIEQ.exe
| MD5 | 081b06b4c371e3fbbeb6935af61d373c |
| SHA1 | e9f6253a10c78dceab7b1d2b69c5001e33432b18 |
| SHA256 | 6c727157993c52dc3f886cbdb4c3255aa3983096a0cd52fd7c603d5d21a53656 |
| SHA512 | 4694095fcd38ad8e78a5d0907bc8e61e96cf547ccf413e28d8691ebbeda7b7300d2903ddcc486bb27c41119661fa9526c9825f4e796f68fead011cfe6d85d054 |
memory/4872-673-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4560-676-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2328-681-0x0000000000400000-0x0000000000436000-memory.dmp
memory/4872-685-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2752-690-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2328-695-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2752-705-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5048-700-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3124-712-0x0000000000400000-0x0000000000436000-memory.dmp
memory/5048-717-0x0000000000400000-0x0000000000436000-memory.dmp
memory/3124-726-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1784-727-0x0000000000400000-0x0000000000436000-memory.dmp
memory/1784-736-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2952-747-0x0000000000400000-0x0000000000436000-memory.dmp
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exe
| MD5 | a4ff1eed634c37ee87092a7ec3ccc075 |
| SHA1 | 9894e4536366bec2fe334e2056e1ac2da5d93fd4 |
| SHA256 | 57a54a07984f675247dfa9924f2608e7f544f3c76160fd94da3082bf4bda0372 |
| SHA512 | df514c768216e5be9cea1cdac482cf072853e292633e8e0df6c2618abb43f5d4b3d47891593d2e539e70acb3ae87cd9aafe90e2b436f88f0737a1128c9e25b41 |
C:\Users\Admin\AppData\Local\Temp\eccm.exe
| MD5 | 70bbc790472f2c6dea33615c767d5b85 |
| SHA1 | 8e4a4af66552a05cf42ab9251b95a30e16906be8 |
| SHA256 | 3d5720833f5dd4bb39956952d4e0c6a0763279ffab9299bf9516e4591c57453f |
| SHA512 | c57874956da7ac28cc811d4762ba3a5a8c003d426a817560cfe523bb7d84722349525c659c1db75ccfb61d8a61f66fb86b6eaccb864689f44363900699ac49f8 |
C:\Users\Admin\AppData\Local\Temp\OwYU.exe
| MD5 | 9d14db2abf701c4a7119f43b2d4348bb |
| SHA1 | 358c102f44b46a94be59b911f5ee0b802029ba62 |
| SHA256 | 01132dfc148e6d4cd71fd65ad8333be2940524eb0dd62b32735b10b30e0c3e89 |
| SHA512 | 82e07f860ac94a3e3bc36fb6feb9cad07e5e96551f58be788c72d390fe44e0b6648780735b6bebb3aef0133ddec17acf50261c045fd8dfd303809d8acf6888a8 |
C:\Users\Admin\AppData\Local\Temp\GIEW.exe
| MD5 | 64ad2219e3c0efc01f105d6e166d5e81 |
| SHA1 | 24089019733aa68181d17a478bd8c8647a2f5ab9 |
| SHA256 | fefd525eee0af8dfe422da61a5c3a2f323580e0341a3b2d04a74f42baf6493fa |
| SHA512 | faff539d8233783d022ea982ebf97298f711b3bd1217c245970f206101db8cbc492e75abab87293f1f7819fd1e77a22d9d89c36d3e10ae1b8e518019390660da |
C:\Users\Admin\AppData\Local\Temp\OUwq.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\Users\Admin\AppData\Local\Temp\mEoy.exe
| MD5 | 6d6b46af8dd7181d8b5bb87262ce9a64 |
| SHA1 | d2e9e03d7033a34373ecf46e5a7416e7dc47568a |
| SHA256 | fd6581e15b74e2cedbfff795646b1fddec7079034a5a20f244a60e965e8836a7 |
| SHA512 | d87c93ff744e1947cde69f0b0673feda062d8e702b4544282a03b9ab9fce593c2f2fe8d35c0aaa938f318d4da42628d120de4784336d2570db7e074db02e4c96 |
C:\Users\Admin\AppData\Local\Temp\Usoc.exe
| MD5 | 0c2053a393ceabd32dce39dd0d58d25d |
| SHA1 | fc0f0cacd960a02f3561bc2dd6d0411c147070f5 |
| SHA256 | 95d15d261f96510e013b244904ba86ec77d32f1ebed2db647d2efee227fb8e01 |
| SHA512 | 7b9e38a48f36388f27dcf76435ce7ea9891297da66940a4cef4f1369429194f189840b8258d85c15fcae6ec9e9936e53ecad6c80989b44af5d2f8766728aa374 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.exe
| MD5 | f7a549802d6ce7be1833e87f3fc52167 |
| SHA1 | cecf3dcbb7263aff66f53f058b5fce122f6bca38 |
| SHA256 | b5dc5104f2bd8cffd913ed793d9ad045e65eda8e6a9ddb0a9199763b9b3318f6 |
| SHA512 | 1a46a25e67fa963d0113b53e080c90291f83287335dd02befb3ae39efc507ed38fc30c08efc1d7198bc4aa1a5ab749f06dacbdfaa79ad1c3ec6c1b730c6370e4 |
C:\Users\Admin\AppData\Local\Temp\wcUE.exe
| MD5 | cf815026e6301a2cfedd9106d1e81a9b |
| SHA1 | 57c1b6850ad14d9abd54fa7de33057934ec338f1 |
| SHA256 | e0c4b11214031e6162b39df0b2663b3e0c149a3d1fd3cebd6d980a1b982da607 |
| SHA512 | c914d54f3e29988e0932c0cff538e76d63fe57cadd1bb6f84fa7dce5956fb7f1212f1791b1caf8216e4cc23f6b600b9f31c2cf309a6f5a42f3b8637812f83246 |
C:\Users\Admin\AppData\Local\Temp\ookk.exe
| MD5 | b72f5f804c7eb9a3ae7cf6b102b572e2 |
| SHA1 | ace40989a728e72c71181ca70c1d19c693f2fca2 |
| SHA256 | e8b2d127dab30df9a6bb26a55efbf8eebbf4d05b10bf20fbe56029a636e5dc66 |
| SHA512 | 9551b75db6d597bcad281b2a266ba0563a8e68974385679ab73cce5397fbc2bf30a38d15949e215dab2afb86b83cfd77303712eed2cbc2362b7d286fdadbfc0d |
C:\Users\Admin\AppData\Local\Temp\YQEs.exe
| MD5 | 890b61e5c25000c7b58d7ae1203ecc23 |
| SHA1 | 5d485c955eeb1b3f45e549155315db4c63ab3f06 |
| SHA256 | ceef3c7bf2590b965f16b3bd1438da43145f450581ab317f30a30b55dd62c80f |
| SHA512 | 28106fae751a9b9ba949518e4e5240aa30b16b1bd30d7928a384686b65301647e4bf366a05325c475f9e439d424c727ff785cd83460548764de9843b3c406f7b |
C:\Users\Admin\AppData\Local\Temp\QMQe.exe
| MD5 | 0c8988545d55a30e76b10eb4a62565a0 |
| SHA1 | 08e94e2d6a93d65a10c359ba7579a88f323ab87f |
| SHA256 | 0dad40cb794c91df2764180cfde883bbe5cab66269e51a88bdc241eaaed36d76 |
| SHA512 | 1ce434a04d02248194fd3b600d2361d27284763f3ff596fbf97a9a56364ddfdb37f110fb8ddc1c1af2b2345cb275737c848a04d711906254fcd8cb3153aa396a |
