Analysis Overview
SHA256
357908d9f3abf01fcc8d4d3527483d5b9993cd1f70d7af2897ed313f05a39d97
Threat Level: Known bad
The file 2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock was found to be: Known bad.
Malicious Activity Summary
Modifies visibility of file extensions in Explorer
UPX dump on OEP (original entry point)
UAC bypass
UPX dump on OEP (original entry point)
Renames multiple (71) files with added filename extension
Loads dropped DLL
UPX packed file
Executes dropped EXE
Deletes itself
Checks computer location settings
Reads user/profile data of web browsers
Adds Run key to start application
Drops file in System32 directory
Program crash
Enumerates physical storage devices
Unsigned PE
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-03 11:41
Signatures
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-03 11:41
Reported
2024-04-03 11:44
Platform
win7-20240221-en
Max time kernel
150s
Max time network
122s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\DysEEYUo\bsgsEQAI.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\DysEEYUo\bsgsEQAI.exe | N/A |
| N/A | N/A | C:\ProgramData\soEAwsoA\WUcwIwoc.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Run\NugkQwso.exe = "C:\\Users\\Admin\\bAwoMkQU\\NugkQwso.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\DOUEUMMI.exe = "C:\\ProgramData\\GcoIoYYQ\\DOUEUMMI.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Run\bsgsEQAI.exe = "C:\\Users\\Admin\\DysEEYUo\\bsgsEQAI.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\WUcwIwoc.exe = "C:\\ProgramData\\soEAwsoA\\WUcwIwoc.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Run\bsgsEQAI.exe = "C:\\Users\\Admin\\DysEEYUo\\bsgsEQAI.exe" | C:\Users\Admin\DysEEYUo\bsgsEQAI.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\WUcwIwoc.exe = "C:\\ProgramData\\soEAwsoA\\WUcwIwoc.exe" | C:\ProgramData\soEAwsoA\WUcwIwoc.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\bAwoMkQU\NugkQwso.exe |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\DysEEYUo\bsgsEQAI.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe"
C:\Users\Admin\DysEEYUo\bsgsEQAI.exe
"C:\Users\Admin\DysEEYUo\bsgsEQAI.exe"
C:\ProgramData\soEAwsoA\WUcwIwoc.exe
"C:\ProgramData\soEAwsoA\WUcwIwoc.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XOogYQgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hmYYEgss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IyskEwog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SIwUIgEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ecccUwMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cqoYkUYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\bAwoMkQU\NugkQwso.exe
"C:\Users\Admin\bAwoMkQU\NugkQwso.exe"
C:\ProgramData\GcoIoYYQ\DOUEUMMI.exe
"C:\ProgramData\GcoIoYYQ\DOUEUMMI.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 36
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 36
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\goosoksc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\syQcMAYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jYEAgAkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-797897859-8229112584471525981589126198-477109882-1474249812-1754665857-1745916823"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LaswAgcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LCgwMkIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PMoEIEwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hmAogUMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-764207885-73019974160736260-17936210178408597187251045-1076996799-209615915"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vYwwAIkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1118917827-922238928874319483307567430-3857557609331511273470304501958989154"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1010041099016803013396976102133421932-374812798-525757974-960238289-1398489022"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YmYYIEkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "8624991601269199535-1857326295941401468533875610910244345-333611773-983189594"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\USosEcIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YQMgUwQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uacIwsYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AUEUIMEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-8462529715950067471517377287-1024893411-5319157601324642684-2058889339360154113"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qIoswUIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-5448913042012237902-24353729513956342971414950372-119547988-770640983920661203"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2126260777-74807691615360916001476908773780897421558260035-18961796301937966112"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\viwoMAEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JckIsocY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VyQkIwgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JOEQIsAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LuEocUYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2024885473-18519329441465532550-1983921931-18234809901161686297-1847663242-1285422067"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tEMsQAgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1143441444-242941150-2096112998528976402-454621316789017536842014726839846591"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sesEUAwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eiwAQkgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "33134493554418228-2117604312-498012142184348642347031034918320356162054997842"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KiYEQIYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UMQgYQwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UMgkwoUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\egYsAUww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-5692983911343715119-1729688328-113087959321081777644802454241203964344-1352290269"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\egsUkMks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2090574472694053206127687816-2821137671177909014307807876-6246727611503258293"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pUcUkAIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\twIYkwww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZOAwsosM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LcAssYkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RwoUgksQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EeQwwIws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "718388342-13649447811723351276453470521570811951-1437206161-474751921-1078460158"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\isoQMEIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-15389705671055283273-189906240315153274841607050487196164207432837622178803517"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1237076542-5219607515306090581150956551363678774-503208247-842332063-594096140"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GcosgwIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yggYossA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YAEIosUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1598446855-1040953532-1768928693-585989906283294520-290328248-435671130-1924686332"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kyMkMkAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "514934706994220246-14570578806148473251042982558-2115218629-1884500327968203240"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2068513457-1547065539-11020075071707536297904977468-2135507279-803389499421517993"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1439742700-1981805516336054102-13835422752002892981-1365327615-16002767041561852276"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pwUEUwkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PskcQYgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-304399401245455000-1739567491-1700505897-2046915635-470067594-4267774431640127211"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rgowksUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zmoAoMYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ziwUwckE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-154042230016142927571288308234-7028087211742354475-100281527246274722-895144270"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-10667741701203347933-303785038-12762420831796345617-1534862479-1648766088-362453067"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WoIEwQEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "426241645251023067-548246324-1364547835-389807014-881891916-1905982792-1481524819"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1178499839446181820-1083484912-44321140421413056551015837915-13338310481577311146"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1559587515-23285296317561789352543444281630640102-1026100541-2031944891-498091444"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cUEgsoAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qSMUcowM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OesQkQAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-69646109016748494871798408413-1787077546-77588355132851555017591005211649383845"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "13452127211310511562-821235972-1018064393-1534666040-150621448-944347468-114014481"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FCoMMEgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2097871395210280602418269505883304721201419005316-2956182761382431181-513401434"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1124923530-312349869-23659995620823379530797149711077755071009084339442223848"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hQwUwwUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-974061454-20197193082114068217-1102806742-1347521022-620004190-1108170942222672333"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NaIAowEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "273088337-11084389312041832131-225132207431045073-31412884-1621588556-368760995"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "116578915738114182-10245072951464219921398304056-1129248742-20900277361765787829"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "15063482501985004690869710933176356324391816246719712587491948910267-1821125954"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2886317381666555522-77287856119740280718741987351998408026390009885-1702841940"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LKcQQooQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nKAMQosg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1547961035-2076891725-854182038-148342471114562041214416570-1293249606718528789"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "11923310394458561366005432821107825067-1411094720976204515195196561679447065"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oqwokMgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1617742485-5836117441959319078-715772012074094142-451967376289011682-323181786"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-168897199013321759281569921491023695519-846885286-472316529-20618091981408712067"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yaEAgcwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "953786649610717854-1988150097-341647582-1700582823-56710371-17487009111179733718"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "6799251762010667599-900026499-298500276-7800278912145181161-4836673762144158060"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-213281324-11078778882022425900-12560085121562436736-15173514791387055863-377981888"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ksUQIsUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2132388413448407029-902657412298810276-1083836191943766076-1297315391-1471609996"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-90009823-1074247401-1677598815-1434795997-180930260-1157239604-799443310-843582431"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kcgcAMEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "13697989981525646505-1551149119-17336913838370016342045218402-123697387847592635"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\assQkssM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1695899763-331833391679566303171933599118289131891166417504701940834-1349234235"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1301597669301809125-579100114-4683571401938066036-427911732558679444-237206607"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZcUsQAsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZGAgoooA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-15852129221687401555-20659047091245127217-185371583-32883491-1868887411-713679544"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1391892806823120638-1601706227-1469533998480583879-1547989646-1127308853-430360222"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hSEcAwYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1849717745-946323739-1457943638719452779997585836-7192825671165854268299325855"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-623635050647917767-871026661871347719429484508-770680066-20009730431734959093"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VqQwgIQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "443091999-2040872692-6572117811828421815-964853016-126572497-1566307324-890064382"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-945634904-713015306-103776870210448898361001929715-7640328611848448241933958410"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "578945665-9165120491640627119211413449316093765321215574338-1122148433-678969220"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1784535016-1899491582-55701339886421012186713008-1754278684-569561016698013662"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yqYAckUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2074427107-906216314-1510037515-524425041201787879-17181555311306509052-1417064110"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "82493742689882607515831502181584394171-186427733419249424411785814961039324477"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ekQQkQEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-616905385-2124884465108375062812444599461144306790934835920-1523168024508617866"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kswUwEUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DQoQosEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1751833798-2022364311210582907337453659425970959486244274-1368431528-658620702"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2130242195-460187425-908903930-18200831651129119157750240659-21333265011863968097"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1777048533-16814144631084413069840051859410487795-2081700672-729503253370037676"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hMEgsYIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-968202219624315909-1061367642436052557-1581361165-162334368486137131972681645"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1111780799-15201222091990238573125977815616307225381245507819857429084-429659770"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-676667614-207691483013105200221474432063-1828088071-213458471038944852379906370"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OEAcUQgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1233428833184496494420963422241512813625-1939806762-113824565536104308-190851263"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\system32\wbem\WMIADAP.EXE