C:\Users\Admin\AppData\Local\Temp\kYwE.exe
| MD5 | 87f07b4f2ebce8b1ec0f9ebdb21c8f70 |
| SHA1 | b910718ca8b6ce7478babc04fcdac993bb3d920d |
| SHA256 | f3d35284f7850d082ffa17836776edc67b8c7642be35531a93c58f26cb20b5d3 |
| SHA512 | 4282015e04180aa022907cbb882703c5a5ae9e0f8f2c95cc44f1b64aa4e5567c59221e9ac8294ee647e913b285c59cf8a7ce33f26119733cb5f54617d269800e |
C:\Users\Admin\AppData\Local\Temp\oQEW.exe
| MD5 | b9b118c8b0adefcd5d101496d26591f9 |
| SHA1 | b7ef08c5c56c8ef68e3079e796e0094ea129d4bf |
| SHA256 | 1ea319725ccb16f82635dee584243263e1bd9ff6b0b54065abab06e5320b0f4b |
| SHA512 | 0d1346ea64464022b522f25df393709a7f5e4daab1ce550305b73aca42545ffe63ac3124aa762f9e9b2b04d95e125061d4512ebe903f0316bf3a5e7a3191ab35 |
C:\Users\Admin\AppData\Local\Temp\mUsS.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
| MD5 | 3bd5a1b47b8be328b64e2edc255a92d0 |
| SHA1 | d338fa590139a39de0634d86a2cc523a5e06049c |
| SHA256 | a004db5c9310fc8e3b6e42403a267d19144aaed4de8ffe8e3f85f0acd4039de5 |
| SHA512 | 526e4c8089c64df04ed11683b5f62e08e95b1d1c8ff0cec25eb44f9f1588a3e557b995216bc49b18e19dd4180b4ab5e81159bcb1ae6dd31cb30bf34bb9cd9be2 |
C:\Users\Admin\AppData\Local\Temp\qAsk.exe
| MD5 | abd7f8c826e0f09413cf1764341efcbf |
| SHA1 | 92052b408343af7af1cc543a8bddb8f969fbb7cc |
| SHA256 | 5e417d4e520af0b372b834ec9d471065470edadf116f878d904777d468c4410a |
| SHA512 | 817dcca3557cdda8341ca9de6579c7ff4c21abce8e3ddc4c3150bc4d071fe049598e9d5684f44d65d04103c965afe0070aebd46d26d4bdfaca37f95069a131c7 |
C:\Users\Admin\AppData\Local\Temp\IQYQ.exe
| MD5 | 883fb32afdfef1623174491bb93da61d |
| SHA1 | 5ac3d343f02099f1490a7a43f403f65be485057b |
| SHA256 | 44bff2cbe58babd9e7f7f17e9b11d61579277803cd9a05dfde57314b80e6cfc2 |
| SHA512 | 12a0be3c68189b53bd83f7b60862c62e996ee37b5f850f1d08b24584c42434d444cd7a08417ed9ec0a6b2afc5d16be0de67d9d5e46ac9fe89332abd9ecb74660 |
C:\Users\Admin\AppData\Local\Temp\MAkK.exe
| MD5 | 6a8a4636e6af29976e0b2798615e13b5 |
| SHA1 | 31f38320141e6f7370573a59f935c5050907e83b |
| SHA256 | 63033bc56361c277a9f795e24ecf058831897e2a9340e100182d7de332079969 |
| SHA512 | bb80c13edd2cfab45dd4858a5e9a94ad85ec6f00324b17672a33d6ee6bcb183d9814f04592732fdd5c3b04549d4003f326fc27b4703c75b10f40fe74d3f19e31 |
C:\Users\Admin\AppData\Local\Temp\KwIy.exe
| MD5 | 661d9dd0a815dfd9e09e8f7b2606c161 |
| SHA1 | 6d3ac9775c272343f9d5950a80fa5f846b0d935e |
| SHA256 | 64ca941951053d10709d079f8aeb28c25349f3f4035c2759d86e131a7a389e21 |
| SHA512 | 7d3b07e11c8ec947923c79fcd9155794f800fa847ac3cf5620aa6dfda1bfb1e11efe962a722aa1d0efd417b2da837d65a2550b14374dea3c6fdf258432e9214d |
C:\Users\Admin\AppData\Local\Temp\gAgU.exe
| MD5 | e5266ef4e7f6dea6dce230214e99104e |
| SHA1 | 87096df6244ccf9ac0db998a43b6a6bcef47fc30 |
| SHA256 | 71e07fa7edf7a945daf876c725504df632c576062e413571a8a95e497c7e67d4 |
| SHA512 | c390892b664caa6fa1fa34e5ae91b71d2801af3a21af27d7b88d312715db6f009a3dd4422537959210b732b236a9914659ec9f1ad471211a3c80297b5b8d9695 |
C:\Users\Admin\AppData\Local\Temp\wwEY.exe
| MD5 | 555120f595e9289970e0c325ef70a7de |
| SHA1 | 0aaad552d95568d1e1b1fe00f701eddbf8b8f707 |
| SHA256 | 4ee8fecb71312c21742569e64b28996a4cb219525d1ec1d1f87a4c3ca5087ce2 |
| SHA512 | c7531f5c71fe8edd66709d9954a7e1e65ca8d82a7596e4f726c03d2482912369aef621133208126b169e58ed765e66e9d50d0d9633c71378bc6a22c6164b97c4 |
C:\Users\Admin\AppData\Local\Temp\YUsi.exe
| MD5 | ef5d18972414319db0e6aef141172a41 |
| SHA1 | 894dc7e07e88fc402ea24ce50cfd4cf76da79653 |
| SHA256 | 74ca4ff1d7bfdedd3ba0615cd6eaffe25581437eb550702e7e67e4a9b277652b |
| SHA512 | d6eb144c3e68941599f86160ee731e25d54b4b487b74406ce59767850cba3084f5937095a514d95d52c2b9f646e3185803d1fb9a845b8d9f00ffac28c2387975 |
C:\Users\Admin\AppData\Local\Temp\QkIQ.exe
| MD5 | afd648d7c7ddcc46a895809927f86e9d |
| SHA1 | cea766dc8c277eb77f69870238df22b0c60d8328 |
| SHA256 | 7ae0bcb32c49fc4baa469e31097efd3999e28abd0dbd3e0a14a13addf35201b0 |
| SHA512 | eeffd78e66a2642366c09be0e7e47d136328f389facab72c87575eb0d464c19a1948b0cc9eea2feb3fd80cbfa652af44683419f95f618af7f1d5a828bd21ed1d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\icon_128.png.exe
| MD5 | ae9cfcc09354bb874d4d1ec4788c2294 |
| SHA1 | abb3165b41969819311d68f077109ded61ef878f |
| SHA256 | 9bb5e66d641fd6eb7e9888d67f0c4a9108164bc71d5d1a3d294337ec01945b00 |
| SHA512 | 727a147b38e7039d849ec591fb0433d81dd58d9a22c460c0c9ebb6ce5b833e9484fade2b1c9c9ceec4503e506b10e638e39434dd2beb043e036bb2c7ff8f634d |
C:\Users\Admin\AppData\Local\Temp\iIMe.exe
| MD5 | bfbfd951be60bc640c5655e3dc5ce53a |
| SHA1 | e72ce44d72f01526d1ff51262dd62f70b116d288 |
| SHA256 | 2b701f2f43d36ad366bc9005682baf27eb795726b05747adc028966ae4d14bc8 |
| SHA512 | 7c0f355970e4c849011ed352ebbfda4728b3f685b83fe26baac388fc1a9c966262d1898306d63db1712b3953edb8bb0ba635e4bfc89780af7fc8e671fc61f78a |
C:\Users\Admin\AppData\Local\Temp\cIYk.exe
| MD5 | 92ac5e7fa5c8daa3775ffe090a9d099b |
| SHA1 | e80b8277aa1b7a577c205ca8f3a6414fb07721b5 |
| SHA256 | 34aa81e932380f76776004ae06cf1ed9c4dcd23365f1fddfbbf4a4d305265799 |
| SHA512 | 094e6afe59c1ef0ae926d5aca472e2886dee5cdc813c408bd3802a2f0910d206785b8edf746213eadb0ec24b388d82eba89a02c26100e97c031b6223a6ee1226 |
C:\Users\Admin\AppData\Local\Temp\wogE.exe
| MD5 | bc42756d8834960c7588904cd3142e4f |
| SHA1 | 282737aa3c785e88bab753923aab67fb2857fb1c |