wmiadap.exe /F /T /R
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uKkYsUAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "443308247-137088421503948830-7993149391986386280-15749426762051883406508445900"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-834999514-1034812284-97925689712815079836136678981106442449-444477477-2056345086"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1772877139-1015882910-382717710201293729323792488-1531143559-19263221721324926674"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1321177431187929274144577761168409492-1419782954-606805461028195412-681378500"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-148519901317828260731703103451-20424869031488408157703664488134722218-800951267"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nMYoUssg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "557026423-6086636555529044951220410196-789226665204012003118290044121085629381"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-6503139861426702923-1527314417132708131277021366-1625333984-1947754766-215770953"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tewcUYos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "43246905411352862029622449232030404445-1967463612429123857667276478-1854645914"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rAYUAYEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1088624832-126637658168362890915389812581526020236-740311171-814489534-1992497482"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1798700248131072211227651448-590443097-755707900797738139410194859-927535715"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JAwokcIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1877596780987409200-1200721131430524611243991424-738574772-213463750-1975491764"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "818953958-576577075-6841975842076504633187792511133789207714004619241043029247"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LaUYsMIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "78334206620067450791168301053-596674-1335188046290944265-199509459-417150789"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "818152554424081855-1620316258-18613397581692175850-1794520428-454984175780522820"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "153645638236442446636125650-408373360-348576420212015516211058764221192413769"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1366245825-955052239-1721876447-1116674111-1172683245-4934901911474021440-766770584"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-858737446-297848286-1738495955-186813107610744160403720922541962992344-23739871"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rGAIAEsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "3867677072123415805-1871654208577072971-1397422651-30629475-1093109684-1321936180"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-19502103381867654668-558658486-14608797951950283093743524911-413072120869079086"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wwkUMsUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "15547575161530878847-477954046-1554636506-1130921134485995661556395483-88365868"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "797763325-1459842630-133006390-20382961401367296233-1776726346-582841507-1755167628"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1747912926-97524606613696863291973147840577400451-9664237981600858476-1649748597"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-383174294-1563137255-1963526563-15814510329063870911908819919-1391221253188894681"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "12627456601954850186973973333-1614230922-2044996945292330692-965600545-793674997"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OCMwUMEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1409165250-129575376969991933312364380181716072608-648985037-3392238481417518875"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "83039514902474321-1722452108-1719007998214644867-335804034-1797379769-559428185"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JqgQEoIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1954494996-1645418455-177236418211242439184903828641766762083117583876-1415701092"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1779835690-570695867483047159-146556819-57537864383680695-734932812-1977565855"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nOoMwsAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "745268961-1222359787366008452-9090469593578529984842039111408379393-1904678582"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-16250637501658081902-43281676020523076998157882751375959854240239727-173827128"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -Embedding
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-721952361496156637-1271106441-561175753-263131372-1665955576-1961630324-341531404"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-12647432041536039188-953500460-255323476370456982-1936077362-1539567273-356165632"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hqkwowcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "869999234-1644439105-1992395026-1473439218-306217161965009438-488214836488896943"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1263982967-472702629-1789231257-1993336563-611675516995447985-72538513741405837"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-386224256-377157700-1086419539285312096-35861888842166592110430213881754049348"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| NL | 216.58.208.110:80 | google.com | tcp |
| NL | 216.58.208.110:80 | google.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/2020-0-0x0000000000400000-0x000000000043B000-memory.dmp
\ProgramData\soEAwsoA\WUcwIwoc.exe
| MD5 | 176d2a0295ee8c769abd4ce213ac3c6d |
| SHA1 | 27a26c23422cb8c6e8a73757b0a236a5c3920c29 |
| SHA256 | 8e3a3852f6170f4c59aec1ebf4330bc17b62798010a12612320994385d0cc0aa |
| SHA512 | 88bb26b872ecb64d45abc0c50d9555ea7f1bdfb3a2ada3aebf04d4c6836eefa64a1c7be80482382e2982d9970f315595904921e8e771bf43e11b1af891c69355 |
memory/2020-30-0x0000000000470000-0x000000000049E000-memory.dmp
memory/2516-43-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2020-41-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2452-59-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2516-69-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
memory/2428-93-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ecccUwMk.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
memory/2108-163-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2700-165-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2700-174-0x0000000000470000-0x00000000004A2000-memory.dmp
memory/2700-176-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3028-195-0x0000000000170000-0x00000000001AB000-memory.dmp
memory/3028-205-0x0000000000170000-0x00000000001AB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FaYcMsYI.bat
| MD5 | c73dbc87f2a16ea55f8bcc7824cc864c |
| SHA1 | ef007e7f1e25bb05ed05f82fab524049ff4a391e |
| SHA256 | 685d3d4fe35beb2271ae9bc2c1dc3a15018424abe863fb90e03bac6c6812e8ea |
| SHA512 | a0056321b7a553fb6c0f9cabaf714ecb02f8a9f1cee7a5b51dfa1e10a43fe34a5d20acf543b51fc7a7b90587a53f172f10dd55a96b2f7ac20a74de7630d1b0e2 |
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
| MD5 | 8243501c8bec7c2fabcac8cb47d98048 |
| SHA1 | f03c28e2f966b10efdc0eafda6ed6d3ab14b7d43 |
| SHA256 | 4f5230f4e5338c433953dfe6fc203f2cb1936ca7ad8a9d6aed0afb583a1639fd |
| SHA512 | 5de50003977c1b5c4f55132465d0a5589a32a00f388c6c57fbc9da42fcb7368578ebb6e9b541e2656dc07fb9c0a77cea75f990316be67ed5bffeed47385a5aa7 |
memory/1632-219-0x0000000000120000-0x000000000015B000-memory.dmp
memory/1152-221-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2220-206-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2220-229-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2524-204-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\migQocAk.bat
| MD5 | 9a262fcaaa735e3f09b9edb21f9f09b0 |
| SHA1 | 88751ac66afc433faf785cdf5b331f4013db166e |
| SHA256 | 9c12cdab42837be670714e9654d3ac3735f108bdc07543906d052ddbfbd91ae6 |
| SHA512 | b6ed47cd7c9eee93729ea18989d043845cfbcb7df27aa5534a6009589ce47a0e794b9a307d30d89392784a41e94ff3715b2940062583e3b71cb169069c17737e |
memory/2524-175-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2540-173-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2492-171-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2700-172-0x0000000000470000-0x00000000004A2000-memory.dmp
memory/2700-170-0x0000000000470000-0x000000000049E000-memory.dmp
memory/2700-169-0x0000000000470000-0x000000000049E000-memory.dmp
memory/2940-164-0x0000000000170000-0x00000000001AB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\SwMIIoAg.bat
| MD5 | 570f0c46e974e4f7f39f2a8bdb59d08b |
| SHA1 | c0ef9107be97793a602f8d4a10844129707eb2ef |
| SHA256 | 22b9100d5133d11874005d8f513e3bd0ad2057918db4772a69031e2bec749d14 |
| SHA512 | 1e40e0abafb35f7c94dd35678692ca68b4dea22a45e722b932a4aa92d8ec39ae08aac04ee9d369d990282ee4b4601ac37e65c2ecad9196bb77b113b978f9ef9a |
memory/2108-142-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2236-140-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2284-131-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\iogIAMEU.bat
| MD5 | 10e17be20a9d41794c7b4091e21ce96e |
| SHA1 | 89721b9f64a1e7deed9db4bc5dbb0530f29bddee |
| SHA256 | c654c7eece69fd765e5a9a8ed64f521b522929971f00829b023ac99b0c0aefdf |
| SHA512 | 77b99a8b20d3d70e7549a826cb2afa30b38b39e48b4539c62f97b032207c5804b5b700732b2a3a9ca53b2168aca9718f9367418ba2205e11296c6cbc3b81c8b3 |
memory/1900-117-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2236-109-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3008-107-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3008-106-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QKsgcwoE.bat
| MD5 | 0d1d409faaacac2dcf1a331273947f27 |
| SHA1 | 4bca7e9d97c2d0479469ec4be2783d2a4e6b4a54 |
| SHA256 | 12bae275903a5308acc31a03beee8b334ef29ffb86bf913472cb195f61e47001 |
| SHA512 | b4f99ce6a6667e38943678fd7c41d8c2b4992e2ad2430ebdf50f24a6f06d92cfdb5352e535d98aa9ce0f1acda210a0b32f99043f1b93581374079cf85abffd9d |
memory/2124-85-0x0000000000150000-0x000000000018B000-memory.dmp
memory/1900-83-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2124-82-0x0000000000150000-0x000000000018B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\XWUEUQIE.bat
| MD5 | b46d81c77f946f6e97bb7ecad06019c0 |
| SHA1 | fa0494fafb411731de42edc0c4bebacd993eab0e |
| SHA256 | 3a4b360bfb31f2cf5505ee7ab7a2482f1538da36ff05de22eb031d70607085c3 |
| SHA512 | cccf5ddf58315c12b316bf524ac250972a243623f83d5682d226b3f0abcc9fee04267b3cb40426395b89cb5a1250da28fc8ae1796101fd0241ec24e0746405a2 |
memory/2428-61-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2452-58-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fUQMUkQo.bat
| MD5 | 64543c9f70ed469a94ded6c7b731bc2b |
| SHA1 | 1d1886dd22d3523900a28924e824d913ca68d5d1 |
| SHA256 | a567637e1b96f7469f9191eeb49ed0b093dd0f84151a79884ca8c8778b42acdc |
| SHA512 | 7d668e798ea723f19fdf11342f35a9b3ea568ae34906141e49164253189285aceae20cb72b243f73fc743fc39dd1a193b471fc2455ea3fa55a4836e0280eda36 |
memory/2860-33-0x0000000000160000-0x000000000019B000-memory.dmp
memory/2860-42-0x0000000000160000-0x000000000019B000-memory.dmp
memory/1972-31-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2080-29-0x0000000000400000-0x0000000000430000-memory.dmp
memory/2020-27-0x0000000000470000-0x00000000004A0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\daQQYEIU.bat
| MD5 | 11aa7b294b7f60e7172ecff5b6c0cca4 |
| SHA1 | 21cb05797af40279d1b0d4bcaee82016cb175454 |
| SHA256 | e4bf4d333c2b9cce8a360560d03f05e9e3242b8dedbfdeea1f6908a7422d42b8 |
| SHA512 | 8a1eefd6c143dbd99c5c532a6b8f3590f05c7ad06b9796d5afd89742ce6860745a2468182a2c85bea115c22fc9323c409056c8c05ceeeb298888391badccbf19 |
memory/2020-12-0x0000000000470000-0x00000000004A0000-memory.dmp
C:\Users\Admin\DysEEYUo\bsgsEQAI.exe
| MD5 | dbeefde432c4cc84855bfe68be83b96f |
| SHA1 | 57ce4eb709c53ec2fce500c513a3ba21a3a7a9a0 |
| SHA256 | ea3e46ef8db92093002c17a48842799541eb009c3ac958f75c4c2ee7d7910873 |
| SHA512 | 814f1c0374e48077325baaeb731e6d752dd7e05658b34e565acfbee971a39be05f3d0897fe6c6022413ef2ccea1b2a13cd4f98244b52599dd50600230da02053 |
C:\Users\Admin\AppData\Local\Temp\dQsowoAM.bat
| MD5 | 2be838be083ff56f935e51bf64a3cea7 |
| SHA1 | af920a24351f0e53feff60bee7d10e84d5f20c3b |
| SHA256 | 5d524e7f1e6078306ae105d63784785c08927e4ddcf08bc23e35e983a1178182 |
| SHA512 | 8e3e341cb7d982873ef30469b53b86830353f7fe3fc8fe9b180e13f06086f9ea01d8af6ee2c2c9e500428b8b80afe790255d1abd97ef316e02b3508f723ae567 |
memory/1152-252-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2736-242-0x00000000002F0000-0x000000000032B000-memory.dmp
memory/1764-244-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\NsMEAUQg.bat
| MD5 | 89ecd3d6cbc27acf26d29c4fb0222b3c |
| SHA1 | d0caf5f1058137472db04eacf12f2dfcd0a658cf |
| SHA256 | 36747e55b203d1e61d6f8feb62661ef57e935a97278c3d1c32bc308d93d76c3e |
| SHA512 | 0ecd835acaa10102408c6da8c702d99b6d14730b53e3569de006cbbe9d6a608a334cfd0d0433c271df043d313ca6c6aa86935559179c3838184cbce989298499 |
memory/1764-277-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2744-276-0x0000000000400000-0x000000000043B000-memory.dmp
memory/640-275-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\HsEAIEkw.bat
| MD5 | 52d82d794571b2259cf81b56ab729c8a |
| SHA1 | ca045b0dd11313985b3f3cbebb825948784c8562 |
| SHA256 | ad16b66c60a145a31ca239256581768975cb37b458d9c51d8ed65cfb3b88b831 |
| SHA512 | 6a2d5c563b6e9f7d9a2e23c662c33c09629b0810494cfe462794537e3fcbd0e62bda560a4a3e803225e06f96f78a3bf70d8ef7dbc22af38fb978206945c72ad7 |
memory/2032-290-0x0000000000120000-0x000000000015B000-memory.dmp
memory/2744-299-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RCUEYIUg.bat
| MD5 | 487b9c704ebe561596d725aee590a514 |
| SHA1 | 4755361c1eea94fc4a41dffcffa2af9ddc6b49d1 |
| SHA256 | 9845967b9235fa1887dc903430d555fb3d83c8dd3d04a6296da7d23dfc87ad4d |
| SHA512 | 69364f8d6dc3cf3ce2348aac854e6d082db7f87587be20aef8deed11304dc875eb1c37fde5833fb1ade5563fb4d72837544d3c4ca872d84dacea1adfb0c1af02 |
memory/2608-314-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1892-322-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2552-312-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\DEcoUwsk.bat
| MD5 | 1c779911c6c9223f6e6685524df50694 |
| SHA1 | 1d28c611da457b19cfbf4b6b50c713b646ded72c |
| SHA256 | 5db2fb351efc69bfc4ba506a5fb6b9f7acf4f8b1c0729004a9e8946b2eb9c38c |
| SHA512 | 61f6a9a3210b100b464bca63660e164b57004cae571a14b53951228f820c1077b3133f28f1991ca5a2f31efc429b4d0b2cbd5f344ffdd0cc5f72bb487d0b5891 |
memory/2608-342-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1780-343-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\VyUgYIgk.bat
| MD5 | 6488f611723f4d6ec5762ef7e3e0180e |
| SHA1 | 30aed29018ce81e7b5cdf0d57584fe13d50b60e6 |
| SHA256 | 2f562773a37157ab6574aa0bc27ea25f69e8494c4eeb622dafcb1bac644ff1bf |
| SHA512 | b26996a7f98118fef811957662e511a9f38b34c96a6596cb3333349a251ffd17e360372e27199122e8c18dd726f4a54e2c848be7cf59fca182b1580d3319229e |
memory/2360-357-0x0000000000170000-0x00000000001AB000-memory.dmp