| SHA256 | 9733c258d9e0d807be5b05e64c54aba7051bef64de4629af05d91db2d48f3602 |
| SHA512 | 6f9e79be722c09c61d65f9077f88a1e12caa0764eb6aef07868f5ff6d6ec8db7f5cea6f33f5050e77f87a6ac0a64c6a608084c5c0f3329b75a361a19b76b6e6c |
C:\Users\Admin\AppData\Local\Temp\QwQq.exe
| MD5 | 4ee14ee3bbb952c06cc541629a8f5c0b |
| SHA1 | 1f8b3caf956f6ae27f93451d1613666ee8041f6c |
| SHA256 | a49ec54919d6a4d6d96dda1bdb967fa9bf7fc45370f74d9e20781f1b57f19bd1 |
| SHA512 | 1e9a6ab1b8f183a2bf70082d5f90b9ed9f1235292a4e2e0a23f63d76b8942316932784fdf06e8d15badad6404357a2c3b169d7d20c52c332925e6af6e1e78a30 |
C:\Users\Admin\AppData\Local\Temp\Ykcc.exe
| MD5 | 42aad639da4480b44388e757796d270a |
| SHA1 | 1b6ed9b04f92ca93245226efbc7960307a8f979f |
| SHA256 | 1297debf79d3bd635f35d0f07d7748972b46359ff532184413585c10ec281b22 |
| SHA512 | 13213a52cc11aa3041fa62adcd1219d3f59bd7cc81eb8aba08c5a09aea2a49a252a6067a5c460c3a1a5d71e85b3c2a4c347c0a174baf00ac565b5a20960f9e97 |
C:\Users\Admin\AppData\Local\Temp\uoEk.exe
| MD5 | b68ac0114e2b10b2ef27a9d11439ff40 |
| SHA1 | 096c4ec6b3bb0cf88eabaeee280615679dd2dbe3 |
| SHA256 | 3d3f38947514fb2c4edfaea6f80d8ae3619bcd0efb55a87777a2f0de8814660e |
| SHA512 | cc243877f775e97475a1a7a58fed68e3468f20a6cf2f1e40477ffac58e32a8554d77d79999382e80bcc6bd5626ffacec1bd35df2ab8bd9185734a9b0423e330e |
C:\Users\Admin\AppData\Local\Temp\oIEe.exe
| MD5 | 4543649f1b127ead8862bcaf58989edd |
| SHA1 | 88e1264e36ce7d89385391a81cbed2508ed36c65 |
| SHA256 | 01597e76a5491c10b65ae6610f121a7dc862974c40164e740a4750305673c3da |
| SHA512 | 4a3796ed962511d268b09d4184a55e95d1f9c0680233c24e8b051306689fbf93d5f479ad95ee44d17da2d36c495a3978cfd7889f83b0aac91f7f0f612c8a36a1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\128.png.exe
| MD5 | 95266da1168357ece444ae9aca3df5c0 |
| SHA1 | b65820006529c767a63e2a861191137f5222f9a6 |
| SHA256 | 7b931b7eaa43b6e16620dd7009796d2e70df23e96de23c89fc9b055ddc78c48a |
| SHA512 | 210c01eee9de9a75195c82b851618738db6dd0505d0aefd7e3eba87c77af0018dc26e2d682a05f7b77e23f089937bc799909bd30a722e1e0f60938db50edde53 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\192.png.exe
| MD5 | 35bedec18ba1b628b2f70db5719d64c6 |
| SHA1 | 8479fa1a49bc3988500b1de0df3b7819f5926d56 |
| SHA256 | 5934fe02360e7080af085a6cf1b0e7b41e3f9d4bdb355b933f014b9fd8b1deda |
| SHA512 | 01e34de49f12a6d251ffa0e2354db16d90cf58c8cf0310e5fdb4758283eadfc39d3c8c8c6d66306d7d79ebe35f1dcbb106c55c4466ade78895d42a5445d65617 |
C:\Users\Admin\AppData\Local\Temp\GQwE.exe
| MD5 | 7c83ca7a6fae9e8bb5679aa9d31c1970 |
| SHA1 | 89fdc17bd94b19c698c22930bc192c5989231461 |
| SHA256 | c6eed9182b2a5f9d782abdcaa5e4e2ed27ef687cafdc45a7be4788c6c1ab3ab6 |
| SHA512 | 890d06c779f22271fedd40667083da833b6bf2ee402bba2d2d4f8ee3b12af04c1e28ce4119e178ad6e287af90464651579d7a137aa7679501cc86ab648ff0825 |
C:\Users\Admin\AppData\Local\Temp\gIwc.exe
| MD5 | 5ad7ffee3fe23a887dc78f3791df75b4 |
| SHA1 | 33afd2ac7a8611e50e5e25d5cda9ea21e3ba6ab8 |
| SHA256 | ba3b90c09d8d5ed906b4e306e89eae0cecce2d4d52f5d18dd64c0896c6f46b0d |
| SHA512 | 496cc6b06f37cc0c9ca1dd6abe9d443e40c14eb5139e4c964d6e4482f7b30b2930d37bee6205b1844d4e7cf7f12232301eb5b3a1267fa962d54f884d606a7903 |
C:\Users\Admin\AppData\Local\Temp\wUYs.exe
| MD5 | 502660b75edba9001dbebdfa014f2cb2 |
| SHA1 | 85db62efdbbff781c706ce02eafb7b9f9eab61be |
| SHA256 | 54f92e9116cfb18fc8e83389876ce14d72206a5156a756ecb243210e5a8ea42e |
| SHA512 | a314a13f346186519c6b34d35f69a7c7d607c7ce2b838527ceb51c92a3808f215201aa223e47c6fb4ba7f585d0f3686d74edf909742d2e907d98901d07b578bc |
C:\Users\Admin\AppData\Local\Temp\QUQI.exe
| MD5 | 7bc148e0ea571f7c4e382b841cd14ea5 |
| SHA1 | e780acb94bfc424156ff80b86427da7720dcd3ab |
| SHA256 | 04d9532c735a920352cb6b0b7b24935a1ddb6f4795367e7e339812ff53b251ba |
| SHA512 | 861db5f97315a32939cd1fad4484097028423f975a1280680719bff82dc5d812a2321c5aea1facdcdda17ab5597cefe73f94b3984fa3bc610ce01872658576ab |
C:\Users\Admin\AppData\Local\Temp\aQIG.exe
| MD5 | 7803fb21a3f34a33f2328927b0d9d137 |
| SHA1 | 9ef3af308e13aaa5499449433c48ab574b21f5a6 |
| SHA256 | 8eb17b08693f462c2ffcc778edab4e966a618328106bd3c8adf7c089f140c6e5 |
| SHA512 | c14f14045512f5b3f15b77dc5a71317162736b0d798333fd847e7a868306769bfbf9486ee489ac3d867f883969ce34998151617b29e62e50438aa6969b0ac56b |
C:\Users\Admin\AppData\Local\Temp\AAIs.exe
| MD5 | e369502d7bdbbd8655ca143e9ec612ac |
| SHA1 | f01279639642cc689baea868ddbf6884aa647ad4 |
| SHA256 | 55881dcf9f70acfb5cd912a0bd36ee12c24dde52c36e863781696516ccc27cf6 |
| SHA512 | 4f73128fd05d911ccd44d4ce373c821808b3ae5f5408ae95a8f0b0b614294a7ee4dece99a9cf25a848bd0735aa6bf91d7373d8331c05cb1b58f52c7aa0c33731 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\96.png.exe
| MD5 | 37aa8c6ccc081a30f44f3afe70ae37ad |
| SHA1 | 1333d0cc9cb2a5b1ae6cea24f20a0ec925efde9b |
| SHA256 | 4e2bc8f1128ac1c8906aac2723127bb5b4fb8c00ef2654baf8fe6962533d0bbf |
| SHA512 | 86c625b03e6be9d293909dd692ab902dbad3b158e75e6768d55658f80c11144fe36f9f4097c35795a01d0f12d1710d78c24fd54a668cc69f7a2721658329d802 |
C:\Users\Admin\AppData\Local\Temp\oQEG.exe
| MD5 | e8eed9bec6063680092d2da571e06303 |
| SHA1 | ee537ae38b4dd5b0d1c1a3b2ea86070b61c3edd5 |
| SHA256 | a67a4599256af5d855ace63ddb5506c4f7168d876a56ecfe3888f7637bb1d7a2 |
| SHA512 | d05c5f3ab5c57b0845cae88dc21e904c7f50b65a42847195cf7f6b292481c5c89977cbf201388e65f36a1460ce1bea1fa7eb982adc431f4f05d2f5b204dc0cd1 |
C:\Users\Admin\AppData\Local\Temp\kwIk.exe
| MD5 | 5594e9737d53df9ca5fa3f4fb5185ff4 |
| SHA1 | e4b80d74dca65b3e09cc3b09e9c2c7c3deee0507 |
| SHA256 | 03f708d0d5a4be2438c39eea5a05f4137b1fecf710886088df6a436b4a265ca3 |
| SHA512 | 2de88a4871273fec0a3414c108d7a8cf892b8eb039bbb91a8a408ff8a7e9a3836a903478f380b7da8b981494da6289feeea9e9d4c20f762139704bd2e4b8ad6c |
C:\Users\Admin\AppData\Local\Temp\UsoE.exe
| MD5 | d4c3c57e79f9f272601834c0c167ea96 |
| SHA1 | cd2da0b85feaba7fc7567fd215a097f0eb18e86b |
| SHA256 | 26ed6079fc6f29bdbec57cb16c0fb8e8af6cb7b5666771bdad128e81d2d975f9 |
| SHA512 | ef755a3d8e214343a69f49b09a08a4f2b420b8f51eb18f5519d1993ddf77cbd57633ccf99d6580067fa9ea0ce3dd687cec5b2fafdc2c576de213d560d3102d5b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\32.png.exe
| MD5 | 9fcdf26feccad50a82996d3c304886a1 |
| SHA1 | d32d48e53271d993a9464f34902b24ac93e75de9 |
| SHA256 | c10670be2c3639571f5f2fc787b80d643410de23c77f05931b17a8befe113c2c |
| SHA512 | a91d84d668c4998aa7fba8f3ca2c79cf0c736c5ef7cfed61afe0dd533cca10c6fa51eed56f3ae9deb23ec206ece3a71a13d504de8bcc9714f87c2f60c23a74cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\48.png.exe
| MD5 | c3b0917b15b332dd8b3c47f702daf7a6 |
| SHA1 | 905a8a08d8b03397883b3ba66381849a8556ea9b |
| SHA256 | 4e815d9b546d9faa92b0c73364ce2af56731791d6c3d92615950dacd17182d3d |
| SHA512 | c5fdbffa82824b270a70cfa354d35a76ddfda0aa9a30892c6ee4fc6c7dc836353140932b9f1560dbf83e2b500ace9dd46ae87ca29e472d4546217ca05c3582d4 |
C:\Users\Admin\AppData\Local\Temp\ukQa.exe
| MD5 | a753eada141b2a9ffa6f3ac033820ca2 |
| SHA1 | 48361210ca20b7e53b5e899430e58113e2d03e03 |
| SHA256 | a105de0c8e6fd713efa6e7349651710642475043ce3061b2573ef7c3f1bbc1cc |
| SHA512 | 1f06da633809fc6f2d9ce491079598bdd84a9aebfe326a717a4b3851ec34242bc65ce27848b92ac7fb4e384837ce60d3bb89d5cfe15dc0cfb3d2dbde3e5b6c88 |
C:\Users\Admin\AppData\Local\Temp\gUkM.exe
| MD5 | c893118885bc48bf8e6358b29f4f6b0f |
| SHA1 | 6d00e58e067adf16e011b8ede6ba7371798189b2 |
| SHA256 | 72914b2d54bbeeca0344b9d55c4e2e3a5b183ee801665c922ea262ae69d4c70d |
| SHA512 | 717ca024753aafb7779998946f267e397649725f21af068a53e7d779e06f3f08025afa207d9ffa467b4b406f02346238c3fa59b46984f790270c37540ce146a0 |
C:\Users\Admin\AppData\Local\Temp\ksIW.exe
| MD5 | 3304746c803fcfe34454aaab0e1dd2fc |
| SHA1 | 50ca8485a9059d00cb669890917f85aab062216f |
| SHA256 | f24fc6773b6b47bef8b83d11a5c6947cce21897c6ac0b58c8557064f558681d0 |
| SHA512 | f84dd7004058e0a71b411fdf397fc0645cd8a29962875962e97cab1f89dcbfacb41910ea3c72b80fd69a28c8e36b5104f4f2d8287d0dc337b7db48efcd976908 |
C:\Users\Admin\AppData\Local\Temp\wQkM.exe
| MD5 | cb29a1bd98d56e859d7e0cf9cb5d177d |
| SHA1 | 5bd860b53044b0a66a7451c00de5e1a687407efb |
| SHA256 | 4689f66176831203dbede6cd071f7f50210c26d0adfa60ccf839043ad8a29482 |
| SHA512 | eecc5f2069764ae416e648f03f5f5d774b7c74833ddb0ac7b141cc441f78465151198294fcd8cb6f87489b64668c42b51f8a636e273b511ea422880d7c45754c |
C:\Users\Admin\AppData\Local\Temp\sYkc.exe
| MD5 | e159cf3169120bf08bfc320860047418 |
| SHA1 | 20604537aa88aedc2fec9c7aa9ca7726a7d76cfd |
| SHA256 | 10b7f218b94398eafb610b394c1bf87d58084ff801c2097689f3b9529b16a4d8 |
| SHA512 | 7b6fc4489b4be9083d1e842da42150cf9598ee9fe45d1dde595fc7307efc9c7d19e537230057ee4ee9f84826de7bdd4ebacb6a3153dbc92bed462498ce464c79 |
C:\Users\Admin\AppData\Local\Temp\qYky.exe
| MD5 | 6185cec3f21738704f0e99945419140e |
| SHA1 | 8c3305f97ed093bc05fa71b543afc6c514121ed2 |
| SHA256 | 7cebde024c3fc59878d4cb59daaad67098170df7d5fb305e061f1a9ee3069f92 |
| SHA512 | ee65ff068fb7ff3f431ac3a7d691ac65b94bb0d3a8da76e13ef04fa5821df46742c9e159f304179999994e35225d675e1ae168d52b09ce653fedbba460dd5d80 |
C:\Users\Admin\AppData\Local\Temp\WoUc.exe
| MD5 | b16bdc975fe4c6ce7533c91d7090c3f6 |
| SHA1 | 4e9e0fd5f231dd7a9b55da9bed68352d17dd043d |
| SHA256 | 5286cbb91125907ba60cda2f9bac84916744a25ba0a743d4b9dedebc63419b04 |
| SHA512 | 4df55571094e57c31bd402b12bc799c0708c2a205b178584d00b48a1b60bfcc63b8d91580c7a331f6712febbf49d0666b2401556fc047d91f4dba9b0a26420cf |
C:\Users\Admin\AppData\Local\Temp\ygQg.exe
| MD5 | 1d00901d5f5ceeb785a043cffdb188a4 |
| SHA1 | 9c3b5cd31e33857abfabc6c91359477154f844f7 |
| SHA256 | 305e8a83387e1eab86237b29ee6409d414f2e3db641fff008583fca0be959b16 |
| SHA512 | 578fba07d45963114218d1d60646a64f3c878b4dbdbf3e437cb3dbed28697ae29c45ebee78b008bdd49cdce9e80ff7228e889bf38732e8695a898c34e544bc50 |
C:\Users\Admin\AppData\Local\Temp\IcYQ.exe
| MD5 | 0d9712d91d2c3987eca32218968b160a |
| SHA1 | 0b74595b54b6c600ab655d01417ed9ae51b26bda |
| SHA256 | 26794c2cc17c317f4b0a8d71c118166dcf19ea84e7079f594d53e82ede362607 |
| SHA512 | 8251823bc4b7c33de3b847cc5d3c08d9528920cfdd8896a067f9327b4428d5a2598e20ea2231dc05c53ea4ae612c7ec6230e1cf3318c71498291634b5807630a |
C:\Users\Admin\AppData\Local\Temp\GIke.exe
| MD5 | 158216efbeb9c98dd122003ec60ec5a1 |
| SHA1 | 0f0444bf730e86f0503ea2e6985e04e205b00955 |
| SHA256 | ccb2b1dc73c986d381a56ed08b41f791d5bbe79cf9387a582d0bed60d24dfaa3 |
| SHA512 | b45cd076bfa8144d3da927d61dd3a38ec2b93040187a6a777dfa4cb3fe25944d272aa50a44f043fd92a814742cd4f8fe07ea90fd3ce5b0f564a8be0c59e45c9d |
C:\Users\Admin\AppData\Local\Temp\oYYq.exe
| MD5 | 7c29c9291f43f38e300a8439c359b9b5 |
| SHA1 | 71aab885099e9abe14d2ab132e66135fd2222228 |
| SHA256 | bd9a5dbba4e4620316febb038f28abe6d61cb7766543b8395a375954d3e8270e |