memory/1780-366-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uicYgQYY.bat
| MD5 | 9713b500f0e815ba3e220489336662ab |
| SHA1 | 9c79e28c42e5f6304bf871391d44b9f498316628 |
| SHA256 | 428d2bad7cd72078768015784f9c001d0274a877f85b0530d41653fe471cd0cd |
| SHA512 | 6882fb8aff45b6c3a751ad7ae9098996455385a9151ab5bd4cd9826a95ab8942767c9b2730937668035fbf7341da54f15c629e2a2c1615deb578f031455795ca |
memory/1172-389-0x0000000000120000-0x000000000015B000-memory.dmp
memory/1676-390-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1172-388-0x0000000000120000-0x000000000015B000-memory.dmp
memory/816-387-0x0000000000400000-0x000000000043B000-memory.dmp
C:\ProgramData\soEAwsoA\WUcwIwoc.inf
| MD5 | 1442243bee7dd7cbbf6784c27c1b1d56 |
| SHA1 | ddc00db4e586d364f3980e6ad3e3d01dc5c6b55e |
| SHA256 | 3688a2299a85e3307bb7a59199c51a163e39a8300823ab68f24ef3ce81da3dc2 |
| SHA512 | 582d9c25215b28bf808529cbfbb8da934dbae7ca31c55158338db15e1ba0b5c8e192c0a79a1de8c431bb5cf46868a0bf4f9e8b736586871dbc9159370e6b206c |
C:\Users\Admin\AppData\Local\Temp\wAIQAowQ.bat
| MD5 | 62c9b569e3934a7982527666946ca5d9 |
| SHA1 | 60b6de8e697a0b73cf077cb00aa377a00dba9548 |
| SHA256 | 590baa3585c9c5d65f992c1902e0f0b0a8209786770b5668cdddda1fabc7faa5 |
| SHA512 | eafcc111cac5de06590b1b7612b51e9209f31d95845eaa9b9fb67943b8296704b38511e2bda008f9cf6809c09ed91222e7eecb0f1c0d1380b4c79c199a89e95d |
memory/1476-416-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1676-415-0x0000000000400000-0x000000000043B000-memory.dmp
memory/844-405-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cCIgAUIU.bat
| MD5 | da0bf071556b81279c465016bcdf9034 |
| SHA1 | 2e8c6796267ce6f8340277631e99399223be8672 |
| SHA256 | 0b52e668f63bb88e846b4dcb1ef3fa64eb6e008c9691f8f228bec2e261cbd737 |
| SHA512 | f22c18ccc5e1cd75e68487f66fd6f10825ba1d98cd77cfa188198e7219de33be96133a9b8ab9bbc6fd89468733608c0047a213560ab6b3f6e8b4c45884533d0c |
memory/1476-439-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3000-430-0x00000000001B0000-0x00000000001EB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cUkIUEsU.bat
| MD5 | 1129a00c0afa71ff99a8c68b959c43a0 |
| SHA1 | 1b9aa7aae16bf3b4fa04e64323f536cecceff15d |
| SHA256 | cd6217cd230cd943d65c70592700590a21eb561e71fced931b2b0e17b406ef58 |
| SHA512 | 47d6ba670dc37c0938b01af5f52e80993b34c5f02c4f0abaf39a2f5c67e8b8e106b87294a0b1783960b3db36cc63de7944473b68f4ef5edd352f32b0a2dc3652 |
memory/1948-462-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2128-454-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1556-452-0x0000000000160000-0x000000000019B000-memory.dmp
C:\Users\Admin\DysEEYUo\bsgsEQAI.inf
| MD5 | c057adf24f25152656ce8cc1851b42cd |
| SHA1 | 1b20faaea2362844aca85c186803412d58f20577 |
| SHA256 | efccaf2ad2fcecd0db08c2438101bd3cfdd5d221179ca330019d8ebca90cc5b0 |
| SHA512 | 037e8b019adf4aeac9b3abe9166924fcdfb5f876f60439341231964e857c60c84647b954beafec20c02a78a2ab509885724cc307000f1d51322628c75531c2d9 |
C:\Users\Admin\AppData\Local\Temp\SAEkMsMw.bat
| MD5 | 0a467ed484541b1860ea75b756f8b195 |
| SHA1 | f0be25fe7c1fbdb5e5cf3ae8bac8a53a9eb6c737 |
| SHA256 | 3239ef16af4aad274c702803f8fb53779446b0c6f07e58634a0c26c98098efc7 |
| SHA512 | 2efd12beded10d230055f6d733ba7157602b26c25c119e57d972e89aa6ad917c0cf7efa5eace4766a971850bb29a6383f14b1b873d70f87e85adcc6105ceccde |
memory/2384-477-0x0000000000210000-0x000000000024B000-memory.dmp
memory/2220-478-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2128-487-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KucMAYsI.bat
| MD5 | 3860a17ba39904b07c17157a08cac650 |
| SHA1 | 65403f0f212906163df96a9653743dd1ed15c100 |
| SHA256 | 357012c7573363608f3796075d99e229ba23194522a9391561be4b8b9665919c |
| SHA512 | 0be38461a8231078e38af8b2c53ef86622411aff355b5e7cb1119e8291e92e31eab88c93dc6db9a305e151e3ccad07efd2887fea206a69bfe94050553829f4ce |
memory/1564-508-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2220-509-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PkswcEIc.bat
| MD5 | e4618678450e72a0a0a9105bbcc4e38b |
| SHA1 | 97c4744320020e0b145575a136b300f80289589c |
| SHA256 | 3ed5ac3734136c3dc23307cc4066bd261716be01663ec41d8373c6e06b8e6590 |
| SHA512 | c8d82781100903734e5422f9941e00a32443dca46bdc49ff78717c15188a1847ca5175e84a831e21b30ec45538e57ebe225ce6c5c67e2ffe0cb1a1cbb40687f4 |
memory/964-499-0x0000000000120000-0x000000000015B000-memory.dmp
memory/1564-528-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2756-527-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1624-529-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FWUEwgIw.bat
| MD5 | 03a21845de4a4bf8c9349736f96f3f0a |
| SHA1 | 948d6e99174d25a0901ef4d2e74f64dcf7a6b1c8 |
| SHA256 | f9b6822c87fdc2b34f309d7ba0bf0e6788ed80c9afd3603e7f89c9d7032c645f |
| SHA512 | 53969ccf0d1af05fd0eb1dea0b5e70c9faafb881703fada1525a84269ab3754379a54011b63dba4a437d2764943d8286390b858324dbd92f5dd3bb4eb1ab7be4 |
memory/1292-539-0x00000000002A0000-0x00000000002DB000-memory.dmp
memory/2456-547-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1624-548-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lkkQsokY.bat
| MD5 | 7fa2b03b0e324e33b6b00a079978f784 |
| SHA1 | 9fb048f5b9ecc68b16cd09e23974b566d7d3e86a |
| SHA256 | 659eb5aeb96791e0506debc5f9257481759f3137b1e9d0cab1d00d902df54c51 |
| SHA512 | 82566960d2f74893b2db294edb0329370edf6a0c1ae1906d725c396157753d01a74fcf47d2739730a36f57b7b1a1c674854b9ee3088c486cfcad49ec712be87d |
memory/1720-561-0x0000000000160000-0x000000000019B000-memory.dmp
memory/2780-575-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2456-574-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jcswAckM.bat
| MD5 | b84b36cc5d90ec67681c29a7496cc8f8 |
| SHA1 | d20103fc4b655fa2a7c627862bd91b7a3e0c250b |
| SHA256 | 865002bca9d0534a5f9a55b55ac6234ae47dd9e41b3ecef5af39f0085dede961 |
| SHA512 | 56e8fbfbc1afcfe8f3f08f7a369089b8a2f99be4107206a6f0724f42b2719c72c992a1c6962f9cd0aa882b52594f8daa872b9f3d3aab48120cc4d7647f36ceb4 |
C:\Users\Admin\AppData\Local\Temp\ckoc.exe
| MD5 | 048972e55dc5e4ebb6c820884e46a78d |
| SHA1 | 5955c9b00e5e674336c3879741291f4b050f8f02 |
| SHA256 | 76f919e6c054455f350b2a7ca9a0ff7592e2111f7692acf12d28d7829a52e016 |
| SHA512 | 4401c8f7078313a7bb7604c284dc3554a74df717475e3e5916ee9e752681bd4c47c57e52040ce29a79e8364c5dd6e5ae872a7366e10fcf805c2228726bafe275 |
memory/2532-603-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2780-602-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2532-604-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2860-605-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zEYwYcgM.bat
| MD5 | 077f7d160c3905527931b6126f4ac0d2 |
| SHA1 | 997db58e19444a7a1246606f3b38c39734d00ecd |
| SHA256 | 7f61839ff47bc816cf26197c9045b8ec22d34e4ed6cd482bc0b92f1bd0133e4f |
| SHA512 | 3652f43c73ce5d9b3df566ed43c9226fed8696d3c089c0e9a4a42f1e520abe09091774b66b2dcb197be239063f00ac29da7ea2c8ccb1267a3aa4990a19a6f91c |
memory/2860-624-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\VyQUsMkk.bat
| MD5 | 6c4466cb5a472d5ab14951b74c2e261d |
| SHA1 | 21d498355c05bf5888956a35d8e41885dcf624d9 |
| SHA256 | 26686c66e92d4b38d5a9aa4d67e6d13a578a386c2cdc8b6c3f89e336be492169 |
| SHA512 | 6190fb8c47d09fc34fe94422e63a3ba9c7715cec25af80e1479dd9af0f5d4b4c708b7ebfdf3df849a8f9462831f1af2d40b346f30ba147a941fd60b772ab7a8f |
memory/1576-646-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CwMYUgoY.bat
| MD5 | f51931f6d12b521c904e7db7bd2feab7 |
| SHA1 | 8bc0463c2ceeea05d866981a6e5ee559dcb1f93a |
| SHA256 | 94e4cba640f456c2bec39b0d6003a0ec6b7795dbb12e017dcf4e2519b96d5963 |
| SHA512 | 39641f2b36498ef56ef2c6e6de4ed612ebe204416a0307c5ba136a8d11fb7afa4c898b4b3615ffbb1f7dc83e75092baa517ac143187817f8b347bd46407dc20f |
memory/2312-665-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\SigwIowI.bat
| MD5 | 2d26476f83707327b6dd427e60c7bbfd |
| SHA1 | 4742f8e7ca215bfb1f586d81b64bbe1edbfdb6a2 |
| SHA256 | 2a52425be3eba102e6f940f83151a299e8da4c1337fc337b7f69bf8a1b32d772 |
| SHA512 | 0d03308070f9cbd9ba7711b97ffad202b7953b2c96e6c35ee12515943dbdcfa2fedd92eda641cdb468ef66048966e62a80fe73af173ef85ffab48d206cefada3 |
memory/1628-684-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QSYIYUUY.bat
| MD5 | 00d8567203b91d0770d265355b266b82 |
| SHA1 | 08785bd6e0c7c1662cd0520f3b1d91acda709341 |
| SHA256 | 4c68b53254ebf2f43f7826a7db6a4cb6730b545bdb722c1382d5d2b66fe69002 |
| SHA512 | a1fe5292493c90f04d0f391a238a695f12022be55c9fd7bf15f26f0b6ea0658bf2d6d42252353d1ab5f80173a18197961eef2db118736a783717407961f32273 |
memory/880-704-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\sGIgkMMg.bat
| MD5 | d8cbbb96f452b92df8f259f83a2fbd4e |
| SHA1 | b948fd4e2bfb8029cd4c307bbb44d43b889ea492 |
| SHA256 | 9e6c9af33a08aa9755f09986215425a92aa774ee37b84d1a2d6f2615d5afd5bd |
| SHA512 | b4c83f74613336f8e50d43a9137a0364e537da85328e7fa770e6bb82d2bd33a8caf37e5c165f8b19d348ee300532e38bf73f35a6b4a65610b5e3c93600df597c |
memory/2796-726-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KCEYEkwA.bat
| MD5 | 4475a46f24ae6c22bb78cd9e29339cc4 |
| SHA1 | 6a3e23a66fc97993decc6a802f46be36d76293ab |
| SHA256 | b8c96c13d0c1524233a04fab8d3e098e0496e63b882c1a877cab0e3c727823d6 |
| SHA512 | 4d736bdb08ba53cf6b7cda357e6ca103024c0afdb5811a7433c6f9e5d8835c58d5e1a6e7cd842b6b9027902edddf575b3419a5da33cc8814d85b0792a4bc060e |
memory/1688-747-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EyQYQIcY.bat
| MD5 | 5bc345f9b71d1ca56358b8d351cb956a |
| SHA1 | 30b36bde3511003f6a69eadd1d20dbf7c58992ea |
| SHA256 | 3b73fd918573c614a4c22d7c9831fc14a63363b380731191626aa5113ba68ee7 |
| SHA512 | a55bd7789f0c66dc25048f21a7add0f5d2faa0059bc7b087d76833605f9c203defe3a3be4543bfecc9a4d8b474894386eee946ba7c54bb9978a903c9552610af |
memory/2240-766-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TYcQowAI.bat
| MD5 | e2d03347304593f07ee359bf1c119f54 |
| SHA1 | c638396b63dec8d539788025e0d49422eb251249 |
| SHA256 | f087f82ff03a2a29927c7cb2c31d5c4bea777dc8325585d54950145aac7d3d57 |
| SHA512 | 5ab7dab8168f8cd4cffbcd64d0b43a5f4ea50a95bea3964d6d495f7fb3b475f40bbf6946861af032982b5488e4e0241f5dc69d03353f821124300b21c2fcef68 |
memory/592-787-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PKkkgMgI.bat
| MD5 | 1155ff231aceab46303378d287573dfc |
| SHA1 | 63ebe0d788723f82376b762335120ddcbb0cd0c5 |
| SHA256 | 2334a8397531cc1e04675f59f89ee08a33f2a08b64f55fb5382ff955a2d88df2 |
| SHA512 | 853c93477040ad2fff5614f77d8e40fb60f40a5a829a32eb707ba275963a45dc536ae9ffd6460ce56f7b7f561bed993f4eb6b6b6c649b39178e15a268dc7c6b8 |
memory/1880-808-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zWAoEEcc.bat
| MD5 | 697c537196b1960a589dc0a9f923e8c4 |
| SHA1 | 354ea0a90f255e9cb8d7275a2114f2289532add1 |
| SHA256 | 4081d69d4e116d7e267d5f36bd788965cdda26d5593b43043e12d52306a7fdbe |
| SHA512 | c99b3be4c8cf42971364f7854adf49c280b65df81c35b9225b05ddadc27195a414a4574264c51caeaebe69b55d35db25a16062d67df2490f8c2d7da51ac8370b |
memory/2612-828-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\taoEIggA.bat
| MD5 | df8033ae4bf8028c4c7e97c03e1fbdf3 |
| SHA1 | 6d4d68de2b793c5f6fe96579b9ca8859e64b87d8 |
| SHA256 | c07b30a30969090a4c859e8fae5916b64131249cb7aeb5353b791acb12c66c4c |
| SHA512 | 4d5398ca331d638a5f3a75067f0e1e08651cdffdf7ae0e8ff438111fb71f7c05355581c9281661b6d3660f61e6b41e2ecf2b88ea681a9561abec989fab237dd1 |
memory/2528-849-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vIwsIsMk.bat
| MD5 | e0221e4bc97e36adebf64f1e663da2c2 |
| SHA1 | 736a40d287c80f4dcaf230e8e7e534e2dd91d48b |
| SHA256 | 2632a7b0e3bb9f6ead1d4e27673983a16481aee79d253c247135fd170f9df701 |
| SHA512 | b925b36bb4f145b969cd368a691859e2706f4334d464126d2fe7586c0f2db062b48cecef36cbaa5ac920562c5e28242069d2e7566f1cddef15ad5b738009fcc8 |
memory/2072-869-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rIgcQYYI.bat
| MD5 | ff28e4c7b336a367a6aea53a3ceb499f |
| SHA1 | c1aec72bb331f1aac296ae082ee80a2193b870bd |
| SHA256 | f6f18ebe5a64cc479c4cd66b2f2a45f42581daaa7512dbb8ea715898c31b45f0 |
| SHA512 | 2370b3992982b1f3e2e91a20ff63dec25a6d575f2c52006936c073259461a71873360a2cf50f370a4e440b69af4013144aafbb22fa74e370439cb4ed2130d56b |
memory/2004-891-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\yYosEMQM.bat
| MD5 | 7529bf2cd2f4b57d90c1a1b137bf37bf |
| SHA1 | a5583380149dff93bf3ddc1b2310c9b455f9942b |
| SHA256 | ce614617513faec738390a103cd4422f1386158300c06549fc55d946639e9651 |
| SHA512 | d32d8135dda9a50d20386a9884c44bde7cc6091c9416ae7e23ba3b8b797fff193909deb3c1429b628b1e6fb2d7f8339e62fcd2d79294eec7e9c98489f9658048 |
memory/960-911-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\yIUm.exe
| MD5 | 6df1e038148343c04314c46fce2354c1 |
| SHA1 | 78fffd4b74287ccec2d8c6ee94aa83644c178cca |
| SHA256 | e603772c819dd50af0b2536a383460f50472fe4940ba3da9a6c68292ff2110e8 |
| SHA512 | bbd018980d92426c362b02ea90129d79dde5b027c7a9790135d2fb347ca7ced4554e6af5f863d787848b6a708edb195110a3f9aa2225f4b155e6f81a9891562b |
C:\Users\Admin\AppData\Local\Temp\Acso.exe
| MD5 | 2654d6b1edc6a6ed4755bb463e4a2da4 |
| SHA1 | 6be64d0de57aafa3e646b8e22a9eddd9ca67704b |
| SHA256 | 52bd707470421b33fba1ff8ec525d4e4b979696d0dcfc3efb06f0af45bc0340c |
| SHA512 | 8bce7de182c3f306e1a6c23ef5226a23b6aa05a6fbea95d39b28dd0ae43caed135675a1343d8df1c64c07a83803ccadc5103e0e68bb27556de3f9ebe3ba7eb24 |
C:\Users\Admin\AppData\Local\Temp\KMoEMcoI.bat
| MD5 | d366a85f7896b3df749e1af8d5b254db |
| SHA1 | c678ea9c8977c79a7a4527ad585d4221e772c922 |
| SHA256 | f0d44311e025b0c7c08c6cbff67030c2b5bbfb52be1d5eddb5413e242906f8cf |
| SHA512 | a3406a819b270db763e30a4cd8382a6d391aaefd7f816a03c2d597e42a6146a1ebc8de90413c040c81204ef54fea24bd7cbefb8c0ecd52cc751013c5158f9eaa |
C:\Users\Admin\AppData\Local\Temp\GskI.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
C:\Users\Admin\AppData\Local\Temp\GEIq.exe
| MD5 | 3141baa6581cc4c05969237ccc380668 |
| SHA1 | 8741f81cd6c6957500345365ff74a910dfcdc1c8 |
| SHA256 | 4f9e155485492a3a2a21b3b989cb1e794cc51c1269be79f81376c31b94e27168 |
| SHA512 | cb3f9672bec551435e33d82689b67c5c15ca1d497939419e4243e417f097fade2b1c56ad16e37cd7bf85cb8844e4288dc147ca8ce2f5e298f11da2bde5d25707 |
memory/740-971-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\sEUS.exe
| MD5 | e2f645b4accce92b209188c245136f72 |
| SHA1 | 93141a16c7896d1672eb27ffe4088705ed1b52e6 |
| SHA256 | 8cee25832138dc833f7492225978f2ead410fa85869b301904c81c0e7c079119 |
| SHA512 | 2b940525d1ccad48767ec8cfc2b6d3314d64b2fd71080205751e5d19fdd261ec3cfdca0fb38b3f90cc67792a9ebb26d125c2c3fdc7fa0c770c390bb2f9ceba03 |
C:\Users\Admin\AppData\Local\Temp\cgcq.exe
| MD5 | 22f8a6351b8c1c70cd8b41e116519a5c |
| SHA1 | 505329e523d8395403acc1bb2e6ba6ebd5337b2b |
| SHA256 | dee551d21b0b71254ab63ed5f76be7c72e5b15f80e9bf4077e27fc1ddeab851e |
| SHA512 | f3319838eff1538bdcc074b2b2d19af8411b9018e939fc8fc5ce4c9a78a1dba9218c7ba8021899a3b2310bb01fe5e50d93d18950c10ebaab320a53abb18177e2 |
C:\Users\Admin\AppData\Local\Temp\oYAS.exe
| MD5 | b1b24e7c3b105ec60caeec71bbe6b757 |
| SHA1 | f9068a4ecf09abf737ebbfa70c1035e84c4c301d |
| SHA256 | 5fdaff0ab28c580122cbf7b1cb14b98acd84f4ec205538a774455c0f3f1f1458 |
| SHA512 | d8cba924d394de52532f7cc46387f2249bee8dea5b7e2c6be535a593b786fd22a10830b66e275d84d197ca56f9f7b539547e8b6d2334ffc162ef176ef608a93a |
C:\Users\Admin\AppData\Local\Temp\aWQwAEYc.bat
| MD5 | f4f4455095237e0c2ef4c6839b894a6f |
| SHA1 | d8f154dbe8f25b25c5c3b1c43ec279d19a181935 |
| SHA256 | bbd8d9e0b36c49a92816fb2b9244d5fac4eb1766ac403e3a28f56df8024959c5 |
| SHA512 | ad50549e2a039e5492e3573142818459f72097058de5256142f15c9110a67fd10bd5b00af1274f25b3fc427fbf055604a981434942878faff7e010acaa02d240 |
memory/2648-1030-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\YkogoYcc.bat
| MD5 | 6a07f74af06e83c55dbb304dad9276ff |
| SHA1 | 47703925e4b70fca8253c1a23565d1753368403d |
| SHA256 | 77b3cf56247e20085a5d749d7cdfc1e31fe2e1966d7b541588ff00f1cc86049e |
| SHA512 | 5771a2fa557875fdf847d1978fc2f447248b5639d89f716f5caee3c452b446784622d1f70c8cc1cbd09dcc183e0cf1c181e7737de52595f437c4322d7ddf07be |
C:\Users\Admin\AppData\Local\Temp\UgQq.exe
| MD5 | fd058ec37ff87e7a289a81cd85911e73 |
| SHA1 | 5f3fe0f016981f11c327daf2bab11d0a22eced48 |
| SHA256 | 09f94d2ba195b27e006bb0dba2b6b248279e8e814fc6636366ae095840ece725 |
| SHA512 | b99cfae8a6ecb20694b1c75763bf9a336de645b72ce7a7f5d5cfe14f363e962ff0c8a77700918c4adfc8f5a1b5acbe7ace6d2628c590ee4794f444efd309bee8 |
memory/1292-1067-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\YswU.exe
| MD5 | 1eb65ebd73af31b845e2a1cf2a29b493 |
| SHA1 | 7472e66edbefe2640b3b6a9e02bcf986154a3deb |
| SHA256 | 6ce42c87b2db53a6522110efba0b6ee2819cdaa4c69a4e5f0b807ff593577378 |
| SHA512 | dbebb031312e164d8243f4de4cc278f10185d9288a029ceb733e5be20eda6b4b46ec75ce9171024b74d54b1743591b924ea32fe098855bdf6dfbcfea8a2d030a |
C:\Users\Admin\AppData\Local\Temp\MeYkwYYw.bat
| MD5 | 2cd599f30330286ec942c108f7be9c5e |
| SHA1 | 0495039f415ec8b0c660905a5a5678375775d087 |
| SHA256 | e4eb3fa6dff316f50ae822bfcc06376e879ff46bc5a38efd4e12431e65b1c68e |
| SHA512 | 91cd0482662b85dbbb8fdd6a9214e24c97485c64b00a252cb52b9d4405bb27f69fedc8c56f775cda73a8a4e4bd6bea599b22f24e48869d6eadeedd00bbd13455 |
C:\Users\Admin\AppData\Local\Temp\egwm.exe
| MD5 | 6492c168d7c6cefb7c8f4b420f3da818 |
| SHA1 | 173ca9780795625baa1e0dd89c8fa9253f876203 |
| SHA256 | 12331ce802c4303bf73e78f96ad52eb0866de674a41bbdb759dda1978960ff12 |
| SHA512 | 7e396ecc27df8c48acbd7739b9f7b9b6cb86ccd48e23b2a9bb577b749a7a252454ce306f730e2d21bdc68c14caf88d3cee300bfc386e862dafdd358ebcbc1de9 |
memory/2344-1112-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ScwG.exe
| MD5 | d3fd129e65fa9143012686ba9ee3744f |
| SHA1 | c1cd9447b38fab6ee2abdd0a0076d523e5d74001 |
| SHA256 | daa676f9b4897c3b924373a094d092fa5829046b3332643aa6538d57a138bc8b |
| SHA512 | 4764395e44a4c042b6b475b56f6efcae27e471c5a0dfb1493f1155a94533bae836332cdbcc51e656ed58c8fa78ae75b5fe872626d1b94039a49ebeeada1e694d |
C:\Users\Admin\AppData\Local\Temp\EcMm.exe
| MD5 | 10b8cb401d3bac2843bf822077e55227 |
| SHA1 | eac49ffa8be1eb9543c9b6c7c2fc43b8bb3a6c43 |
| SHA256 | 41386c772a3ae7ee846503f211d9f85ad16dcc9aee433d8c07479202351974c7 |
| SHA512 | 9f63a56f22776da168248a32209e2463c7364ee0a36035bdcc4d91134ea73e4914795dd6036d8381820f3346b9f124dffed2b68d400a11b1ce268ee367671f94 |
C:\Users\Admin\AppData\Local\Temp\UYIM.exe
| MD5 | 176d56eff1767f9bfc9256f5e2b0bd1f |
| SHA1 | a9aca80de477a9f4b48a7bec63407bfe027d8f7d |
| SHA256 | d60701a132ad3de03477aded1ddd5ad0a3e071177697a1266ae827fe43a72276 |
| SHA512 | da92ab234465fef403ff21aaa8745361ce243534aca0fc566d10d4dea451e204de6e08aaf61c20f30dd67f8fd1a79ea19da1712006eedb7a67b0474fc6e04dc2 |
C:\Users\Admin\AppData\Local\Temp\beYsogMg.bat
| MD5 | 7fd3a071abfae8f8441cfa091e7157dc |
| SHA1 | 7da6d19f28718ba68533653314a856b5138c8244 |
| SHA256 | 844d6cfacadc6157e865666c9d762581451554bb947d0949960b68a6a8d982ee |
| SHA512 | 7c71e9cd0e5c51f00579e11e42a335dfef3df2468df5b62a4d3b189f8d83766fde62df3b46449fece1ecbc240223264c95ae3d690c369e41a7b7a38f0cc9dd05 |
memory/1604-1197-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IssY.exe
| MD5 | ce85f8fe3c352a5a1cfb75ed1495a15b |
| SHA1 | 09b84a4632dc50d0fd00f79d71ec8234ab4bf579 |
| SHA256 | 28a541c133282359bce503054f4df9386124e01750a66a87a89a39c96d83f467 |
| SHA512 | 3d968351ae22b42cbab85e218643146812533f56327973017be33e65bfeb00e3ead8fc2c9442af9514716bf5312087a651172e8d34f4392e101b76dfdbedaa1c |
C:\Users\Admin\AppData\Local\Temp\ewsU.exe
| MD5 | 05702c08286b9dfbd62765bc9f8c93a3 |
| SHA1 | 810f445e22bd4d15c3614ae969074fd8762b6f22 |
| SHA256 | 9846e7add6cd1637170caab7d8a55c5235a32d3a245185efc1511f25199bf661 |
| SHA512 | 7104a369be124c9c77333d4c5b7fc4726ce6df35d0926b188bd71741698bfb388d51c5d43bc73fcb7eb82d14ee3ffd0a4d1f61f3769cc29f96177cb46ef4477b |
C:\Users\Admin\AppData\Local\Temp\qoEO.exe
| MD5 | 36c3070fb4aebf08fa172db94c6284a5 |
| SHA1 | 76a91a322a30860d374cec71191ea2efb069b885 |
| SHA256 | 0c5c51bb02ec088035bdef3b8e6151f9ea38ea5c6f1126c3c80535c6eea6f496 |
| SHA512 | 2bc78065ca8d13f878e5bf25657a70e1723def2be0588161b1eb3b118cd53d15842cbf73054a6d632392fc66e1484188269fe8238f962d891ba36c7860f63041 |
C:\Users\Admin\AppData\Local\Temp\RiswIEEs.bat
| MD5 | ac8e60bde26048230349dba1cfdcde8c |
| SHA1 | 00d978de229b465dbbd6d9e5bee7ea0893bfc54d |
| SHA256 | 0d3b465d1cc7101d430ae0c0dfb846ca87e4a5950d91c094a9e81dad48090a5f |
| SHA512 | 22ad2edbaf55f110224b1891a706008f3713c5258915cd969a25612f6a68578a6e6975c437422b02cd95f8edfa972ef06bdeab1041ea04cb02f3d67a80325a08 |
C:\Users\Admin\AppData\Local\Temp\iosI.exe
| MD5 | a678d38def8fe5a5c6943f3dce5c235a |
| SHA1 | 2188239d85064386935288cb967b645fbf606f05 |
| SHA256 | f891037d849096a34a0f53bc8a29eaab8d06ee6eb854a98d8eaaa4b553a857f0 |
| SHA512 | 4abd6d6eb83214fc85e99c3ac91098cb330d0e9414adb9f67e9af09329bdca9e9e2193ff115d51cee3b6cf9301fe7cb5be9dadd80ca51546fc479efb63babbbd |
memory/2668-1259-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\yMoQ.exe
| MD5 | 41288b273bfd1f0f062d428f4a3332b0 |
| SHA1 | 97ae2548922fdde25ccc16cca88136005bbbe7e4 |
| SHA256 | c01a8f2bf922c444464c9dc26a70c1cff660c2bb98bd1371a96ea1813faafc6a |
| SHA512 | 8a442f19ef970cf66ce46e9cc6e41cf54210c70127700b42da33b48685dbccce72ee74c9db0f166b4b5ed19c60fa0bb552c82202b584016904e03a54718e0986 |
C:\Users\Admin\AppData\Local\Temp\vSQgYEEo.bat
| MD5 | c774b9824d396b2fcb85093a9b81fe2f |
| SHA1 | af5193e34b9cc672ba4ad10e5d353b34bd119d77 |
| SHA256 | 9ebbc57b2fcc30f2b132f7ea6d0c4c82fc219220bb394efa9006f198ae14c16c |
| SHA512 | 9a94d7377fb0d8f082b32c5bc3ba3f87b34319ebe9e4169625e1c53466867c3c890dcace2303e6c6df3e39aa6249e05fda09a21840e611a9d610fe438385320a |
memory/2128-1303-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ekUQ.exe
| MD5 | 87e70fe186af9802c6ad8b0109528648 |
| SHA1 | adf3e92f7a3c3db8e93bc105805da11d96e588f5 |
| SHA256 | fbca5817476f19897e6e82eaa60f8c850631377622ebaafdd75884b75ef23c7d |
| SHA512 | 0160167e8aa8b421a2dced0027b474ff6eee9f25b9347248dcab0b81d4ba6e8f22e8d83b8780e0630728f5bd3d7bf3b495fb0ef5929d182be7d6e2c947d4cbf1 |
C:\Users\Admin\AppData\Local\Temp\IIAy.exe
| MD5 | f726865c6525bd0264f843e67a6f09eb |
| SHA1 | 02b06f7beac8b531e98a2c62e86f05f61893e8ec |
| SHA256 | 76ee33430fd578f6d8157169a865598baccfcc1f9fadd6944cb73411b3228498 |
| SHA512 | bc9bc18340276f2f6d020a8ce5bfefc951fbd2828713c2c26061bd9b2a53161b6a0d6513628381db9e5a93a9857b9095e3446fdf49d30a48494e7a577a1ddebf |
C:\Users\Admin\AppData\Local\Temp\YMUg.exe
| MD5 | 0d7926b0f9a63bd07547901f5f70b9a6 |
| SHA1 | 18322f5722cddf67c988d979c10d21af9e321a15 |
| SHA256 | ac87b650ead1049426d177690bb761e37ad02d88edba5902a0d2f0ff1af0b4ea |
| SHA512 | 6c7be4ec8fe7a353fcce766748f8a993ad91117a36fdddcc14801e2fd65b9fb35cfe8cdfb6e58be602fb4bc7775bf4a1dc9b429b25e90962f68b6348bdf06b80 |
C:\Users\Admin\AppData\Local\Temp\ScYQ.exe
| MD5 | 8ad7802487e72c21dcd9019a3d8bdeac |
| SHA1 | 7f3a2de082602e4a687483a14999f857635e2454 |
| SHA256 | 5e3d69419373f3083f367c4ade3e6426b3de1fe0b731ce4f800056780239b422 |
| SHA512 | a5bca653d8a15181ca2d8d589d78a3ba0a05e0d9fbedba2b5f38be28a0a3d790aee21143e8d576214e3a629128af0a5d8a153f32d004f59eebbc14bed157d68a |
C:\Users\Admin\AppData\Local\Temp\UoAQ.exe
| MD5 | 789c22b65ef07dda1209b1f3527fef11 |
| SHA1 | eddda9b9445e7efbb064fad6367c1979a7a5fdc0 |
| SHA256 | f0ba52912e631f96f03db4d9a928eee5ab1ed9b4a2c716f17d6521d50377f116 |
| SHA512 | 87a51116998c839959080a0b401b3e3adba29e77764378071f29fad6422e3b794e24ed7301d636ed839263ddaadb6f5b2da1c1ee43250bb20b1758bdf1e7b27b |
C:\Users\Admin\AppData\Local\Temp\OIom.exe
| MD5 | 2b8aa5f0518c46e5c46b51025a3eafca |
| SHA1 | 3778719cbc544c5c4ad9b59777fd9749165e26ca |
| SHA256 | a41a30aa3c2048442bc123e56d6b5b4f50beebc7faf122ad07be8f9ff1bf7625 |
| SHA512 | 6ec63f0d89ad5cd0e39a2ea6ebb8016d035e0c94196eea3b306200af8e9829d17c65452ad7c1875a05f80f9786daadd5598d43241bb14a6447f07c9bbd908d30 |
C:\Users\Admin\AppData\Local\Temp\KIUm.exe
| MD5 | 07a83210cfe87174466c8f664c1ccc32 |
| SHA1 | 94e14a2e4012ffd4cd3ee95feaf623276a590444 |
| SHA256 | 6302c0e797a0d0b85bc6562ed438f5549b687c544cb070b038e15560c82d133a |
| SHA512 | 711fd5793fa74c7013a2b4df8da78a7420c9af5913bbf6e22b735bd47bc823c84096f0cdc4a9aab84d0a2bb0e5e0c7e86e45e3572573374cdd78e50fbe907731 |
C:\Users\Admin\AppData\Local\Temp\nqkkYkwg.bat
| MD5 | c0c804e8dd8684ca38ba5597c4970cbb |
| SHA1 | eab9ac255bdc410d39ce50f860509efeba333d04 |
| SHA256 | da04f4e707af5c7d457ffae3b348fddb0815694181c3cb4d8abd40d0b6abf080 |
| SHA512 | 536ca5fd57364a2c579bd68136a6e6dad7a64b0552165d889a03e5e24e77d2df2c4c603a64791017bfe44ad62d5186c1f8a817ba071ab9cda0e2834a0f7d77ef |
C:\Users\Admin\AppData\Local\Temp\cAAi.exe
| MD5 | e01b0c5e4aa9d0d521fe3d5a2d5dac3a |
| SHA1 | 9b95093ca608401081c2e185039c8b67d735fa66 |
| SHA256 | 15f836e8ae76eca7b96fba78bf9b5ece821eed7d1c5a74d8fcc93357caf0743c |
| SHA512 | a4641ec96940bcf6d48259afb3e58b981037c955bcd9cf6a3836e0cec15c3e6bc70955aa6ffbdd8e5633a6fea078e3dcb751a7df1bd72fd899b6be2eef0b705d |
memory/1548-1415-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\owgU.exe
| MD5 | b450533683132cd9cfeda13a9e7ca791 |
| SHA1 | 159f4db960cee5d105cd00810bf2e07f078fa55c |
| SHA256 | bb5d423205abf8cd9c2ceed950d3756e66235d9349bf00cb3486a728f81be3c6 |
| SHA512 | e70866a970ade40e27e67e229595a8d2eb2418fe6af7403d9789d486faad7c4067c25bb768287d06dacb1f5754dedc5da06fd13a65dc013fd9b1777fc25198d9 |
C:\Users\Admin\AppData\Local\Temp\SUMk.exe
| MD5 | 9b10b4c8045b589c8ff019ce500353e1 |
| SHA1 | 8467ab3eadcf9a5cc05243e2f20694689990e5c9 |
| SHA256 | bd2d541a84251c9615dd7acbdbac9bf58b13d68bef13515b4c8e4a0e87685827 |
| SHA512 | b75b77933417a5e725568772fdd0c20618d64104dbf1c5af4984fe9aa67878c311c0ca7477c90112f59dda76ca69457012d4af1aebb46b1fe936d5a401777ced |
C:\Users\Admin\AppData\Local\Temp\jaoUYcIY.bat
| MD5 | e6cecbebfbf19572f1191d25035e7ca9 |
| SHA1 | 41616cef19a654d735ea0034dceb3d2da43c3813 |
| SHA256 | b134536cf147459b06d02a371c721d4e9d89945833cdd7410a274043113a4636 |
| SHA512 | 5fa60628caa98fd4b66c0badb37a41cc21ce1e584f7acfc1b24ca0e7a2c4587f0f38fb74f6634bd778210f094322ea10dcf8b41b986e98b1e68757b4090626dc |
C:\Users\Admin\AppData\Local\Temp\WAMM.exe
| MD5 | 2d09811fc419d55374f13f3117e9092c |
| SHA1 | a04449076c7ee3ae51572928388ba117fb3c38e6 |
| SHA256 | d3ab3421e4847ce3752857b63fbc72db40c42ffeffa07f687258271a1908e106 |
| SHA512 | 6e7194aaf3acf465c51fa96f3cb3f81a3bc85376ac745275009c90421ca0282fb00c8bcdc44d6bf70c4eeff760536f94ae1b2d68cb32e3f3d9aafa49b96c2cb4 |
memory/1368-1464-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\wIMg.exe
| MD5 | 211e265dd1fefb006730e548e59d8f3e |
| SHA1 | 576a83dd6005e5cf7f09e4c75be887a182f66467 |
| SHA256 | 10d7f9df49d33a318c7030a24c61e7f5e153772790e3c6dcc1f2afca9a0395c3 |
| SHA512 | 11c47c608947f153f68c5dba806a6576781f6d2a7a8f4afcb221bdb08acb8920916510a071533b281b0e0d839b2506c86211780a566b9faf06aefdc0a714712c |
C:\Users\Admin\AppData\Local\Temp\YYAkgQcc.bat
| MD5 | 05a80b720137c417250a24bdae1e627c |
| SHA1 | 5748875932bce3026be8b7e9721d1907a3e6c376 |
| SHA256 | f08894ff1dc84127f974a008f0d74cb2193c326071707d8d6d7b51210fa165ed |
| SHA512 | 8060ad2f59d4875856ad1fc53c7ba86e7ee2f03c149529f45f9ae498ff6917ff41fa09744f12892cbc7327024fd6110c7afe2b9127f05a6bd217773e88ab19bf |
C:\Users\Admin\AppData\Local\Temp\KokC.exe
| MD5 | ec05ceac3f46c83bef6c764b05a7d4c9 |
| SHA1 | 180e776b60d5bed861091ff30f838eb78be90930 |
| SHA256 | 5dfa373706f077e529f4aaf519ac198d8b0dbfbf5ada3cd69fc50c09351eeaee |
| SHA512 | e7817a60a9e42c316b565dd630f1e3d5a6b0b2b41ad571b728f7d8fbe7a61f29c98051a55d9274743787ec6eff8d874d2d24f8713af285e4ac048c78543daca4 |
C:\Users\Admin\AppData\Local\Temp\cAga.exe
| MD5 | 8d0dd2648f9fdea0798c8710d2925882 |
| SHA1 | 0450447bc5d97d8cdb1e0d26d301c5268b1a6cdf |
| SHA256 | 5e4a196b385fc9c6a850e7956d8f07efea168661015a2cec0c77ca8e8237d20a |
| SHA512 | 5849102d82be6f48d03ef84b64d763d6f8f510471ed04dad907b52c713570deb98249a686c31d198a95d59fa40f774eea80fe25127fba65052cb7a190d56026b |
C:\Users\Admin\AppData\Local\Temp\aUQI.exe
| MD5 | fee3b3218ac11458c1590497daa683ad |
| SHA1 | e0e56a36a6e368622c982c6bf74db46000a9e9cd |
| SHA256 | 1899ea2ffc4b725bfc1cd3e2ca0bc56d3325e731bdc7d8db10c4513322f71ca8 |
| SHA512 | 108f263cfdb327ecccc3b0759697bb23b8b6c3b7ae053f9724665f1cbe171e722e3ce3acaec954ba393ababf715e7212b554941b991d9fb97f0b3aea0d2cede1 |
memory/1600-1533-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gcki.exe
| MD5 | 836ccfa7d194e22e9049d7d6eb308ea7 |
| SHA1 | e60a10bbac4d1f62a196bd466aada655a47a52f6 |
| SHA256 | 66ed181a97ac546d422dafb97f1d11e6f747580fd07d8297e4f0bdfc386cdb75 |
| SHA512 | c404ef5a5cbb87f9b62b0a713cec2a4e6bf7b334178b48f8f05cd2b96c3175563237cb63d578d468d01415e3a1214125b9eec2141e0269fbfdf60c3278ff0b0c |
C:\Users\Admin\AppData\Local\Temp\GQEk.exe
| MD5 | 873bf472029746f8a22d93fe877ce36f |
| SHA1 | 545d2163d2381f6a4a70908a6e6a75b2d8d8abb3 |
| SHA256 | eb677cd73e76a2fb5fe85d46be2e71fc267ae82df90993f77a2e01df1e453210 |
| SHA512 | 4f7b73593a5b14891c13dfffda9a72570a0027d9d03b92125b1ed3f6de99784de10648a0925f5e4c5dc1fc3207b02c72f536cf798ffae7adee374e42b6a785c5 |
C:\Users\Admin\AppData\Local\Temp\GoAU.exe
| MD5 | 44a3e2ed5355ec7f5ffdfe81dc9e6595 |
| SHA1 | 098cebee953107b7f7be7fb0d36ded3ff728497a |
| SHA256 | 608b57d20405d607f99c596d8e360f3adf2677d3ef52007db951e4bebd4f880a |
| SHA512 | c0b57f5a8dae324180829514a48ef4788b07d9fa408581f52e86d2791436c605b039a16d747cfa0884f2273fad6463a0131fa129495c031d03f1542f45bf160d |
C:\Users\Admin\AppData\Local\Temp\aGgAUQUs.bat
| MD5 | e16f0504b437bdeffbc8f9f7eca4df0f |
| SHA1 | a3092574e0264d7ee37becb36a02105193524cd2 |
| SHA256 | 39edb7392a01de42e1f8593b92bfa84c05af15d08fcc88da6c165c9963b40627 |
| SHA512 | 667ded513c5b5799851b29c8728efa6960ba5b7a30f4ea8f5f11817261c8c89c584b52e0391bf9bfef8a0ea5c498f5ea97a0b2f9b983b05011024b0cf844db65 |
C:\Users\Admin\AppData\Local\Temp\gcoi.exe
| MD5 | 979d7116559fc86a80b3718431b2f574 |
| SHA1 | 829a69c8dd070b44ad176f1c1a8bbefb60b4e672 |
| SHA256 | d76c8e495f967112ff13fba9379258f256377b34e5c0b041d51dfba8050d68f3 |
| SHA512 | a75894dc4601a10cb17d2f52a62678bb5ba1cfe0bbdd6bcf19c15f9600efd7125ffec3d12eb219dbc1c9ee96c2c58d2dce69f6b912a5dceaf4d231fe56261bde |
C:\Users\Admin\AppData\Local\Temp\ecIi.exe
| MD5 | 2b1187e9daabb79aecbd613365bb0bfb |
| SHA1 | e09b91b495d237f8c1633ca37b0036310b0afb3b |
| SHA256 | 738151584d8035a771dcce11b99da12a186d5e95c21d2a1f089f228c307cd408 |
| SHA512 | 10abfb445fba16ee1c219d3ac226bd4f2b936ae1f2410e3e5d84ef978b2f6f782accfe908994019e0df5e927b11a95715e4274b2e36c1b1a2798645e6925055e |
C:\Users\Admin\AppData\Local\Temp\gcYy.exe
| MD5 | 85ae5f593272def81475d653665461db |
| SHA1 | 0f5abdf427d9e7bcfbcf834b663504ce7f028648 |
| SHA256 | 19dfe5bce1da1e275245b2e8e7c44e75b890b3ef779d3cc895a5c78da0c25c5a |
| SHA512 | 84a052f16081037156708e8500290366e777389e5581627ae8fb6a65ce4010b1178e4bbe1472dc691d652887d29f45ff7729c77a7215af807906f50428ce60ee |
C:\Users\Admin\AppData\Local\Temp\Wocq.exe
| MD5 | 1dc228a46d0b24031e81ab39d7eef7b4 |
| SHA1 | 03ba4373fc84cf5f0ac74451ad133be33d641918 |
| SHA256 | b95ac12f0ee82cf5b86e02033f734940d475062532935bfa25c060b12b1b68c7 |
| SHA512 | 093e185d5b15522f9bc922ea17076cf61cf0687777ee1fca18f862f6d6903595df2a2d1f6c72749b2b81c519bbe2803930fd47ff405f016e7d027bcf5b2ed5e0 |
memory/1564-1636-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QYAS.exe
| MD5 | 4c56c71770eb936480de8e5523bf969c |
| SHA1 | 1a95acc7b01f10adf4068b9e462bb8bfcf7f7cfe |