| SHA512 | 42eb5ed2d3721e6d7c00eb4c052082523ae13d18e2dac930fb4a000d5e5656c59231819f9a0b1744bbd8fff46ae02e0b9bd65415a7ae1ea0ddce747467a34690 |
C:\Users\Admin\AppData\Local\Temp\gUIC.exe
| MD5 | 1fcdd93cc6966496ce6c875d61d15d4a |
| SHA1 | 7fb046879a1c5bce7d1bdf31dc6a0dba95b11e1c |
| SHA256 | e4b5a45fbaac5fa73e2b679b3838f30f1d2f9e7a619524449ffaee3a6366cb54 |
| SHA512 | 5f4f6c2b2f894edc4684c34547e7103a2dbce9380a0152ac98beac983a3e3cbf12ee2915eb6c656dd4a3ce7dcd9bd7db2752abb6d01c1aefbd85ecd869c37db0 |
C:\Users\Admin\AppData\Local\Temp\CcUw.exe
| MD5 | a4ad7c1c78e1195ab1d687a33e82d1ad |
| SHA1 | 810b22793f1b12c9756423ab89c952bb1d972d2d |
| SHA256 | ee1921d18ce9f68f9fe4a36d3a677a7002dd24eeef0284508fc9a6d6745a7dfd |
| SHA512 | 026c3a2f0d049100a339f3aa6e616479075606ea762b2ed47aee789a382bc389ac23cd0a0a153136571209eb8868a82c2ced430aac6eb6c4cc05d0285e666281 |
C:\Users\Admin\AppData\Local\Temp\GggW.exe
| MD5 | 72fda1249f943680560110fc91df0749 |
| SHA1 | 1f12d7354c929e9536103ba304198a912f7cd32b |
| SHA256 | 92ddd5a3e17168dfe22849a878a428d59b75fc268b102230f835485dc81a7dba |
| SHA512 | 7d591b80c7a6b30e5bfe93fc9f57491e6a7c64573a31d421e81358ca1a2c7270f344dfc005841a26fc2dfe6e85e2f56de818ca3a0548e7c7cf462e483f1ce322 |
C:\Users\Admin\AppData\Local\Temp\SIsU.exe
| MD5 | 0e5c32f1560d9136d5f351c233aa1204 |
| SHA1 | 70f8cc8caee592393f8dd41d748927342d8b0f73 |
| SHA256 | 96576f8423a11b34cf39cab8b51b31d76537474dc5f8c68b18e5f68867e9c84f |
| SHA512 | eebbfb230a1a406c8bcdac7de6420f6875e886f6ece3bd81cb62f5d3993726f822cb921204e0f2a8b83bfb91bf31eaaae122cb6d172d7bc722f129470e808bec |
C:\Users\Admin\AppData\Local\Temp\SssI.exe
| MD5 | 9ee9e6b8b3809f1ed3faeb893d4e57c7 |
| SHA1 | 4d24e87745692a5169033b1b53ba097690606d8d |
| SHA256 | d9c450071bd5967e00a9bef6e4299383351be2c073cd927b3fac4e68ba42c06e |
| SHA512 | 5f827bcecf2851d95f9b0d54188dd57d038956750c90a9fad46c77b836d9d464f8da98bf623953f075a6a70eb88cdd27b3902c12afcd5d4a012c248f796cb594 |
C:\Users\Admin\AppData\Local\Temp\akcY.exe
| MD5 | b66aaf864908225ed92e0154a3781c3c |
| SHA1 | 0b9158b63efae55d1f6bc9a8a5872e4859060678 |
| SHA256 | cf8860abc06e9d445a1804f3684ab5e128122ae3ce88eb8da08d9767f47a8187 |
| SHA512 | 67fcfaedd2b335ba49d4c7f8a2da351c12f9b735efc416cc16c9019d478c936dba5e645e71f1404eb18256764390d8f1d754675c37c73ce6c42385c998314b21 |
C:\Users\Admin\AppData\Local\Temp\MsgO.exe
| MD5 | b3e365356dd61a881f65b93f0456b52b |
| SHA1 | c6ac1f7d3d8cdff1a8bbfdd5f00299f39edc4c02 |
| SHA256 | 2933f00af973e7656dcb786cf663e154ec154163b2054e958efe92fd42681643 |
| SHA512 | 540fce8ac05424df27489d17739aac55fc6a7c4f57bb7aaaf9bd0c431dc822722b3d60a3082d40352c9ae3a1997a5b7e414e0a098462c22430444c70e9a120e0 |
C:\Users\Admin\AppData\Local\Temp\egsq.exe
| MD5 | 5ff53cfa9d29315d44214567ff8a6924 |
| SHA1 | 6e9e6264522597863aff55aa107712e87d7f148b |
| SHA256 | 95f23abbb51380a66ff8e3e0a381bb513f65eb4978dc506f15e57f2868a239bb |
| SHA512 | 6ad1a88ea4ebac1bca64f23b1974854f5b8d531d923673e48dfdfd99d2a631b659a1e7b8ff517c83f7d09673ce17aafce0f58bcf742f211ec6a6d2aa53f0012f |
C:\Users\Admin\AppData\Local\Temp\sUEq.exe
| MD5 | 2eb333db267a3fb9e4412ca888b7a2c8 |
| SHA1 | 9d1ed2609f287b1a92083b81365c393ae76c13ac |
| SHA256 | a2f049f20ddc9c0cfa03f469234a17f4fdedf3dedeca5fa068caae173418e4a9 |
| SHA512 | d1a5929ba920b93c351beac5dcbba077ecd5a0f52b82a0d89f1dbb8b08a96f45c26d96a84d04acb77859b4121b9f15f1c1d13f33876f9d13090eb9f044f7a871 |
C:\Users\Admin\AppData\Local\Temp\qQQW.exe
| MD5 | 838cdbc26174dccc43a2e888854db243 |
| SHA1 | 7db4d64e85b64ec99bc316ca58fe139da46aa51a |
| SHA256 | 9e399f4d55085e1a935cd00affa4a195765964245a112f67df3bd32be878cc77 |
| SHA512 | f938b90cb0959be7887be845535674de9fe73338bbcec0341730c86411f2e3137747c23a6d0052d335d038581a0f61b2af40835aa3b7946fbc34e0b802931545 |
C:\Users\Admin\AppData\Local\Temp\SUEO.exe
| MD5 | 4570f5feb409d587f595c6182317db91 |
| SHA1 | 10cdbc08d843cf2a2e0858c0ee7e415c42c31c8c |
| SHA256 | c22de5fc6caa745463be8a1ef7a623ef22f737032684cb526b95cbd4df0c1ec7 |
| SHA512 | d63898e01d6aac215afb4ad13d5278d03b5c450aee609c0470d3b89ab674921f770f6d55afdf3d26a6075d25d4be6da4afd293742640e0f7e773e660326ec125 |
C:\Users\Admin\AppData\Local\Temp\MsQu.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Temp\UUow.exe
| MD5 | 5bb6a20e80f99eaab732aa7b30430e3d |
| SHA1 | 665eb135d1e8294661e80df8d0806cd76351e8b0 |
| SHA256 | 64297226067ab3e5e9d11baf482bfc417b8c6e4ba8d305abc132a7f9faee7620 |
| SHA512 | 61cc98914fbb8d3b5c1e953a940245281faa109287438477c9434038be713fc44cf26ce4664723badfaa09b3a817ac649abeb3724d28c0b8ea91a34bf825ba48 |
C:\Users\Admin\AppData\Local\Temp\wwky.exe
| MD5 | ea0ea6a531954869ad803835080e5f82 |
| SHA1 | c572de36eff68f9723e80b3dadbfd10837cc2eb1 |
| SHA256 | f2e3273976ab5518ce4251682ea0aa61b14dd421650580ae7e8669d446083315 |
| SHA512 | ae79e6b94b4fdc161f55f24cf9a65d3c829091c6ec046196a6e2c217873594c143fafa84b64ada265d08321abf3b907d676f370f7a9c70ce7da44bac09a418ad |
C:\Users\Admin\AppData\Local\Temp\sIUo.exe
| MD5 | 4ccfd768c2f3aa233412f641904c9bce |
| SHA1 | f8339bd64fe06f7c73f665920c5d75c992496a49 |
| SHA256 | 31194a659ed7461e596a8d86ba33191dee6e57e5bec1bf7d48e49217f6d44bec |
| SHA512 | 5ca999e4cdf3b7253abf99ba9496246914fb6ef8e628feb8f77808518196d0e260ef9b73ef61a1d76789df9513afd0c75a63502a1d718a0357a14f97b467d2ec |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-400.png.exe
| MD5 | 9088fb9e83f9f74d8ee1edf0c0d02175 |
| SHA1 | c00815b7707b59904d8e4a993dbd168602ba8d81 |
| SHA256 | a53e0077f65f5004a8f30a47aea14ec0f06d5797982092a437f53131b4be0307 |
| SHA512 | 6e21987a4d63768c5f9ba8434ca73e741be41f705736d57ef8a6d2065d65c17cb16023c166de1430b93db9806381f0c0b7bdc2f790f9d290a63d1081582eb125 |
C:\Users\Admin\AppData\Local\Temp\akIK.exe
| MD5 | 6fc46c292edfc4a9e970bd04c03441ac |
| SHA1 | 279c88769f4a1353f80fc285edf4b96d7e6b9b79 |
| SHA256 | 44bce510f0a8a57873da18fa6e21e3ba20a1055c928c4d896d6a4871e3f59a88 |
| SHA512 | b07aa2f22d3f2ed56eca228951cfbf3d609f3d59d1a2d3fbac91becc7ae0ec16d0596f0c6fc302efd0c179180faba75b60f0ae3aabc00b6533ab0f8b8e88d852 |
C:\Users\Admin\AppData\Local\Temp\YYUC.exe
| MD5 | 7654af235fd58eebf30e859191f0edf3 |
| SHA1 | d0db09eeb97223be6a4920560552559443979d2a |
| SHA256 | 5341a91262f96190175e0daf00d16e4b6cae6fcf7fd72c58523c18312d7b1450 |
| SHA512 | a76c416e6ed6f24c7034cd0699598a067c82e526119aed18b8c0902511f7e7efa1e76d4e98ec004d8c1e3e69bd7b0460911a65308dc2d996d382f569d574a9fc |
C:\Users\Admin\AppData\Local\Temp\IgAw.exe
| MD5 | 7b742e6dd1380476db494ebd9b448d51 |
| SHA1 | 8ee04bd446ebace96878a0a00a835a93971fd3f3 |
| SHA256 | d0e7b1cff3da07bb81c8b05f006281c9a7c13d21dfe5a33037230da77cbfc080 |
| SHA512 | dbcff52f56fea0d3abd9e15950ea5b759bbfb3b07fc5643924fb5923486bb418daae7f98f9a1e42315fbde8719e5b8fc92685e981747697c7348b3d52de64b66 |
C:\Users\Admin\AppData\Local\Temp\sAsg.exe
| MD5 | 8e3bf4ec2edad1ccf3d0c0b410750487 |
| SHA1 | 7fb15912a61f687d69995fe4630f34035dfd63d7 |
| SHA256 | 2034ccf75c3e22926a428ecf6c6aa07474447544e0638e9d0489f479bd823ab1 |
| SHA512 | 3bdd32c9114cc24006e2a9c36c6bac3c76a2299b822bdac73b7455dd2b063ee2a6bec5b1fe1bd72e0818f152a18aae3a570e55a20f37a9db4291436271912447 |
C:\Users\Admin\AppData\Local\Temp\EYYO.exe
| MD5 | 38bff9223281f6e12f6675e4a2af6863 |
| SHA1 | 9f95f790c6c25c14f5a5942be5b0cf57827c3431 |
| SHA256 | aa450495d8cf34877bb2c6f4555ab410b3f6be9b031b82d3565daef1795ebd64 |
| SHA512 | bf5a2c95a189585e4309fa3c671edcc50dd9f4007faf2b209d5feca77bc76371034053be0770308da9a14d87218f051dfedad73acbfdb48c6ef5812931bb3bff |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\26310719480\squaretile.png.exe
| MD5 | a82db564e197066cd6f94fe2c0faab6a |
| SHA1 | 2c31c6c2456286be03ccdb03dc9b254c9a22dbab |
| SHA256 | 00db9aa39142dc7bf3a5e84b7578d298cb300935289c79c4ea07aff1074529ab |
| SHA512 | 0c80e9d4a020847b39170b35dca3bae45d7f6de56a4e929a50e6cd0184d1b862aad678f658ab07de8d4bb9f4b6792d29d786ca587ed6bc2e804a710e1591000e |
C:\Users\Admin\AppData\Local\Temp\ewwI.exe
| MD5 | a3b302d85b7cadea3ffdc6f23ac2454b |
| SHA1 | 17b204edcdbe461530cfc0713594d350e685bba8 |
| SHA256 | b0e2c6d9373c05f307c480c71525252e6c5528897a84648db5b11a147de2d7f7 |
| SHA512 | c41d645aaa38923c4b965b8f90dd1f1ef3787dea0d9d2c670dfda3266459bf6cd7bcfe823be962445550431a246532782caf125743cb2b1f8bed1c5cdbbc9273 |
C:\Users\Admin\AppData\Local\Temp\gEUi.exe
| MD5 | f994fe4742678d6d8188f4141e984bd0 |
| SHA1 | 7ba99921a64a903f790db7b39e265e77b53bf4f8 |
| SHA256 | 9c8a3a97685d8dea166f2c7d382dbda65f7fc43e4eadd26fe261079f343164d9 |
| SHA512 | 4c8f3d1cb46e1ea58f1e199e21cd7e3c7bd3db74e11eb96c37b8d27cf985d43f9905e4d006eea3d61771b17ca72ce2aad3aa3b0ef844e62b56cd012028621532 |
C:\Users\Admin\AppData\Local\Temp\mEYU.exe
| MD5 | c131e637572a52d4ad122609371657a5 |
| SHA1 | 0f7d10a8df02778f495de14ba2e743c9c2348e48 |
| SHA256 | b10f22319c8a33762b20eeb0ed1161bd2ff11932f5cb89fda7c33bd875ada690 |
| SHA512 | 7c39001dcc659592d5e0fd4e241ac1dc1c786f3890ddffdff708a4be0b0013bb2616405a4d7d24da53ac964059aecf56e7351165a58d3d14a540b74f1bd5ce37 |
C:\Users\Admin\AppData\Local\Temp\yAca.exe
| MD5 | 203cd1d673ca26888421ff2c4f03f4e4 |
| SHA1 | 83c660907a5d0f87c7a4c2cabd96a2a933c35aac |
| SHA256 | ef4eda2b05819671da8cff4eafbe5fabb510262f418ebdbf9ec144646e0f0a33 |
| SHA512 | 23acc01a25acfe03cb8643c2cf1be2e0530ea891a3ad765ea1512072b43237dfdd08220704e5e81317bb3bddc3f0586814d9ad05064a35ba34bdab9d01faad52 |
C:\Users\Admin\AppData\Local\Temp\CAIo.exe
| MD5 | 10f46849198f4ff0f54e36866c8f0779 |
| SHA1 | ca164471fa13976f9f64318baa316674034f63b1 |
| SHA256 | e17d9c5da2d847418aa90111335edc4db3d4ca0b0b270de172558946ffd4c857 |
| SHA512 | febb988c35f287b77c9166e6d02d45aa3c17954eae0157e572bca32dac11a82dcea85194ec230ce21b902a1d55568cc9df3342b4a186b339ff4a66f0ee78dfee |
C:\Users\Admin\AppData\Local\Temp\qcIy.exe
| MD5 | dbe9fa2dca5b43604baee88046f231c9 |
| SHA1 | ec9dfef03b1f5c2fc9929ffddf5a074d0b6e996d |
| SHA256 | c1e1915278e374bd0cd982aeb2fb155ebacd623a9c06fd4316bb20a6f1465f19 |
| SHA512 | e69480e497a14ad127f1473831a663d97b02ef09d70f6e8a2734d9eb61bada56b57d6b94e77f7ade8270789e206fa67d68597a72e13aa5648d787ae61827418e |
C:\Users\Admin\AppData\Local\Temp\qcsK.exe
| MD5 | dca395082f81d12cfc381a9b3e781adc |
| SHA1 | 277300d9bf5649f0800975b263ef3b91e9ae0257 |
| SHA256 | 02c8c1f08f89054291f0f2ed370582227870c0ac7018779796ce91f0648f1c2d |
| SHA512 | 334ee4e302c2553cdd6a16e22518ba4107dd7e26c912f5e8b1e27335aa0dcb35df58c337e7b50d74cb816e717470d010ca0012ffb58e6c0c2db4c43ef2d4ad1a |
C:\Users\Admin\Documents\AddWait.pdf.exe
| MD5 | aac30674fc15fc31743a8a5709706a0c |
| SHA1 | a4a932435633171964f99f80ab6e8f6a70fd7833 |
| SHA256 | 96a3c373b23d23f4aed6fcbb1c2aec0f7e6771facffbf3a36593e57ed7f2dac8 |