| SHA256 | c91bcec78f54926066217f540bed57f7875902dbeb4b1fdc2003d39a029e9956 |
| SHA512 | 7e40e5ae0aa2ecc517e27688e6968e83bd1eab5efd4d12ac35c7b0fd58266aa9e7d51fc1fe78cd264d9dc1c1c2cf11839defb211c622fa433b3818223a73fc31 |
C:\Users\Admin\AppData\Local\Temp\eMEO.exe
| MD5 | e7b1928253b65169fafb03e7cacf680f |
| SHA1 | 71d9117771506db041843739ad6f35f3b17a36d2 |
| SHA256 | 40d60609173812d90dc904be4917d670862f965bbdf5c43ff96427dc7e96eb2a |
| SHA512 | a73db40c00bfffbce9293cf5e4a503afd86b8bfa98110360f387d2c28fb1bb371ceae2083a1e5fa3826333d718cca908345a6e2f817a756ebdea586d42da776a |
memory/2488-1703-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\YMwYUkcU.bat
| MD5 | 536b411074b9e38287c68c9dbbdce467 |
| SHA1 | 305b7548da9c06c4a9699d65dd455999929c2db9 |
| SHA256 | 81a1929259a44a538d8e53eb93a2709182d95f793596d4b90b98d401eb28df59 |
| SHA512 | 1a8f02e658bf1fadf1a2d7df6ae7eaf841721a82eec26f28fe85ab353086970f199f656e3fdedf75fe5757a78e1bb254b44d2e943cf0c489a268c9fd6633d4c3 |
C:\Users\Admin\AppData\Local\Temp\OEYs.exe
| MD5 | 70b365741aea376d54371c490b3a8ba0 |
| SHA1 | 4e2989b423c554fd2df377b616350ecac057dfa3 |
| SHA256 | 06596372314bd85f7f1d606c4988dfbcf7d6d2cf625e3a33748d30ab20689656 |
| SHA512 | 11b776294510839cecc2f4f9e311a913e45af3edc13d94de976b7992805691cc1cfdc1b55c1e341c0e5193ab11858fce24e3523fd8d559dd0c963fc241acdd5d |
C:\Users\Admin\AppData\Local\Temp\gQYE.exe
| MD5 | aab68e649170e6b902843a3e290ceea1 |
| SHA1 | 82e08758ac17307843f3cb5d571990fb56a6008b |
| SHA256 | a820c0f2e62451aafd7791976d123fba61a9685b3e47cad72a3d2c726491737a |
| SHA512 | 2688da02875b299d112c5da06039ae99c7bd5f51d6aa638c2124239959892b779644a6a1926a8ba899033b62affdcc77de6f8e397c0e5f3e320425a8813a7a03 |
memory/528-1761-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gooS.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\OokY.exe
| MD5 | c618666ed28dc6a38e5e575e54b918a5 |
| SHA1 | a16a064ab6e0d9df2c303c3b020dcfe631d9154a |
| SHA256 | ef39e086ef1a0ef54d4592ea7ba89e2dc085fffe5785a86442791752b53547c8 |
| SHA512 | 4fd2e0a3acd7bd70d8773b1742d6001d3444fb595580c77dc36c1da85c6323050205de854b6d0f701689a9549cfce0031693910c80d3e3e25598f39a493c759b |
C:\Users\Admin\AppData\Local\Temp\SssYMIMQ.bat
| MD5 | 1298c4d3415b51f50f8a5ef33185ebd8 |
| SHA1 | ae4281cad0f014d7ccbf14f93b48eb96517567cf |
| SHA256 | fc9130a24d9e7fba6992abec5e82e5db1ece44d64e17271d6bd1fdafabae07ed |
| SHA512 | 8f4541f5a0ea930c40995503f2e59e18e598101ad1e9fcda209a4bf858f599677f1b87bbda7675d03ed718cffbeaa9494a3a1e2070407a4815c389052611894d |
C:\Users\Admin\AppData\Local\Temp\YcsQ.exe
| MD5 | 376966f061fbbd766e1b66c1fd8c8c33 |
| SHA1 | f97225ec2bb9845748009b5503377ef23a68d6eb |
| SHA256 | 809d6b3f387d2484ec5a0fa3ea7f330e52f4f5c361354be67a550abd6aaba60f |
| SHA512 | 35cd32d428d65d7d18a0c34ae43a50e513fc1e1737c05c1d11e68081ed123632b5c7edaaca1ad94ef166e8abe241cb240e4459ef6d019cf9532f585ed82c3a96 |
C:\Users\Admin\AppData\Local\Temp\SQUA.exe
| MD5 | 8621eab4ac389c2d88e5a2d00cf54c5d |
| SHA1 | 0393c08c1c3d40a4380bbf5279268fa6603ca3ea |
| SHA256 | c09ea3c4b96dbc55ec5c30b89e245fdf972cbc2011afaee35f803025e7bad8d8 |
| SHA512 | e03f830a5df4529e91ebafe1dfd1cfab2267f66f5381c80a4f047808ed5eaebcb8d6a0e0858541450f842f02be4ed689669b0e6cfb4d370bb9d0e45fa878bb3f |
C:\Users\Admin\AppData\Local\Temp\tgwAcUIQ.bat
| MD5 | 1f84fad7747193ff10c140d176d98df0 |
| SHA1 | 736a27eb1b705cdac7fbbb88a133f17787a38cd8 |
| SHA256 | d54d83c409aa5cfd9d62ee9d5857ae176f51f69c469d222fe003d0ddf1765ef2 |
| SHA512 | b1c1b7c689843394181c2ef6a2b406afcf901dcebf0139081646b0b79bc421d6940a1a28f27ce9e673dfc96985e5e2d9734c45c7d8f53279438605d30857415e |
memory/2716-1831-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\wMcc.exe
| MD5 | 458fb7f893a0b42e0ce71850e00c8366 |
| SHA1 | bf37ec0586d103768cc9cc8cf9c6d98ad79d5628 |
| SHA256 | 2d78fead92fdeaabd62276d657a0f503ce952c04324307b1af2da8e9bfc2f9b0 |
| SHA512 | c19045d315a52f9682b584ccca974b86f8d795827bc718b5b464da99273bbf015a6108e38b027afd6a2fad1a71036434590adc7a6331993db45ba35002164aae |
C:\Users\Admin\AppData\Local\Temp\tcoYEkII.bat
| MD5 | c207ac7122a274a27dd802318a956d6b |
| SHA1 | f98d1954c458bb5b1bde2b1740c5cf2534e34832 |
| SHA256 | 42b3da45ae39ae2e7126bb19c933f3b9883603f6ab7eeca0ff3eb3458570c22a |
| SHA512 | 54672c1f349dff4f04fc6d9d58da8d6250cd614bfc90a6bf4206b37c25cc769073d7b1f3cf55c5dec23664211f67a778c50afd533bd7a6dc9fb7c647f30b982a |
memory/2344-1853-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\JukcUEYo.bat
| MD5 | 8d2f19fa23edc6a78912167e35e88491 |
| SHA1 | 15d278905a50bf0afeb32500f38dfeb19d9df33e |
| SHA256 | 588d6461d92118913b9c48fb6afbe6c9ae754c5f6f705eb529de574710258f28 |
| SHA512 | 3ddb4df83dfe69ead433fa0268d0af7a7834b658766141c48a23f5870acbc51d7a14d25d658d3c15b650e7d59b917e0c5903ebf74ab43af4e24ae584c65906c3 |
memory/2764-1875-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fmUssgkg.bat
| MD5 | 1ca851d9f75b4b214ce9cb55f952a585 |
| SHA1 | 24a7f9df40fcae9059d932111f8da45f160ab128 |
| SHA256 | 00baaa25e7c0c0dc571ba25a0fa884dd49cae6dbe60b3f7aa656e1b5bd0f3396 |
| SHA512 | 046ea6dd3d8911fbbfcda1ce3ce19da0e2d0c3bb16bdb3b7392c69840e2542962334809821aa9c0e6987cd04f17e9d5b80901aad8c337d88b6a26ba4a349d260 |
memory/1576-1895-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FwEkkwYg.bat
| MD5 | d5b7fa97bd1831ca7869ce7bc2731afd |
| SHA1 | e3141c3563250211a4197a24089c003832b6f3de |
| SHA256 | e4ee19425a1fd771588f104ee168368749dbc3105e83ff2e13d4aabd8506afd0 |
| SHA512 | 161e9914d5f4344713dfb412c4d16ecd33c8fabf6bfd11de4f1544c019110129358bfc5e0cec4be1a7e05e4ed017d15c0a05c4e3de9ca0816b7e55822f72ad04 |
memory/580-1915-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\aGowcoUA.bat
| MD5 | 487ed47bf57e7dd8c92babeef68f1942 |
| SHA1 | 1a93f36d019a1590a79fc65fb1ee4ff8c86b2bb7 |
| SHA256 | d59f9932360f107292c53ccf6fdb1658c78ec0f7873b0944b4c6beab90af662a |
| SHA512 | a2030b1505f9e7d15e0a17a30b0cd065f2efb310f53f32ee725303cafb5410ee385bd24123b2d675942470b44517490e057de2f67061716085859aa7db72f571 |
memory/1632-1934-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MGYIYYwk.bat
| MD5 | fa51f782f07c8106be5a572b5fde1a76 |
| SHA1 | fda29f15673a3fd92cc27f9bbfdb0f6e3ba6d3e6 |
| SHA256 | c4024a8dc025c86004c1e076f871571289274450ac6165774af4a0f6826ff292 |
| SHA512 | 49868ea6d2e1cdf50cb2579c18494b1cb3a6ed925656b4c1330b4dbf22d4ad35b41e4e5b9f91a78d41084c0cb62c85c5ea38f8d33fd9083fcfffa154550aa269 |
memory/656-1954-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qoMQgwcg.bat
| MD5 | 4e3d8a62d211adee1f1bd4b0df09dd1a |
| SHA1 | 95a4cbcdcbcea73408eff9d6ed7f6cfecf8c3559 |
| SHA256 | c996cf0835b3639fb5b5341210caffc393b15bcfd6120f6e096150aafb15e68e |
| SHA512 | d1d225e2903789e8a9ae0bd287a05c679ede240f2d3f0ac302f90e76c22f8de9bea7a719585087290cc708d777cd8649479c85b56d15a101b0b7ff8e5507e812 |
memory/1656-1977-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\geQUoYEo.bat
| MD5 | 8192485b3e6bfae06d2be9621bc84247 |
| SHA1 | 011103c6857c5d511f2b1c6c8ab4230f9ac53c56 |
| SHA256 | 0934cea4e804307baede2093636fcaa6f101c92e3cd2d7f874ab0f55879aba4d |
| SHA512 | 65b5c33deb9816b68873f2a6e964a9fac6cf4c63292d2fc52b28b80cf7c1fe216d0b485ece844491ad954323eb9f1ff103acdb3d4d176fc59cc2227afc2d74a9 |
C:\Users\Admin\AppData\Roaming\EnterOut.mp3.exe
| MD5 | 421f17d683cb924a374113c4b6c49849 |
| SHA1 | cc68b60c0ffa8aed4fedfed8b2b180e0f2ec5736 |
| SHA256 | 3d0e12e5137b4501814b9f5ace0c41bb1dbf7df024d791696b94303d3450f8f9 |
| SHA512 | dd8ff46a33cd5812abfab453b9b77294d40cda132e3f5adee271ef9c493462019c9e03534e1c3601d4ece1738822edad8619a33d637c9d5f2369cf23b298324f |
C:\Users\Admin\AppData\Local\Temp\SgoW.exe
| MD5 | 253c17d71f1a3daa96bd1a79b4534d17 |
| SHA1 | 944d0c448f6ef1d1a03c94ce5f4d1c858b18c97d |
| SHA256 | 68995a3e876f26bdac8019970739a2016784e49b740e8ed8fdacdbd9cf26e7ea |
| SHA512 | 096d4ceaf6d0cf8634f2ecbf8d7ea0a98e40c7f2e17c9e84cf16a47f72bca6a6dd206779e2afa8f5b4eb7befaea6c18794ceb394db3e703894364a275249d564 |
memory/2044-2009-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KWgokIQs.bat
| MD5 | 25ff631ccd793cc1348f9d9faa3f4878 |
| SHA1 | f2d270df80ea113e29c071a7d58d4ed3b40c02a5 |
| SHA256 | 3ae5836a6f48103c8d402371a67b5c18774fb7c4c316ef53605a1d3819a64d39 |
| SHA512 | 406694d7b5a4fbbd90f19ebdcf14256b988eedcbc74de080a0584f1e3c170b12efeb6c9b2c3f19af90f50641f5509280cf0cc8bb68789a8dd053c4b7c5ce34e0 |
C:\Users\Admin\AppData\Local\Temp\YAIu.exe
| MD5 | f9c883e427c121b9bad0212e71f75789 |
| SHA1 | 8368c04f44010cb09829c1c492eeb67b68ef487b |
| SHA256 | 9926b81294b4c146c897d882b4c5d09650495e3406666a7d69ddb7c443334f33 |
| SHA512 | 25a9e790015eb9e926621d151c98f192ab2964d150679c447320a5a846ce3ba69e2a912b6e132cb64e7c852932024c28fcc18dc47c1b2d450d32fb9f49264b60 |
C:\Users\Admin\AppData\Local\Temp\oYYO.exe
| MD5 | 9549ef530b7cb22d95ae146ab5275fa7 |
| SHA1 | 3bd62a022e56e1d9b1ee52e50b2c93a2797992ad |
| SHA256 | 9c778c9d6f7d6e74c9a27625ec2dbf6b117111c28a68f95575c82d3076fecf2c |
| SHA512 | 685a59aa518f2c05895b27e5f273add6446f55d67c0e05867f4c5de0c9eb83601476bad1377d726988c5a8b3694a434bb49e4c220679cc7082dd1ad12cc95ff9 |
C:\Users\Admin\AppData\Local\Temp\sYMu.exe
| MD5 | 2058cceb3a8aa1db975d5c3389a737ad |
| SHA1 | 554d2fdf79d899374c23312b458c8576ffe95916 |
| SHA256 | 23c4de7a7af8df89642c94270691b0c98577fbdcf28f0aad98efd7e2eb555029 |
| SHA512 | 8b5c7edba4fcf6cc93b4f0efcbf6f83d2007922e8572e3d2375cb169508bd5d0afc640e5c6f09c019ff48ac96bfe49eb56863224fd241b8e70c797a898e87e9d |
memory/2396-2084-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nQkQogcs.bat
| MD5 | 6c822f35c766c740eabd978f23db87de |
| SHA1 | 586e1319568997d815744fffd4d820bedc356042 |
| SHA256 | 282392c397a2466be36da254ed9dbc38bc1f95395248ad7c74e8524f7826f732 |
| SHA512 | 5956c039a155eebefa133c331e40ec468f4e5f3f65ace5549119f0a8bc75c4b0e83f113ad6469a8211d1851f1230b2b3d56673ff84dadca79767919d2a4dfdc8 |
memory/3008-2119-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\wMUQ.exe
| MD5 | 33ca23e6575092e2c539227162225f89 |
| SHA1 | 3ded3921c41dab3b66f6f8f835de861223f92be0 |
| SHA256 | 82c1c45b9911d58d541cf134f056a41233e37951a25cae97b1ae52f6f515924a |
| SHA512 | a385f89a68641b1bc6809ba9757e8b2d4e5b885e50f5b076b6ccdabf40c2200a24147ceb328391f4f2bcbf5493c46067a4942334fa56db8ba0151d9f61452fbd |
C:\Users\Admin\AppData\Local\Temp\YcIA.exe
| MD5 | a0942fda1189493fd07ac59a60c648ed |
| SHA1 | d310c304ba6e6d9f031cf4ac37c845ee71c77fd2 |
| SHA256 | 30bf4d9155d5973c8c293bdbdd7b902f9747d0a70a9fb89559b9c52b40f7b674 |
| SHA512 | 52e3f407dfef720f5766541f19d0c775ec2f6a6804e27e2915ae52d94ed01231108fa7f084705bcb8b08a3937ebb825b8489d5257fdb08fcc7b2912e88a44126 |
C:\Users\Admin\AppData\Local\Temp\feoIYwYI.bat
| MD5 | e99da602dd485deacb7f52d504a5424b |
| SHA1 | 160f4533e6ed398fd07f3f323e4fde52c08b6a56 |
| SHA256 | d33b78f972951e999f82c88739cd1ade0c425bdb663e0907f5f6cc0979aeedd8 |
| SHA512 | 09f6819cc815d54f2e3002b97d20f55aee31ba7ceb1fadbebad17a6d81a48162a81510aface504477cf84e7f34ef28cc32704b3bd8fd39dcfbad27dd43894ee4 |
C:\Users\Admin\AppData\Local\Temp\ykoG.exe
| MD5 | 5d845b73de9602ae4d5dc4a16afd70f5 |
| SHA1 | 4ee841c7bbd142163e88589086adada23ffbe2a8 |
| SHA256 | 5e28cd93e1fa1e40956869c250bdb36f0733770889ed24b4eb8c5e56fdb766e6 |
| SHA512 | 03bd39da9971e04161e7ad9c521b6500dbd94e9f58d3a4da5b99ca139ba4a8c70bf334e08f97dc359d39dbc01187c6217f5fd22006a63d3394c8b4ca6683286e |
C:\Users\Admin\AppData\Local\Temp\qooY.exe
| MD5 | 6721b4d00342449ce33622f1f8f46f09 |
| SHA1 | 742e0d89863794e43e6f450bc6a24ccdf4055fe2 |
| SHA256 | c216d8b1f9d7e756eacf493edd7738b4f6346e1ac2d273a20dd9918846fa0dc6 |
| SHA512 | 02060d1f98aee0a968fbb49ae57b8b6ed25ab7deb620ac691b50cd004c867b6792eb0b3d38dd2954775cd628f7ea241e6de2599de38059e7c49b34c2cb814057 |
C:\Users\Admin\AppData\Local\Temp\kAgu.exe
| MD5 | a4c0d303992b3ca98333fcf0cf7b3247 |
| SHA1 | f33ddcc0bc9747f881b75ef4fa6d699977fe7d8b |
| SHA256 | d0263214c1e15fe1795c1542a21d0786a09f76b677a5dda91bfda98329cac159 |
| SHA512 | c52cceb858cdcb1a4355ed99cb7e585b43e81ea125d811f1d3547c9a228c4f2c8dfb83536709fde9dcc4de0160b9e4203c3760e6ad3753354237eef6f796aeb8 |
C:\Users\Admin\AppData\Local\Temp\LkscYAgo.bat
| MD5 | 067f1b8e2f13789dc630bd594740aaac |
| SHA1 | 7e04c6cff4b8d53177ca8e0c920635ec772a5cb1 |
| SHA256 | dd9987d75d0c879c697d9526528ec748684318ae5fa0118d1c8f9c542eae4968 |
| SHA512 | ece07796448c4448c4432dc955d100d6bc2686a3c7c64355f8f783df581e779830517fd9c8a608b9a5346eed957fa86202d1d8256807a5a6692cdeb3cde36a69 |
C:\Users\Admin\AppData\Local\Temp\eYAY.exe
| MD5 | e1e1a07ea71774a9aa8c5d0401499d1e |
| SHA1 | 1756fb23b8aa4240a75debeef0479768b3136af8 |
| SHA256 | 5e4caf602defd37532d1e71876e602c19b707fcb67dd390e0fefbe44d01ac30e |
| SHA512 | 95026869cfad6dcc64f9a15fa556e8f58191240439f027742b5ceb6d108508c3863ac13b7421e5951f24f6bbf88769f74e148b0693767be5c798c93afb620534 |
C:\Users\Admin\AppData\Local\Temp\qggG.exe
| MD5 | be7cc204696cf373f616eb5132fce7e3 |
| SHA1 | 10293ad457c3ffd5ddd3c04d69e04b8779f76952 |
| SHA256 | b88aa90f1a4be281dee22bc7f5b441ab6180eadaf4d756d2eaa76dc81601f6af |
| SHA512 | 876ca050e2f115eaaa8bd4032b7626adfdbd0636bc0da21cc7d7deb36f238bde55ee58fe4a5ac9b66da228d2412486ad5ce4096e69af14761f98644e5f25ce09 |
C:\Users\Admin\AppData\Local\Temp\uwww.exe
| MD5 | cc6a1b140594fe284b632992207776c3 |
| SHA1 | a200c59c918b8fec6c8aa2a2077795d4a21a2beb |
| SHA256 | dfb0f5bfdcd8cc4c3c380aefc3feb1733999e63584ac10ed487d631260851c16 |
| SHA512 | b531efda6443bb2caeecb87e2a00f076f8bf337d34a69a1890abd1b3b860e0112f25d8454c027d105f5b4fde59afb249b537d0e79bed6f21396a50d076dd679d |
C:\Users\Admin\AppData\Local\Temp\ecEO.exe
| MD5 | 6a4e6756507cb9aaa1a7a48951a48f28 |
| SHA1 | 65f7805903f5e235b73bcd1345b3bc661d251254 |
| SHA256 | f85040b3b497702b3b2563c6ec8f8914642c8bdeb17b26a81c81d43ea719143b |
| SHA512 | 3bcfab6f2e63a69c4a562fa1b6e27557edd069a7cc0ef27d21e7e69c2262f61c523668bd252cc6c29c308e26aa8500f317cd5ea712341e249779111075caef81 |
C:\Users\Admin\AppData\Local\Temp\mgAw.exe
| MD5 | a2a86892a81e55afd6a037b40d3deb18 |
| SHA1 | 3e65c8898d5e6ab60188c3554b203284a32a8ed0 |
| SHA256 | 424aa78327ac64dec84c2f21e27c0e925b2b218682ee46def846024fcd0a0830 |
| SHA512 | c26b728e4baa8afb2c00f90028e0abcbc7061e65c0359ecbc6236ce0b89f13be404dd2aab56f832fb593f0ce944b492ec176ece40904ab3785a2c4940ee46e20 |
C:\Users\Admin\AppData\Local\Temp\ScIO.exe
| MD5 | 405bc235c8208c1c8de8725be2ca525a |
| SHA1 | 4a3ef218b5cd4b8e6873143bf11a1b003c719520 |
| SHA256 | cbd2728187c88ef1afc5698be69b14611b6ee0ba1b7dcf73d59fc181c7618c08 |
| SHA512 | a9fad1a1e121a6f18e09d3b0dc6c73a281d86a45619101a44c1d42a0757b5bd4385fc852eb72585a179e7357f774cc7523fa6279da5cc6bf7b85ce2de9cd7032 |
C:\Users\Admin\AppData\Local\Temp\uMMw.exe
| MD5 | 8dea08ebd13e3aed446fe387fac655d9 |
| SHA1 | 82b222a25a62abd6c51d5fb066c247e115171b47 |
| SHA256 | 8d4c646c48027f94556aed712d291199a3dac781d480271278cabff335a9cafb |
| SHA512 | 99533bb222b6949e6cfea32d4b0809b9dcb2323a2ba53ec9d9eb11df696643d38fd9979bf95eed036cc0f7778158a9de2c41892449c6f41bbf2c2c4144a1de43 |
C:\Users\Admin\AppData\Local\Temp\UEAW.exe
| MD5 | 5d293c927bc569ab1a89ee4cacab4514 |
| SHA1 | 4a5831703ed7408da00a1c0ee710b6baad6a894b |
| SHA256 | 46357c42935731f7481b8c4f4dee0e89dd5fc5b6aa2c93ddd4433ff4064d79db |
| SHA512 | 99021f87e82d1a2b33a78dca7ba3b711cf60967e932d212c0f4b4338b1c3316a772a7b58350c7a223f41396e398adf18ab608b52604dfaf57fa46b92a4930446 |
C:\Users\Admin\AppData\Local\Temp\KAEE.exe
| MD5 | 7e879aa634d0646a5a6c4e6d35d56343 |
| SHA1 | bb41882e90d16d3d81233254cbb375a6ac980191 |
| SHA256 | 3235d8af8a49a8d797802d67dd390e2c05b10ead40e204ea08b3f40f43b53a95 |
| SHA512 | 1728597a6866c5507a9527a49f953eb7db3b89a9ae429eb1c937d9059e5961fa7530f8d11ecebc2f4482ded1a1e82c87dd5918f3ffecd2dddd6b7de28ea1da45 |