| SHA512 | c8855d8c628751d45285af97b83b9322cd7216387fc0565ea9da26ce0ab2a13ea3a60ad140b1e9400837b57d13143d043da70afe203cc234a64691a90287c4f4 |
C:\Users\Admin\AppData\Local\Temp\AYgU.exe
| MD5 | e5ca4870776c326dd2d38bcc29b9d3ce |
| SHA1 | dcb9210292f83e6f39e28afd47cbb88f889e68ef |
| SHA256 | ed7ba53c1df5a3ec2a97022a78c036a47b3d2aa6c40a22139b6d10e0fb457785 |
| SHA512 | ad7ef2d0124fb9346bf660c6a41f7f69e3c586dd9701e1413688939c20b1c9851b2bf0b914622e39565ec63246a62b0ec2e8d4201282a00cd70a51ba2fc60d57 |
C:\Users\Admin\AppData\Local\Temp\QIUu.exe
| MD5 | 54fd63bfd10e805dd34254e9c6031af1 |
| SHA1 | 210bccd8db307b9d36a67d936e9b0b47d91d6428 |
| SHA256 | b623d2d8a3b26f28c32f2f9bca845503a02eadb1fbc77ef66ce59fd462c40bb5 |
| SHA512 | b822eb0341d8ac4c73e64d6d9cffe4adcaa6a6e49a47ae722b6358c4465c987ad7d1aa2789e05c337c7bad5c4f4dccbbba982e721b19e00fff64afc3393abefa |
C:\Users\Admin\AppData\Local\Temp\SgIy.exe
| MD5 | f8d4fc7f808fa5f04e544cf5d2e2a180 |
| SHA1 | 8f615cb07e2b1c73bc45647487faf040c46e7853 |
| SHA256 | ebd089cd65e2161332b732c10056aef31dbae6ece3719b63104b241e0ccde178 |
| SHA512 | c0ca43f0c76584c824be15f6d4df30531efa311c191b6f124690fafa35251ab6c7e11300814859a2d20fc0e8302873f23716061fedf509b32770bdf30dc49778 |
C:\Users\Admin\AppData\Local\Temp\IAUa.exe
| MD5 | b60eec1ccb3e5157acae511cb8aa96b3 |
| SHA1 | 3df34b43b236d137913e8a1b8afda900ac42e0f9 |
| SHA256 | c16c1d1d3e70cd5165329651d25096dea57ad40af4970d1bea1280c17ac340f5 |
| SHA512 | 24b8dfe4a0fbd3e3ba4ce13ab478106cfee35529a9248e9529784520f289d25f7c9f260ce11072f1443b7f471371fd58207c16d78f0121292efb002335207b7f |
C:\Users\Admin\AppData\Local\Temp\UYAo.exe
| MD5 | 72a0bbd8ce7cc43e5e8f73e713f57f3a |
| SHA1 | 33510a0eb9858d188268d3ebea25aa8c27b0556a |
| SHA256 | fc88f7a7a2f12ff11ae422e6806f3c633e1d784486762c126895b957406f3865 |
| SHA512 | 87e608f9517b0fb7b1fb7f2dc3ab468104e84fb23eddf659e38a44ca35f529303fe8f4f85607fcbc783d9e185d1c4aff07233b53b84843692a166f86f452d79c |
C:\Users\Admin\AppData\Local\Temp\YUIQ.exe
| MD5 | 200c8053f56b17cdb8705dc51df6d9df |
| SHA1 | 9e93f646cf91bd9f821d87060b4fc288a966c0fa |
| SHA256 | 0fc6221152aaaabf8e2d390407e3be3770e1ceeb5351ed028d567d4ce31bbd3e |
| SHA512 | 757377cb6561f556821069ca005fefe7aec150bd24d98029ae750b028282cff3ce9359a1648ded5e4ca4ed335512640feb9d675a4a1fa5dee474065cc937d0e5 |
C:\Users\Admin\AppData\Local\Temp\KUUo.ico
| MD5 | c7fffc3e71c7197b5f9daaea510aac10 |
| SHA1 | 23262fb8038c093ac32d6a34effbede5de5e880d |
| SHA256 | 71254090503179540435a1283d04301f3d5ba48855ae8c361d4ac86e3abd2865 |
| SHA512 | c3cefdb76a9fc74299a7042096a549e019db3f2cf79e81deeabab2f3ebf2bbc9f2924a84cbbbc4848a4bf84cc3a0886c6c738c6bb37c9140dfc57f1f797e9c1c |
C:\Users\Admin\AppData\Local\Temp\wQQW.exe
| MD5 | c682f6984f1f670c35f95d4a8b5227fb |
| SHA1 | 7c20a3e1ecedfb202d59d4418f1ff43146fcaff5 |
| SHA256 | 575ffcedb8e6b8069a8a3746b05cfe4ded19174237b7d9278dd5f6c3c212a883 |
| SHA512 | 978021bad24cde4ce9559a4c2c820d93025dbad483c99aea890b618d5a70296d116b274270cab84b5879951170c8cc5d58a72077eaca80c32fdaefd97d09ba4b |
C:\Users\Admin\AppData\Local\Temp\usYA.ico
| MD5 | ace522945d3d0ff3b6d96abef56e1427 |
| SHA1 | d71140c9657fd1b0d6e4ab8484b6cfe544616201 |
| SHA256 | daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd |
| SHA512 | 8e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e |
C:\Users\Admin\AppData\Local\Temp\qUYS.exe
| MD5 | 80b727907c508ddb1ba60131eb478456 |
| SHA1 | cf2d376b5f23029a8602209cb762299a53445a61 |
| SHA256 | 328dd65b8743b44fcb3fb1d32c39bcbb96cd5b151a7c4ed1831441ac40355b9b |
| SHA512 | 481e8ac92cc52ba02bfcc98bbb09790ea1e68a665ebbd0a0f4a8bbdf68dcb21ae5b5d32e86490a399742091132bb9229b8d4c4d5bcf3f021b82e5d9d277b1aa0 |
C:\Users\Admin\AppData\Local\Temp\qAEM.exe
| MD5 | 6151ff354468e592f79c8d79d020af5a |
| SHA1 | 86ec9acad3cfd010d7103de1bc7ca8b2cfad1d07 |
| SHA256 | 86afde626733a491b8992f6a6da16eeeca989583604695e3d6e7e38197551dac |
| SHA512 | 81342a9342d8e67e37f6cedccd6d73848cadb1bdd85ca54435b9fb5dd3bb850186d6c28ddd5fb8b712f857992a114fd5f8acd182b9731724abd940958814ae75 |
C:\Users\Admin\AppData\Local\Temp\qwsm.exe
| MD5 | 20a8f054fd9054d307361f0b91a9b8ff |
| SHA1 | f209b8ce341a4d5754fdded69ce05ff4de6512f6 |
| SHA256 | 64ef964da600eec309e7f3b1badc9813eaafa895f0b1706dbfb3b8d93b7f33d9 |
| SHA512 | e55f2460857ef8e3b4e4f4be2e2f4fc3a348a8481df0be2450c4b67b7d08a4d9c38a247c9948fc0b307987e89ece6bd46dbf7df87f505b0189ac22f97e1dc495 |
C:\Users\Admin\Pictures\PingSwitch.bmp.exe
| MD5 | b873c1aa3598f5d3b94e337ac98959a2 |
| SHA1 | b9146195a1c6182cc425ca7c7a6e5ec98a2a771f |
| SHA256 | 7b654f424469029bdd0963de69503397761a6717edba2cc17f4fd6eb56c63129 |
| SHA512 | dc1762d4f2ec65796f67461f4a2cfa14b3084262dcc5b6f0f02a0658dd7b052948717433ce70d5ff51e05852626672a487a44b07ec5b7504bf7f253352c268c7 |
C:\Users\Admin\AppData\Local\Temp\yEou.exe
| MD5 | db659674e5917610fa9f80f584f2bc1e |
| SHA1 | 090fc761d6b1173b105269723df2b912f50c65c3 |
| SHA256 | f352512b6d30fa9d15acc84cfa3c616b6733e693cd15e63dc7f0de974d1fd508 |
| SHA512 | ef6250fc8af46adc8e4a470391cf8800d0a92b6c72e9bf8a8bf3dccf5a71199c220a57de45817221c6f30f8c627a25286e7f22ce593ee63400ad8b77f951f064 |
C:\Users\Admin\AppData\Local\Temp\aQEo.exe
| MD5 | bce15b34f2514ffc128641b715acaeac |
| SHA1 | 82de2431f7c7e7755572ed6cba7709078840058c |