C:\Users\Admin\AppData\Local\Temp\eGMUkcEc.bat
| MD5 | d3c0110868a074a23e52bc9d97886ace |
| SHA1 | 469d05dcbc9ae29a8e927e3942cd604330c1d966 |
| SHA256 | a15ce75285bed178b406b577f11d3c383af8f216f4f91c9daf1b6e3295d5c6cb |
| SHA512 | 20472df647b4e1186a0b7bbd3be7ad7bbc56de8e6784d3f026288a55398aa1423aa0d47ec9b0b7e8cfa0f0735ec33aeac9a5f5ce0400c8d3048da0b9fb93263e |
C:\Users\Admin\AppData\Local\Temp\igYa.exe
| MD5 | 30df17aab15530a7e9873692ee99d34c |
| SHA1 | 73b310411eef952d3c94ef41f304222e6d045ce8 |
| SHA256 | 058dcb48c5573443bd3b3fc38e12e99847c0c87bc174a8254d062c5eb2ce8754 |
| SHA512 | 836f26460d9b0c2b408a59b28b73b88377a149bf2f9d3ff024dd7175b92dd727b29ede9bc8b2729e7fbc3b55d61456f09db52d39b1261108edc9548d33bd241c |
C:\Users\Admin\AppData\Local\Temp\iIYq.exe
| MD5 | d42def1d6e87b14f8cbd3e2a115f5aaf |
| SHA1 | 60938c716e6ba195e5eeb18907cc10d163b3dc73 |
| SHA256 | 539711b85a7f05370ed975644999b0efb782c3860fc65a5bae44e4f2b4bb3f9d |
| SHA512 | 2e2e9c5210a03e639748bf6f167aa0fee13dc70f70741a9c7b68280b67b56cfbcddf087b041986ee9ef61ea4764fb35d29ed3e57489e974f4d7710a5728f6294 |
C:\Users\Admin\AppData\Local\Temp\qMgM.exe
| MD5 | 4f84e2d17472b9ad70800f41978056bf |
| SHA1 | 81113104785b749700b7522ba9b56e799d3a96b1 |
| SHA256 | 55853812e2b84960d9162266cbaaad7530c327a2bd615851bd116fbb704a7963 |
| SHA512 | bcf4b1236d5314e0f2797c9567077afe7fcfddb5c955e52e999ab778ce25aa18a83fdb1da46f62992267c321d278dc5034fdb8ad9f4e02abac29a0ba9441d252 |
C:\Users\Admin\AppData\Local\Temp\vsYkgkYQ.bat
| MD5 | 850aee5f02a49987491c574e509ca714 |
| SHA1 | 77c7e86c48c3b2ff87d4b080b5f612c76b08bca5 |
| SHA256 | 6bdf537045671b69ce985a26e11140045b129c1e4d2f0adfe8945af1aa85237c |
| SHA512 | 29ea82fdc563a4e050fba9d7d9d1825c1802ebb99007b8f6dee900d7a416fd2b0ad76fc46a7672bb384f2cac476ae960d707631d2a15d03b99b066bb4416c253 |
C:\Users\Admin\AppData\Local\Temp\UsME.exe
| MD5 | 759fde9901a724dea9774914eaef0789 |
| SHA1 | ff72bb7829ba4a1d92ba743ebca922b95ff6ce3a |
| SHA256 | e7f123db57e5dcb33149f03bfdf0acad0e394bed224c45b935fa7dcec589970e |
| SHA512 | 8d755433eff9873ab6b02175307f599ea612742f7b0a98e03fa049f42474f91d11f925b7a295fc05f5b547d13ebf311b5578c605c1da139dd961ef85eef88889 |
C:\Users\Admin\AppData\Local\Temp\KQQK.exe
| MD5 | b7311e70ea1ae34de3ebe887f153a008 |
| SHA1 | cf247e95b5f2512c0729bef1d73b8776fb7ef81e |
| SHA256 | 98dd781123aa9aa9248f9800b45ba963fe8fd107d6204ada8b9e883da80a2aa4 |
| SHA512 | 5abadef570b4e6bfcd05db4b87f16c4606aa2772f03810b903067c0ab177d9811b4b17bc584aeebcfe02cc3c0adbefe6d7f01f789cfb360c9150df4b33aaf100 |
C:\Users\Admin\AppData\Local\Temp\ksMMIMQk.bat
| MD5 | 281e0b1d9c92bbf05d283368fe994ec5 |
| SHA1 | 147f755a2dd09565016210157de0d7186c497aef |
| SHA256 | 6cd2e32ec0c91fdfa10661f39bb5074e4ef24b318faac98963a832002311843c |
| SHA512 | 16c245f7b986f851d7cd51c834305a9172c78ec98a33fcdf9c6a58641bd81e5c42083c1662f40a7b0ab3d08d7d9c8a9595928a7f6f209780aff85eed04785d7b |
C:\Users\Admin\AppData\Local\Temp\AYgC.exe
| MD5 | bf56c0445d9126bb3b9784fee8813856 |
| SHA1 | f6d7c5d50f7cf7d7737089c78132953bb857bb2e |
| SHA256 | 93c9fa6c0dd7d1e69bb8ad8e53ed1de891aa7963f468646e1855d4f201ab2226 |
| SHA512 | 6caee5471e4d19603235e8c69d7a40ed42070ff8ecedf2b5d9cdc82e8c82039044f98f3cdcf20c0a384e06f2a8c142692bb5f5248882ecbb21096bf39e27ecc3 |
C:\Users\Admin\AppData\Local\Temp\oEQO.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\AppData\Local\Temp\Ugoc.exe
| MD5 | 6652cf9b74140454a05515698f9e8ec7 |
| SHA1 | ed0187f93eff71e5f38adb55614a2a0a8793fb2b |
| SHA256 | a35562fd79ce6f35c2767e79a8a6b84643c88ea313fa0727dc6955afe771548e |
| SHA512 | e7c7273b250e7224746c4778d603cce242cd361368447dd8d883e9f6f15190e6d0fe7b616e8409496b7814672e9e8210ab65c72a5a24554345c7d92c2e9b0605 |
C:\Users\Admin\AppData\Local\Temp\MsAe.exe
| MD5 | 29c71f81fa4f8af48428227ea9291828 |
| SHA1 | 3bf929a4525b8599cf56e4a1661a8999b77920ee |
| SHA256 | 8c1622eb796baa122fad288805d955264e3d5cc43f42c94d0e3fe9e44c0b718a |
| SHA512 | 8cd60170fb7a9f2b8a30907e604ea3ad61e14a7f8e0a710d76acea4177aa9f90b08fb148578a10f68e002a20f769486d3203afb16c7731fc542f9dd4c54ee479 |
C:\Users\Admin\AppData\Local\Temp\HussEwUM.bat
| MD5 | fc8aed028c1eb4b7e0d545640382ec5e |
| SHA1 | 8818dbac56ad29f2ff60186c38203bf1af91493c |
| SHA256 | ac672c95712a339a9f4f6cfdd855d8e092a9d534d622050c5a0084d8ef54615d |
| SHA512 | 654aeea2310e94546c51a30faffdf5b28bcb872c3ea8cfe94b420b1ab4ca08d1379bb0e06c94b5925171d0d2444d705ff09dfe696c5fe6fa9c6d9801a4c46b30 |
C:\Users\Admin\AppData\Local\Temp\OQIe.exe
| MD5 | 44d06bdd129f9b84c25ce4dce9593afe |
| SHA1 | be53e6b9644852513e54817a5c9abee2cf07b631 |
| SHA256 | 60bfbcb29704ccaacf765f735b1a881c4d83d52d86e10c20738bae01fefb6647 |
| SHA512 | b9a9784a044864d32023cda99c1e9f48f003da9fa99a87d74334abbb3b183d8e8f0d37b9d94648f799abd82fae0aaed3df93a0c022d82f23e1e56d3ee7689376 |
C:\Users\Admin\AppData\Local\Temp\UUIswkoI.bat
| MD5 | 87bbdb5b627e4d5317b6911921158715 |
| SHA1 | a17ce7f9bdc6de4fe4d26f28255e7205d4fefe40 |
| SHA256 | 63cbdc55f555792e41da41beaf5403f15bedabbbdc640eb205c04ae143f87ee3 |
| SHA512 | 56c47f45baaf74d38cea094dec3019b6f09ffc78ff9761cccb1d34b1a47267eda8e286385fb38b1d3dbd7705c0117f6af65f80ce4813097aa1e9a67d751f72ec |
C:\Users\Admin\AppData\Local\Temp\WYMq.exe
| MD5 | 16dace02ed80f5837b95075efaf94117 |
| SHA1 | 6d5e4bf451a703a1ce7da35c6becd073c262d5d3 |
| SHA256 | 0fbd46d34b0525eb77cafb254983ecee58f2608fcbce5b763ebdeff7146ff5d4 |
| SHA512 | cf79ad1da96bd1adce7f9407124c4ac28f0ff1cba5c0d9b804f0e712a19a12c023268e83a0f3e4e01d79a362e6cd8a8f943cdadb0cae5d02c36adc257e776153 |
C:\Users\Admin\AppData\Local\Temp\uYcQ.exe
| MD5 | e2a21f3aa076f135393e10744117ce7e |
| SHA1 | db08bad51dbc88623998cc3acb2b6d5ee6fcd021 |
| SHA256 | 58411ce7fdf532e5cea52b515490803966d0ebda5ca58dc95947b0622a45a646 |
| SHA512 | 37234515d80d7e7219c6a0e4c8e7cec89da015c7907b2551d96b16d918580ac0d552c447203accc60410e53894d62c25a9eb2e6300e15d1bf6204ea194afb79d |
C:\Users\Admin\AppData\Local\Temp\Ucck.exe
| MD5 | db361cd32069dabc23ee7925e3bd0e17 |
| SHA1 | e8dc8c4cfcb74c96216894129762ffce7c6e1376 |
| SHA256 | 5d232d61c5c2139dd0f6cbc2a1fb7994f6a534e15c77c80c42d538581f86ba12 |
| SHA512 | d1e6a1eaff356f3ca60e4be4aa521a872fed3c41ac5dde51a2e214fe900dfc308de1fcf71691ad488d0312239156901d6595ce84e418e84f77972b128a5eea41 |
C:\Users\Admin\AppData\Local\Temp\CIkC.exe
| MD5 | b2c4a0a212e700bd685d313b9ecd306e |
| SHA1 | 14f061a2aa659a360c4023d6155c8fd81885a24d |
| SHA256 | 35b2dbc486e7869a4ebf6a1b388d53e7ebf9660a05c84ed9c0431b4f72f61089 |
| SHA512 | 074e396eb15e8bde61f248b00501898fa281b31acf96a0d58bb422089427176bb05c1ef8ed128f63de372c67318294aea131bc5e6003f403edf70708a4d35cbc |
C:\Users\Admin\AppData\Local\Temp\GQcQ.exe
| MD5 | 89d1d44f56f0147c633385b50b32db72 |
| SHA1 | 44bbf3b9b7713585d9ba7b0868ae1217b9c483f3 |
| SHA256 | 6be45350626a800327f5460771a2cffd4ffe670f6a7db170b548938d5f7d2b8f |
| SHA512 | 076080556318754e8ba0ffcd689f6276d3e0b9c63534193630dd7098e35a4ce29efbbe5cde7605bad7c767737ad1a000ab6cdce3d03a80b9f64564db56b8bf3c |
C:\Users\Admin\AppData\Local\Temp\uswO.exe
| MD5 | 02e35175f8a60863170d1afedaf70ed4 |
| SHA1 | b899b14b7f889c6461c09a7c3d0f864c362123a2 |
| SHA256 | d8b1892965db11a3e5cc46218d24e11ea6d7325c2b0bbb203dd8407716619448 |
| SHA512 | 23e99619db31091f14c444e2b943cc1909a14c8de8f2c9e3fe620bbe6a66e61a3d2008302690cd7a5c448f38213e6815b064d32b9ed0a9146a9b7c87d5dc2997 |
C:\Users\Admin\AppData\Local\Temp\iUYo.exe
| MD5 | 25176e3bfd730f198ecf3ee93b5e3c6f |
| SHA1 | dcb6790a7eaad050bc6d0a490e974cab1aa17b4c |
| SHA256 | 424cfde81137e684d80ff3d4872d6e6618c6682451d09fceed0d162e974cf0f6 |
| SHA512 | b0d3957b15e6126a626f30688041f5f547b03bf7e8b5ec3991d7d50bfbae5f03e25f768fff74ec154d93bd0b1f38e121c363be1a7927a17902ea44f3ecc41a10 |
C:\Users\Admin\AppData\Local\Temp\GoMO.exe
| MD5 | 3d65ff5716d060e2f8fd208371a256b7 |
| SHA1 | 1577967326dc41a54d8608f143f5a1ac4d854f19 |
| SHA256 | 6051247c87a81fcbf1740accf8a655d192897f3f81fc130d53cb9918d4fc382d |
| SHA512 | 7326f1fd60e1edace23c5c80e6148f905d77c707374d3e703d2d1fe9394a59c5df54e4607731079b2d088766b56ddd1834bb8737a685aa1e05b819cd1982185e |
C:\Users\Admin\AppData\Local\Temp\EIYC.exe
| MD5 | 3ccfc22c5a2bdcc541712645f1ef0e0c |
| SHA1 | 2c78907f4ab35a0744503af092c048697f9e24e3 |
| SHA256 | 9626e667f6741de4a88dcf64f5ba10b125735e6ddb6c08e0217e66a18b284381 |
| SHA512 | b186a386ef11edb0ce33a30771a9bf0392bc84baecbc6ede92da57d2a1c40b03d023623a966664116205e5de166d3c59c6470ad996f7e14203f68a70f1953a99 |
C:\Users\Admin\AppData\Local\Temp\YAwK.exe
| MD5 | 375651c22cee54a7a377f09af2de5ae4 |
| SHA1 | 909c301f34194229ec178c6ba4a11fbdb838c732 |
| SHA256 | 447af5d25d27e119bf5b333c628301fbecb0c2342e6471a72724bdcf5495805a |
| SHA512 | c4e07cdaede96febb38bebaf16dbee8201c3f12479d7aafa11433d124d6866b8d932eb9c456bb076a15e64d744ca42cf52d8c688dc0a934f675816bf9b8e82c9 |
C:\Users\Admin\AppData\Local\Temp\TQQgsEQQ.bat
| MD5 | 7520a6fffb1db69b25d54dbc43adf9f5 |
| SHA1 | 29a940f6c49e0252bc1794baa0cdf542f59a2c8e |
| SHA256 | 7f9860777d148a5d645f444bce2441c9141562737dd98e7c4f9c49854f39c23e |
| SHA512 | 7893cfdaac55d043b61e3eaad629b19d5c6172ff60e2cf2594a46f9e438ffccea613db2597a3790c8994397dad235b8db5483f87f216213acb8c3edd08b6c613 |
C:\Users\Admin\AppData\Local\Temp\iUsq.exe
| MD5 | 63df343c4e86f0494650ca8e83aaf551 |
| SHA1 | 70d848439346e5e60797691071a28688832c0f87 |
| SHA256 | ceb10f1079c44052b2ca8ded6342a664b53fc963331d61c86cbf0d8169f287fc |
| SHA512 | 3f0ccf3e206657b9a25ff82cfd884e6fb0696c2abbe12cab43853bffd96048fc8274008e07cc6e59871d5d81bbb25d75398821e33dbb3dc2253c209b5b855ebd |
C:\Users\Admin\AppData\Local\Temp\fCYAMkMA.bat
| MD5 | e89a5349e190a3f4b69d595a67f71d04 |
| SHA1 | 9a8042baf262d6cbd0731cf6c805f3a60fb8c301 |
| SHA256 | 376f668209dc0d44d4d21978af6efc7bdaeba9150737598ddf68223327e09a94 |
| SHA512 | f2cd61272975ea8707b7093c9ce6152aa2478b23d4975f08285dca98dba22c874db346d585ce96c38818399d534fa2cf9c061b7de43473790daab4030b4d9baa |
C:\Users\Admin\AppData\Local\Temp\haMAskMc.bat
| MD5 | de1bc0bc2f43104f9e51c8f7f06b6721 |
| SHA1 | d0f55ce4d9a1d2f22c5d647914772dce07e4a2db |
| SHA256 | 14a7e071e6a3372c4d96f027e47e79d3f42e8b511dc2198a3d12c331f2e283eb |
| SHA512 | db3d3885e395ab3ae2d7ee103b3ec6aa0c4a7a10b7582c62595a0fe3b904636dcb64f27396f52141eff5340ab04868f0a0af4fef6bf9b952c5aebb1de5bf926f |
C:\Users\Admin\AppData\Local\Temp\IwMs.exe
| MD5 | 4eb35696467ca547a2471055d1a1f5bf |
| SHA1 | 9d1926dd81f111f35621394c7d5b270b2265f3d4 |
| SHA256 | 224daa7d0f112579f8085eccbc5cfbeb59c2a27910537d75a540fa055b6be0dc |
| SHA512 | 830679051bd14e4825bf4306780a26d7b9c8edaffe1865d0b242ff370bfe8e9269ed313f9f367f81b2f135ae863409324ce26410b9412aead0c2c1a5715694ed |
C:\Users\Admin\AppData\Local\Temp\UWoQIAME.bat
| MD5 | 1a962433850e13d0e301253ee01f8bac |
| SHA1 | e99a156453b9b74bd3e922c3aafaf227d44c2227 |
| SHA256 | 1384ce95e1cae4fcb1de29c2968ea0a781f41bfd95dc45ab08b32b721976307f |
| SHA512 | a74d9dac09aca5a4bd000d46f99c790a47db5a099a42e5d5d99bdbab0688f9fff3b765ff4ba042e54d094334a5ad4383be2917de1e91ac5493831183f5c4cb0a |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp.exe
| MD5 | 2083d78097d0c5ebf6dedc5f37e5fd05 |
| SHA1 | c86974f83fda71c5abf8a07783556295976fb3c6 |
| SHA256 | 5c68612f75273d554719ed6200461e039e01854b82d112e928642d68798784e4 |
| SHA512 | 32794a13cdfb203c1f8b63995386c0575a58a80dc7b6b25745ca8ac55e7b3ea18931f3b57cbef69ae035e035b069bff0839e84421dbdb1b5945860d74dffd8b3 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp.exe
| MD5 | fd3b288d87f6fc9c165c29274f63224c |
| SHA1 | 08eb9c3d7c7acc1c982bc6a8287bce9a3cfb7726 |
| SHA256 | 4c461bb22b0d1914a3f0f432398ff58769815649a7ea15a9fc3c54920e78c5f0 |
| SHA512 | 408c06ecd27d31605a7d61953c0e9728d6878bee0025871b3a93aaba3e87b1a0573078d2efb0630cbd5c0ad08de4f7ad04bd62ce67eb387ff0b31332c3c01da7 |
C:\Users\Admin\AppData\Local\Temp\oYMW.exe
| MD5 | b5bddcd9cbee9a292ba505cf86560270 |
| SHA1 | 3a3f82e050937306e7d07dd2914b742a6096f590 |
| SHA256 | 1de90f7cc68a58602579cd955a61393a27fd4a164298820b91e37aa8c5a05caf |
| SHA512 | 3da1c654272d60af93c644c2657406a1563869ca4d4c839d5b0e0dc08451131695907ac5627fcb77cc76a364f3b1a411fbb23f96ec0dfefa591eca6d95221760 |
C:\Users\Admin\AppData\Local\Temp\oIMm.exe
| MD5 | ceec9f73f385329691931ed40d8d4fe5 |
| SHA1 | bebc7d1b50f543fc65708e2ce9b0a84a23ee821f |
| SHA256 | ff58b981275d38435ce0638c8ae17506bd06db5e3e07176a1eda19c29bad0e41 |
| SHA512 | 50997ab36b0de3bd53c22cd23b540ae62d4ca99ec5913e51515de9538c1de94cbbe12537446a06c012a3b989a9ae0ad105431e71c567bb38b2239cac25882741 |
C:\Users\Admin\AppData\Local\Temp\iIoy.exe
| MD5 | 68a1e7f94e920de4a1b2fcc2cb16e070 |
| SHA1 | 0cda5b4ff952cf20e2106bd924bde23c1da29af0 |
| SHA256 | 5d78c89d7ac690e9ea0f29e93ea43892a2f2e794cacb96e36d0268a7eb906a41 |
| SHA512 | 07a83d71336074e69b17684144f22bc87cc0ba449bdeefcf9739a6af2b9dd32fbad4911320a0ad4a39e6c549ea747d701a1ce5bf9619e4719ca0c9c4fade3756 |
C:\Users\Admin\AppData\Local\Temp\kIUK.exe
| MD5 | 8c1b9d43a0982c120bcfe6d07c1b3d13 |
| SHA1 | 0507e70efcf1ca18e94ec7c80398f51373c066f7 |
| SHA256 | c6d788291284f378301d17127bc6b71410dceebcc0b386beaade1a47bb8996a2 |
| SHA512 | bdc5f25354ec27be80009f666de6e3c5277140d1869a83b8708fb22ad957db0ca28abfa3444973530bc3e7e5c45ba8858f8ee551a064a253f865185583cb5cbc |
C:\Users\Admin\AppData\Local\Temp\aQgk.exe
| MD5 | d19538f1456967b04dc5da24c7e40e0f |
| SHA1 | d754cd8da55809a39d9a98357d5081bbc32f14ff |
| SHA256 | 7d3d3985cbbc5cc96a1856f6298ff5b50723038c2b48b6b4972b0642df168ccf |
| SHA512 | b71f27ded36772f5c07e3233dcd79bc8df2bcfbdf34b8da7c289dd303596873c5dcab1bde123cabb60bc0cca046eb3bb99b1439780f47eb6e910741c0523183b |
C:\Users\Admin\AppData\Local\Temp\AgEy.exe
| MD5 | af7dc32c87fbf6887cc2eb389d931676 |
| SHA1 | 0dff3731a899fe0d36c07400019f02d469755173 |
| SHA256 | 8f1167db7d1466d0ec521d1f082e84391a368641e2f86c5caa88dbd3df8396cf |
| SHA512 | 7c5afeb6e542d3231c1192f6eb212e4ba0c6ea8f0b79f81ad2adac7384aaed07cc4744bfe578095a53bda6f6299b38b8e196535e1329a6ed1b787b10cb39259b |
C:\Users\Admin\AppData\Local\Temp\skku.exe
| MD5 | 4a68aca351622ff4be7fd1d7accfe767 |
| SHA1 | 085525a3c860bec615d3ae5cf3650306526fc7e5 |
| SHA256 | 6c38178f65e4309b9e114def3971b46df29d7584aaa6ca9a65621ee2350fcea1 |
| SHA512 | 8901a09906c234f77bf7e18409837c2be5bd3785fe9ff68cff4de11c5895b837359604c77c89e1ca3e96e1023a874a5f7717a5705086516fc2a2f6a4707fab05 |
C:\Users\Admin\AppData\Local\Temp\msga.exe
| MD5 | 05a0d3cb2106252eeeb697097e39d183 |
| SHA1 | 19ffbc6906b51b376ee7d02b7db6414c667f80c4 |
| SHA256 | 6117530e626614780e2260762d5ef8b7f69649b165049712840897ab6dd9f545 |
| SHA512 | 71ececf65eed19367440222d9a5de18123a0e839deb478707980ebfc1c544122ae80c2e1f3d5c701cd1599b6a2cb9a3c838d1d58392c323b5beab36c3326f784 |
C:\Users\Admin\AppData\Local\Temp\EAQm.exe
| MD5 | 995d63739c213bf7b6b11a799fc8dd1e |
| SHA1 | 801ac525f2d184467950394cd8846fde5e799d8a |
| SHA256 | b513a20bcc3ae4fca7af6bc6d8408b3f6fb9d0d312e0030bb4b45070f33482a0 |
| SHA512 | 09acbef2c4724664b4ef2690fe268859beef6219db59fccace4843e94f8c79da87b06a2ea2eeb866746ca3d55a6386cdde7a19c47a9c346e665b3a1f0492fe98 |
C:\Users\Admin\AppData\Local\Temp\yAgC.exe
| MD5 | 55ebb52068477d326425607535660e1a |
| SHA1 | c3035f17aec26d9147dd81011332f127a22bf470 |
| SHA256 | 28cc79bbdb1b5c462f00b250bf87743beb28561c90a0776b17256f41d279f2ca |
| SHA512 | 6e54837cecd1650c534acc4c6c53e634bab70110de51636df3e53885e950413e0a127438c3585f78f735a1f4594604bf935576e198cb8bf72b65442e50114f28 |
C:\Users\Admin\AppData\Local\Temp\usYy.exe
| MD5 | 49d107825b4802349a7d1d2afaaafaf6 |
| SHA1 | 55973b79e438a9e49f7ac13c728123ce14c5e2d1 |
| SHA256 | c1b50aa3322fa273817ba4f4e15937cea9a9d9753fda0eaae5a83dd5695113a6 |
| SHA512 | cf274d974533729bb8fde4a87b2817a7a1d636c56f92587b84d3f5cebbdc041ef262c6568721ddff73b942037fd14791980e31b0117d7544a80901607a37bb3f |
C:\Users\Admin\AppData\Local\Temp\eKAMsMAM.bat
| MD5 | cf3f096836948360424e4576b1b47d7e |
| SHA1 | 0cafc08f8aa8d706aecf2e2aa89cd16577bf5244 |
| SHA256 | 60eb4f6ac54f4c02fe2004b3441d64a645ef7337d2ed56514e2524bd4cc1320f |
| SHA512 | dfd9f6bd89d70412a33229034a16994160f6ed02924f9dadfd8d9aa79df958ae8a30c4dac3d38c18497c142dc0a3850a2966dfbeec9c03aaeca487a72b036271 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp.exe
| MD5 | 4ded5ac3c07c79e2cd9876aa0c48d77c |
| SHA1 | 65e9d15745f059c2198e9829ecc9c7814d18e882 |
| SHA256 | 9d260f88b75e65728c537629f71058da557e05aca7f5751b1d365ced8f15a83a |
| SHA512 | a09ad0235f6334db2353311dbb17c08f732de81515e7819e61bfbcb308bb2607b2f6769a58f558250da08fbb0ac065f8e45d4870cad69c947a50558c11255f0c |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp.exe
| MD5 | ae940aff6abc1a1a1e290ba1821b5bd2 |
| SHA1 | 2c9478034b587c6defb07957c8b9510e70c0afaf |
| SHA256 | 629732e2ad6706ec0493212792ea85e046fab3ef485427c7f22656b88838ba3f |
| SHA512 | bf5a120d8338f6a3fc1e6f70ac706604e20a27608b685452c80c792b72a8868f5200e0d4fe72cddcaa49bbb2916c0d17e3e4fcffe624a96e25be4e723a54a124 |
C:\Users\Admin\AppData\Local\Temp\HEkYUUMk.bat
| MD5 | 5f5a986322922c3e63fa6d1bde37703f |
| SHA1 | 3e322954d4968987c9da6614f5ac98cc0e3293df |
| SHA256 | 5051370d7c0589e495dfce3eee7d57da9d504b9180ee1c47758d45964c8fc9e5 |
| SHA512 | bf30c5e6d4d3849003f6e95968a59cd9af507c23ca82738464e7b37328cb35a6c4ba344d0b40a529166f17f621f310b7cf1a13c503f64684e058733f6eb3069b |
C:\Users\Admin\AppData\Local\Temp\doUYEMEU.bat
| MD5 | 7de3914d6e3fc4349aa063c057bb78ae |
| SHA1 | 571608f10dc8734fa7cdc9e602cf4d157073f7d1 |
| SHA256 | 66c0254d9e6a67c8e6a4e0db7f63106e1dfef449a52e2f56b91cdac5f0776bd9 |
| SHA512 | 7ff716c5e3aaad9eb45ba345f9a0ab06fc8c1c2685b4c8469bf1ba85052ae8e05225732d56d1db66a6bacdfcc588b97474561be071ba4322c78a065e1418dfad |
C:\Users\Admin\AppData\Local\Temp\MiowIEAY.bat
| MD5 | e4d70398010a9827f44af1e49382fc06 |
| SHA1 | 52a912351c041615b7aef2f0fa3737a88f2437a4 |
| SHA256 | fa1683828d1afcd9e476b427a614c37e7301913274aa26468f5c67ede1883aac |
| SHA512 | bca50cf302ab5f51c9d17bcf9731ffa1bb69559c766e25ca490f32d9adac6fb4bacf97e176944fdeaf60478009a0802829d0aeb3352a099b92bac2c500cc2ede |
C:\Users\Admin\AppData\Local\Temp\uQEa.exe
| MD5 | d9ab9632c4a316a5a1e5a3ddddda6291 |
| SHA1 | 3f2d7b067da185bc587509eb8c9eb67aaf3e772f |
| SHA256 | 9c5ccfaf81e54127e47cd01fe329e8fb521860f46b2b9318834483a30f06b5b6 |
| SHA512 | b0ed0a586cab284a8b31a3b9dfe545acd79e777ab7023814f7d3c656031669afbb86d78137364ea824f51cd58eb2bb90cff81f109318a6eceea0ecca10b21880 |
C:\Users\Admin\AppData\Local\Temp\LyocYkQU.bat
| MD5 | 94f66fa076afee2b878e28f8159888d9 |
| SHA1 | 76818e788a8ceead5a281125698251f98f8ba6d5 |
| SHA256 | 08fc1894e5c8ec82c781cf2ab71bf69cc996c8c0506af43475db967468b5efe3 |
| SHA512 | b522bf1dbd513d4722d08a42334bbb268c69682be755919ee9c871cbfa9dfa7146882da8d335281838b3ff427857d418bad094142b8500e02944649bb042d938 |
C:\Users\Admin\AppData\Local\Temp\wYAI.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\PsIowYws.bat
| MD5 | f907236ed8b351b019e7a9ffbdef5969 |
| SHA1 | 0f74839da4d40bed40a5e31432f0f81f10f920eb |
| SHA256 | ed0318a4cac8a8dbd0e207ae45ca55ae2a239f4105d46d01ca82a55f292cf8a0 |
| SHA512 | 6f708512cdab8fb57988863acd5d5b197c810b74a79b97a1673601106dfebecdeac82a318606e1df78e0fd5fe3ab1617d3d43ff92942d948cd9f499bfe87134c |
C:\Users\Admin\AppData\Local\Temp\UWgQowMA.bat
| MD5 | 0366906266b2fbada02e2fb17f31dad5 |
| SHA1 | dd544f1691b92d1f04917c4bfc27d28167e91937 |
| SHA256 | cb5be921ac22c36f60c79fb6e67591518de77cf06140a73915d0427d07a5c300 |
| SHA512 | 3746932aa6d46ce46cf456fe67cc482002bdb62a963367fa69adcdfa0147fd97ee6a0f96fdc67e268fe1ee86daee021be87419a2ea30db6e0bb262a91ac9d4e4 |
C:\Users\Admin\AppData\Local\Temp\mowU.exe
| MD5 | 26d38b2588ada8ebef46b7cc3d240c3a |
| SHA1 | b43c3a5d11e12a962858ae83fce5931e68aafb08 |
| SHA256 | c315486ce8b80b9d3b48b0b64103567da4065f3488e5372dc867c5b479d3aa70 |
| SHA512 | d9507eec9200a1e59f75c03d8b15e0fe8d389b8f30062e910371faeb0487488382d5ec4217f0a95be938c0b1726ac8d0b29535d6b249bdf6c5d3bbc54d838e8e |
C:\Users\Admin\AppData\Local\Temp\Ookq.exe
| MD5 | 4ed60e29bc0867b311a69de226af57d8 |
| SHA1 | 4ea84c7335321f6447cc0324024e529bc4ffe330 |
| SHA256 | 1b66f9e6f36a252ec575b9f4cdbac56a22c8d867fa423826aef5123d6a96a335 |
| SHA512 | befaba69b20fbeaf48a86c5c12b93d0d43b1e350182fc9dbd16893eb82cf1310728bb5f126d7f6fe82ce6ca04a9c5ade84d4647df2f8ee34cc947a5e6781c6a1 |
C:\Users\Admin\AppData\Local\Temp\GsUG.exe
| MD5 | 0f5f89a4ce4b53661aa53573a0ac33a2 |
| SHA1 | 10ed206c0f17c62870a694cb57d831e3a95f76e0 |
| SHA256 | 1e90b43c296535db6397ab50f98d3b9fe6f3243deb9b8277b2745d06028f9c8a |
| SHA512 | 63e8f81e42e25e048c7ff0126683ab8991ad0fcd63a47ae49d7492a293c56a024f710a0ec17e5a44f32f5c9d87682fa456bca1fdfcc7a2f9a749e1ec50313e50 |
C:\Users\Admin\AppData\Local\Temp\MMEEwwws.bat
| MD5 | 962a452c73546a369da3c796f525b6f7 |
| SHA1 | b39ea020aaba245ba49b861a5fd2a9ee46c238b3 |
| SHA256 | a391dace7aed5232154a74a3bd75cf16de521061a0ebab2a0ad9153977aaa8ca |
| SHA512 | 03ed1edd20d0ef98ee5b99045a697a40cea3b5fab61d4eed4ce4f59bba69809b228a0029ac20ca97add0c83a4b99580fb28c7e07c3b130b16df0b95352f68957 |
C:\Users\Admin\AppData\Local\Temp\liMAoYQg.bat
| MD5 | fff5e51e112bbf9326b0cb96be8a3cfc |
| SHA1 | 495eaaf317934292710b96112899f36f87b25170 |
| SHA256 | 6186d6f9de64d916b929e8ca6ebb802ca641fcc1384b96a29b33923044f8a6eb |
| SHA512 | 0e6f7876b428798fd0cc94a741ec80d3189a7a3cc2e3a2d76258daaa843deb24938b0e34d4ee3aa55bf44f6d650fd3dabe3e87ab6c0dddc474b00c8d6b914d6e |
C:\Users\Admin\AppData\Local\Temp\DOAskYgg.bat
| MD5 | 6db6b633ffdaef2602e1ebcf4cf0a3ba |
| SHA1 | 6e9bf3304c5e56273b6439b920b6adf1de10553b |
| SHA256 | 0f0adb6d97c1488d6effce7ed2489aee4bc0eda1baa0b913fad828d3d8f4675d |
| SHA512 | 11261abde057ba9cd41ffc4d3ed059bd30d1ec626ae91c971666122885188ae5fb34868044db07501ec8a4f6ae5a2b0289fe1e20d4fda13b5988067b9e6db4db |
C:\Users\Admin\AppData\Local\Temp\MMwm.exe
| MD5 | 85b75914985f0c7cb931c7621cad22ab |
| SHA1 | e56d4d4cf4d6718edef4eabe52d5c5a5e92d163c |
| SHA256 | 79e62580ab4ec2c5593cb2abd77c61118df3b5d06029ae4abfb2aa8eb7b4f730 |
| SHA512 | bf2524f3e07e0f7aced1ffd177923c5fb2586578faee8b8b482424c0d7a44fd6a343f737389ff5813e526306aa2fac48cefa8701bf3a70bd3365c693075be222 |
C:\Users\Admin\AppData\Local\Temp\CkQK.exe
| MD5 | dd2cdd04ea280ff9404b6e27ec0353d2 |
| SHA1 | 6bc9c19e935fa445380626f904bd915175a90bc8 |
| SHA256 | db2dba3f0269eea3870cf623b89032ab7dd041d8c9bf6371d1fed5344d6f96a5 |
| SHA512 | 4c9f83c2de7eb75233bc29fbdbee887ae97701e96df6f081d2d1f633f0fdebc9b1afef67a3852ee1d45036bbd13baa013dff59cfc12124cf53bb7de1a8dfbcc5 |
C:\Users\Admin\AppData\Local\Temp\uYwI.exe
| MD5 | 6e8b7d2b4b121b5e69c951ffe74a40ae |
| SHA1 | 5228e43e30cfaac33e75c2eb307f8451e73a0160 |
| SHA256 | 212ad6abd9f88377963dfbf184289fa2c95a77aabdffe041e8dad8c278bb724c |
| SHA512 | e3585235115f9e514ef3f1e8080ffe60330e6a8377ca75b534527b24f54a3bd55c1902ef4ac75ec0ee7ed0b4ff128d3bf498f47b6c9b6585a9d45d062b140693 |
C:\Users\Admin\AppData\Local\Temp\iEEe.exe
| MD5 | c310be6c45275c8c25ddcb51800be799 |
| SHA1 | 0123e2e318be6ba25faa0bdbc19a771dcc87e344 |
| SHA256 | 213ea1bda300f6d2d2c36e61b59fb5c2c8f514844576e0766997464f5eb14cad |
| SHA512 | 7b2536e2f9d34f4440ab9d2b49f6371efea3a35fdc85fcf7a880e8894c100798b7150f63f8a0966203bc1f2b5a5afb0b493b6d18e3a5f7d6a30a1be1050ac46d |
C:\Users\Admin\AppData\Local\Temp\UAsI.exe
| MD5 | fce0ba8eabd2f458380dfb54378bc1f0 |
| SHA1 | ee918487a018e486865b0fbb23bacf800d04c474 |
| SHA256 | 82e0446c7fcce3ae8b9fffbb210387c487b3fecc31050c58375e5a5222051cc7 |
| SHA512 | 0ef9006a866ecdbff58138b24de02baefa499edf9d0cec5c8396ca875ce5ab44ed4e99a8f437dcfc3dfe7aeca8ecfae3252f09b6d3ca8b394dea53b69f143224 |
C:\Users\Admin\AppData\Local\Temp\wwAm.exe
| MD5 | 7b0af8f5a4255cec1de7b5fc3e159f42 |
| SHA1 | bb634d9d876bf24a0eb729ae7253063c73031fb8 |
| SHA256 | 62e0afbe1f24c2ec5185308476f3a13988ccb6a006b57838acf49a07a025334d |
| SHA512 | 2f96f2ed25a3f971bef47ac53a7c909f9760232974c37518192edb417dfa4deb29f917fa8e98dee51e18d80ea4ae2ab99141e1bf9925ad4697cf6d1e3bab53eb |
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg.exe
| MD5 | 36753abf3a1b5340ae73c925010838c8 |
| SHA1 | f2d27fe1a6d77d5c37d5bdb73ee67ce4c7736ed6 |
| SHA256 | deefe0cdde070ca0b1541c443c5cd91a742ea3e13ea56ab5842ec518f6825600 |
| SHA512 | 3e951d3bf7d7a0f31d2adea987367ac9be1f2ba8cce2ad550d71d88d76acae31e4b7fa47ff22fdc94d6d005a91efce61bca362acfa59df4d608546178c75ae78 |
C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg.exe
| MD5 | cd8ff3e0132cf5aad58b7615f1c6ed8b |
| SHA1 | a05117fc41a0fdf331e9c71f7ad8b09f4f99582c |
| SHA256 | f3167abf2f510ad9678c44540b86a7ef84aebd0331b86790cb5db943afda3784 |
| SHA512 | d208ef19e7bb31a1eb87c3d04e1addbfbaf8eca5a5061eea448667d76185ab8db68ad97e26ce9cfc2c6057fc836bfca8af1d135d193512e429afa056a82608e5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-03 11:41
Reported
2024-04-03 11:44
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
101s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (71) files with added filename extension
UPX dump on OEP (original entry point)
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\nCQMUYcc\tuQwMQEc.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\nCQMUYcc\tuQwMQEc.exe | N/A |
| N/A | N/A | C:\ProgramData\nMUsYoQw\TaUMEoYA.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tuQwMQEc.exe = "C:\\Users\\Admin\\nCQMUYcc\\tuQwMQEc.exe" | C:\Users\Admin\nCQMUYcc\tuQwMQEc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\TaUMEoYA.exe = "C:\\ProgramData\\nMUsYoQw\\TaUMEoYA.exe" | C:\ProgramData\nMUsYoQw\TaUMEoYA.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tuQwMQEc.exe = "C:\\Users\\Admin\\nCQMUYcc\\tuQwMQEc.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\TaUMEoYA.exe = "C:\\ProgramData\\nMUsYoQw\\TaUMEoYA.exe" | C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\nCQMUYcc\tuQwMQEc.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\nCQMUYcc\tuQwMQEc.exe | N/A |
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\nCQMUYcc\tuQwMQEc.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe"
C:\Users\Admin\nCQMUYcc\tuQwMQEc.exe
"C:\Users\Admin\nCQMUYcc\tuQwMQEc.exe"
C:\ProgramData\nMUsYoQw\TaUMEoYA.exe
"C:\ProgramData\nMUsYoQw\TaUMEoYA.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\siIgkooc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sewcQkYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uEwgQMwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oMgYcUks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pqMEMoEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fGcUYoUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xIkgsMYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FoQgwcEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mYggUsck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QikIkoQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AoIIoAwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uoswAMIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZAEsgwks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PQssAscc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HEMkoAgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\smwIwQsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sIscIwcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EEAAsIAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PeQUEAkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rQQYkcIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TmAcMgQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OUsMscco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KCUIskMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\awMUYEAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kkokMkoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nAkUMYQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DmUcsssk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rqcwQAwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bQwMwMQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qsgUwskc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OKMkQYcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aKEUgsEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eaMUMoUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zEcEskEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vOQscIEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dmMUAgQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WkMwQkcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wOcEcAYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UgkcMgEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CmMUUAkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NWYokQUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PWoUcEgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\peQEoEYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nUIAcgAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wYQogMoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QcsYcMUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IKcMAoIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iMMMwEwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xQUQEooI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\daMAgAAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BGYwUcEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XuMkcoMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AEccYEEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ayIQIMIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KcoscMoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FcsIAIAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fugYYUsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TSMkYoUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HAYccUoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\skgUAMYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\meAkggcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KyQgMwwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZyIcIgEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RAAsoEcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bYYUcMcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FcUAsIAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WwIEAcwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oUEkYEMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MqEgMUgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YWAoAMgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vEgAgoAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vYUAEkoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JIgQwEMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SGwokMYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YGwoUwos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UgAgEQgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SAMYkMIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ViYkIQgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\voUkwwME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JaUYIQMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BakYEwkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wUowkgQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oCokgoIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MKIQkMQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RecUoEUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FQAMcoAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VwYQcMsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lGEgQQAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aQgcQwEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\miUYskkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KUQkIgYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LQUgQswU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PsIEMYgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XWsMUQIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zmEYkMEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qWAEMEgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AgwAUook.