| SHA256 | cac1a57bb0fc3d9fbfaf112dad1bf64a43ecdf94f79dddfc544b7a81e79dd3b5 |
| SHA512 | 8d59d35c094d6752df6abc90e5529057d81bc7f35af9972bc09ec23cdb01f4e040699b09137f85566d53c81d39a48429088c63af44da09bf7a557a2d210eb3a4 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.exe
| MD5 | 38f5677b78ffc3afc8473abcb9540783 |
| SHA1 | 5ef04fd5dbca745634f7729bff357f08820e110a |
| SHA256 | 642447d120d7286d8edffcd15667323b3f1e5a12b122aa8798103104b6479ca0 |
| SHA512 | df241e7e0ae90f003ca3a944e07d74573bda508458786df29d56d3d2fb20ed67d0ea7e65a29d3bdcc10e57d023055dd118bdc1068c6f32ae26556c9d76d8c259 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exe
| MD5 | fba8c77fbadeb3fb721398cc0ae68e59 |
| SHA1 | 208ee4611619f90b492aae6703673c183199a102 |
| SHA256 | 134862048863c145ad1bbb7683e02c7d1baf006f00087ef21d0228998db2ffe5 |
| SHA512 | d45af4ceb02832f17e2e084eb05547a2fd77ea0c87d12554df055b10fed588265309d2f4d81587e10b5ec9c812ff6c5d1dc8d98fd23c6cdf6512fa25ef85ff42 |
C:\Users\Admin\AppData\Local\Temp\Asge.exe
| MD5 | f9fdca51cdc543aa76a1cdc13fe6558d |
| SHA1 | 25f96d5b997b5f7324fc653c484aad06b2b9d5ff |
| SHA256 | 9ce0586ada366efc474642c6752d9fbf614da014ca8358208bafc12df1d485fb |
| SHA512 | cbb78fbc604cf70c7ce7284761c756f50c97edb875544c15231107e5ba57831802824df76101781d74f8d65e24895b801e990ee63d81479d119ee2a3d775fe31 |
C:\Users\Admin\AppData\Local\Temp\EIAY.exe
| MD5 | 210f11bf51e3f0d585ffc9ba226b39d6 |
| SHA1 | dd415e49c9eda4546340c2fc9b088500ddef521f |
| SHA256 | 8ac994432597def18d8ff56766b84e9a17170e4dfe76a9cbc4dc919b6ffa97d0 |
| SHA512 | 871ecc64317988897817dc85dfad3db3e29e7332b6e485af35779384dcd3e001f2ae813a6008d74a625237b4492a36a2f12219889417a3c066c8e2ff86dbc2b0 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.exe
| MD5 | ceaa32130113d1925c5baff934ed58b0 |
| SHA1 | 5a6144187be81ebcb4f92ed2d724e100025ee89b |
| SHA256 | 41fd637ee9b123afbb76d22bf3566013634066e51b3be18e311b34926bfd9734 |
| SHA512 | 52364a524f4edcaf7283de201d9e8204ecd03f8acbae76e2e32eaf81b540a46ca64635b92166121e30573cd65895b08c8627fb1f6f85e1037816a639f04ff069 |
C:\Users\Admin\AppData\Local\Temp\WAcg.exe
| MD5 | a1f6c0a5e681aba5e578ca200b13e985 |
| SHA1 | 8e6217d485666cbccc7323e7010ceab0150872f9 |
| SHA256 | efcb24407b71e29849850ee49764f024d00c2e757adead62e57b83125fa93ac4 |
| SHA512 | f8c966056bc49ef0ca1241624d6b541a480c5b1d981a64bffb70f888fccd1f1bd599b28a885224cb1a547911f9614f3d160648e52b8aee365cb21a721e8084de |
C:\Users\Admin\AppData\Local\Temp\Ykcc.ico
| MD5 | 7ebb1c3b3f5ee39434e36aeb4c07ee8b |
| SHA1 | 7b4e7562e3a12b37862e0d5ecf94581ec130658f |
| SHA256 | be3e79875f3e84bab8ed51f6028b198f5e8472c60dcedf757af2e1bdf2aa5742 |
| SHA512 | 2f69ae3d746a4ae770c5dd1722fba7c3f88a799cc005dd86990fd1b2238896ac2f5c06e02bd23304c31e54309183c2a7cb5cbab4b51890ab1cefee5d13556af6 |
C:\Users\Admin\Pictures\InitializeRegister.bmp.exe
| MD5 | 96aee7ed5e0ae63e4d85bc43e8f34a3d |
| SHA1 | a4e3b20d9e899926233b70d53feb8b4762432d56 |
| SHA256 | 0577a04478453d09014fa006159ff65474a21c7fa789a79610fcc490a8e6cb9b |
| SHA512 | d67453789e351bd66566ae090f050db9b02a73442c02c3a81779ab7c0d3b8d333f7126f30a4dcda5c19f0f7335efd3d8b99245a5dc5e9f46174f08bdaa6bca0d |
C:\Users\Admin\AppData\Local\Temp\yIgy.exe
| MD5 | b4959fc9ef66a87fd45057c788435c43 |
| SHA1 | 4524e02b21ce0c1ab715654de6051b14f2b8f168 |
| SHA256 | 90a4022bd40ec9245999448c9a4910ca1ef2268b24ecdab8cf6610260923ca3b |
| SHA512 | 652fcf0dbea1ad357a731b95eb5406b78d31bad386b932edac9a4b374831f3364cb15d28ff6c22f058a2c0ffca588627ff0267a32205c92f7ef3feebc809ef4d |
C:\Users\Admin\AppData\Local\Temp\sUsQ.exe
| MD5 | 6b4ceda8070500d9f566f137c8a490c5 |
| SHA1 | eacdf9a8c36ddb9ac95d9527fb5fc9105dbe2835 |
| SHA256 | ffeab5a688a81c832acb1cb818af67a8683cf92ea8fa58d74e0500da761d57a2 |
| SHA512 | 75f4fb13b42d417d97ee68e4824c2e5634bc4b144b3c2d607abd02b4beeabe782710e6725e08d4b452b6160fb843ddf44d24fb9009d351d0149620f849a84665 |
C:\Users\Admin\AppData\Local\Temp\QcQk.exe
| MD5 | 1c0b2845451b4fba91fcf766d27dd0f0 |
| SHA1 | ee2502c5f0a897ed306f8078d12ba836babf57cd |
| SHA256 | 6fc1b3cfd91718b0ad98141b080b507585f9048fb029dd354d3b89bf7cbc3ed2 |
| SHA512 | b79a1d7b246cc474eed56d755160dd69ee0a11996115399d3b9ae9df6f7f972b8dfd97803fe7ab18f062e4e758d6ab20a99cc0e993629c12170ac09b785a8964 |
C:\Users\Admin\AppData\Local\Temp\EAMY.exe
| MD5 | dbbf8d8e14a7b86c38c80bec6d8cfe51 |
| SHA1 | 9db977b851f934cda218c7bb07fe3012b84d3c05 |
| SHA256 | 2f9af9d8ed4dec1a1b5a0fc7eef29db9d549c4e750632dd32c6979c4f8f41b47 |
| SHA512 | d7bbbdad3fe57b2fa8539cb80f19c632756864a185271fb4d9d631af68e1683a24e1702749a76d113bda5a05bdd4563894d2e9d389e3f362c356c0990ea7abb4 |
C:\Users\Admin\Documents\SplitCompress.ppt.exe
| MD5 | 0fc7daabfb3a1abc025ddaab810c4ebc |
| SHA1 | dd1c384b3dbded2b8e600ac8523680d3d69eff81 |
| SHA256 | bced303930e75bf97bb303c6e8e126704fac908acda320c1245e23db581c244e |
| SHA512 | 0d7112b52354f0c36f854b42dd2f433a6cc63f86522cb90f13db5c23c6f7d4d88b13f34cf4e27594ba7f01d3e7c9f9ea9aeb8ee9fc0923905e37533e56221682 |
C:\Users\Admin\AppData\Local\Temp\wwko.exe
| MD5 | dc9b803d74f2e9c1dabd54be6acd8ad4 |
| SHA1 | a08ea0d57bf8c6f1a7b2622a858332f8bb8065cc |
| SHA256 | 44b54aac5490477dc2fe18a68c8edbe10d42ce48ad31d8f871108265b429754b |
| SHA512 | 308feac616c6ec81afec24cec941af9ff1551a2624d5cf3a7e8dd6b5c0881d45ca6065085ee212a117d26a4e77d06c9630984b1a8d9e5b9b6254a6fff3784d6b |