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\emogEooM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TucEwQUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LqIQEUUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bkUgUUYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NAAsscwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nyUwwMoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qOMMAoIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sGYMUUsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QuwIUwQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VWYcEskY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XEAoIscY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZgYwosYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WskUsAIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MgMwMUwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ogUQosAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EocAEsos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\puIQMEcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lSQwkMMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rQcssEAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UMAIwcMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\acEsIQAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MMQEQAUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lOYkosIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\roQscgcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\neIYsckc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uyIYwwcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UYoEAoss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WqQQksck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NuQkccgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LSUgsMgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\piUAEgMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yaUkUwME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gSQYQEYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wGEEcUAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uAccAYQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vWMkMMoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bOEkEUQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dUEoMwgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kYsYksgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Wygskkcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EcokUsso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sowsEMYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eGkUkMUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pYEwsYAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\roEEAAsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rkUMogww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 142.250.200.46:80 | google.com | tcp |
| GB | 142.250.200.46:80 | google.com | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.110.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| IE | 52.111.236.21:443 | tcp | |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
memory/4456-0-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\nCQMUYcc\tuQwMQEc.exe
| MD5 | aaf69d9e7f2f567419043e3647d38b63 |
| SHA1 | e968a40dc6077ff65123d6af8c6534e537446d4e |
| SHA256 | 2262c18f1d9216974f74fc5e08ea15c90c85619d06f711a48daba234189e8fb4 |
| SHA512 | 62af220f9e6416dd4ae031e35c6bea2a16cf6f9a698cc3d5d423381bb62aec053e47c46977467a4b8003703cfce9afa593edd8c66fdd61559ae6c4d97a6689d4 |
C:\ProgramData\nMUsYoQw\TaUMEoYA.exe
| MD5 | 18a5fc0c95f86c7f3bb5f93a5d726472 |
| SHA1 | eeb14d9cf34d862fbed43debb9b78874aba58329 |
| SHA256 | 8a4b19fa4c29b31fad8c868c91e0fb217b1547880e240970e4fe4201725a8203 |
| SHA512 | 878589d8644fd80e2e14891ae9b2e56890a5b894ec55356efb960380ac576e664e8dcb7d6270512f9e3e7b3e375cf7fd3c207eede7bd6175c84b6ae74131aa5c |
memory/968-15-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2780-14-0x0000000000400000-0x0000000000431000-memory.dmp
memory/3228-16-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4456-20-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\siIgkooc.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\2024-04-03_c1aeba6369a3615061f44778021f6b42_virlock
| MD5 | 8243501c8bec7c2fabcac8cb47d98048 |
| SHA1 | f03c28e2f966b10efdc0eafda6ed6d3ab14b7d43 |
| SHA256 | 4f5230f4e5338c433953dfe6fc203f2cb1936ca7ad8a9d6aed0afb583a1639fd |
| SHA512 | 5de50003977c1b5c4f55132465d0a5589a32a00f388c6c57fbc9da42fcb7368578ebb6e9b541e2656dc07fb9c0a77cea75f990316be67ed5bffeed47385a5aa7 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
memory/3976-31-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3228-34-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3976-45-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4164-53-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1964-57-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4164-68-0x0000000000400000-0x000000000043B000-memory.dmp
memory/8-69-0x0000000000400000-0x000000000043B000-memory.dmp
memory/748-79-0x0000000000400000-0x000000000043B000-memory.dmp
memory/8-83-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4772-91-0x0000000000400000-0x000000000043B000-memory.dmp
memory/748-95-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4772-106-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1556-107-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4924-118-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1556-119-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4924-132-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3352-143-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4196-147-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4196-155-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2540-168-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1876-179-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4260-181-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4540-191-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4260-192-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2256-200-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4540-206-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4460-214-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2256-218-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4460-229-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4316-230-0x0000000000400000-0x000000000043B000-memory.dmp
C:\ProgramData\nMUsYoQw\TaUMEoYA.inf
| MD5 | acf509cf45b20f65e2a0767123668f30 |
| SHA1 | 620dc1ff20b7535e3ff1cadb77f61bed5d790cf4 |
| SHA256 | b7408a2710f634af44ae83a9e07539c26c48a98226595ad7d3fb138c138e0d74 |
| SHA512 | 0f3dd3a78a71602b2ec69057bee8910a4f4890abbb9909beff55d7468c7f692b953da47de03393c5a6935a41e7b4a9fab2f87d6697a7a993cd9683c81d945c44 |
memory/4316-243-0x0000000000400000-0x000000000043B000-memory.dmp
memory/632-246-0x0000000000400000-0x000000000043B000-memory.dmp
memory/632-257-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4852-266-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3712-267-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3712-275-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3280-282-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4148-286-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4484-291-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3280-295-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4484-303-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2428-304-0x0000000000400000-0x000000000043B000-memory.dmp
memory/512-312-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2428-313-0x0000000000400000-0x000000000043B000-memory.dmp
memory/512-323-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1796-324-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1796-332-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3148-333-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3952-341-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3148-342-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3952-352-0x0000000000400000-0x000000000043B000-memory.dmp
memory/5064-353-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1696-361-0x0000000000400000-0x000000000043B000-memory.dmp
memory/5064-362-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4044-367-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1696-371-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4044-380-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3148-376-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3148-390-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4520-391-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4520-399-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3176-407-0x0000000000400000-0x000000000043B000-memory.dmp
memory/436-408-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2936-416-0x0000000000400000-0x000000000043B000-memory.dmp
memory/436-417-0x0000000000400000-0x000000000043B000-memory.dmp
memory/872-424-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2936-428-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4660-433-0x0000000000400000-0x000000000043B000-memory.dmp
memory/872-437-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4660-445-0x0000000000400000-0x000000000043B000-memory.dmp
memory/5076-446-0x0000000000400000-0x000000000043B000-memory.dmp
memory/5076-454-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1388-458-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1388-465-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4564-467-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4564-474-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3516-482-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2808-483-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2808-493-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3336-494-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3336-502-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2108-503-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2108-511-0x0000000000400000-0x000000000043B000-memory.dmp
memory/224-512-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4980-520-0x0000000000400000-0x000000000043B000-memory.dmp
memory/224-521-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4980-532-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4924-528-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4944-537-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4924-541-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1604-546-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4944-550-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4516-558-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1604-559-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4516-569-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2884-571-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2884-578-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4440-586-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4220-593-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1372-597-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4220-605-0x0000000000400000-0x000000000043B000-memory.dmp
memory/5072-613-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3724-614-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4424-622-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3724-623-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4424-633-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2508-638-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3412-642-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2508-650-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3016-661-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3316-662-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kYgc.exe
| MD5 | c4e349e48c769ca826b0417ac60f37a8 |
| SHA1 | cfabb1a117f87b0580037280538ffe78aa5a46ee |
| SHA256 | bcd9099b545b85399ff9f2e84956ada1857ff5348ca1b482cbe0c7a2b8353cee |
| SHA512 | 81fa91729538d7f0303a9d1387a8339dc4d7865e137ab851b763f60ee05d3b31f0d7088965e3f805001f34f5d955f5cf402813b12fa344c5543cd46d713022f1 |
memory/3900-682-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3016-685-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3900-694-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4328-695-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4852-703-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4328-705-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3444-711-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4852-717-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4524-723-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3444-727-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4524-736-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1592-737-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\mcoa.exe
| MD5 | dd5200459a344fc1f2058dc4f2064df3 |
| SHA1 | 1c9d602d1afd523d579f6a7d5edeeb6f6688794c |
| SHA256 | fbee69fd4bf0f84fafa1c4b254491bb23cbbff7ab28f5460e0de118d814488d9 |
| SHA512 | cef89952270f28a0bc62b961cd785b2cae5a3930dd9a71f12ac74491853b612b5276a46aaef282b5b531c96314f773a168d40932468dd0f29de3b6f7edc3a103 |
C:\Users\Admin\AppData\Local\Temp\sYMK.exe
| MD5 | 12e1a36194dc9fba2b3a8e349910cc88 |
| SHA1 | 6677b905eff000db50adbe2e401a05de4db533fd |
| SHA256 | b797dcf06932d5c46474012bbca83372b22cef621fece86544ec581a0309a5bd |
| SHA512 | fac1959fe9ba6c7f5d113d6fe796ede26c09ec4ba8c44a155326dd3d373dc8df3ab6f4fe462db41f16751e6a985cf32cbd74bef68ad2e6f17a73b994f0645ad6 |
C:\Users\Admin\AppData\Local\Temp\Kcsa.exe
| MD5 | d47fb7185101746c0f48c4a9bf7801c7 |
| SHA1 | fa33d76d6f32c207a7db4ae12800f4586c842932 |
| SHA256 | 948976dfe933f807f42f73fe8721282ef11f49f52543bc2c5742e5d205f59d3d |
| SHA512 | ef171ad6d27fa9e03a780ac79fd9b809f933f5260c94366dc7efb4271e7eda05a27f9af7a03db4595b9a88fbe2516b0418311cb58d910a6fe2428849fe5af13b |
C:\Users\Admin\AppData\Local\Temp\ckMi.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\Users\Admin\AppData\Local\Temp\YQgi.exe
| MD5 | 22144d6fa9ebc231255a13c49f1d73f7 |
| SHA1 | be03e86b45c5c13fa0978d18467d346a8bb3f270 |
| SHA256 | 2dadd9f486f1d61034d186530b73a60afb6d41cf469fa4413f2d52dea43ed255 |
| SHA512 | 3644f9fc085f7084616f2ec0b51437ebdd0be7ce8edbf275f82cb3b6bba03e70eeac5fcf4e58a739dd7663f81d04181ecb14ce5e38e579ffc96d06971df1a1df |
C:\Users\Admin\AppData\Local\Temp\igYM.exe
| MD5 | 24b64d31b0cebcac2ab7d17a789a7cb2 |
| SHA1 | f371b37770baf37ec5a062b7ed23d03777d5d986 |
| SHA256 | aada994b55678473e57e1dbc569bb9879da4dbcb9bbbba8f8edaef573f97cae9 |
| SHA512 | 936ba01e620d8c6f7cbec18f7106da40d009b58c10ff38e0b42622ed6a412c7115e1b3152293b7970016887505091d86ca03282dbb9ffa93e5f3d22abbf59b93 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exe
| MD5 | 0e6006c0db4d924751ab72a58a7c6f84 |
| SHA1 | f41310705bb6b9596ddb31ac606fc6e7fd276f72 |
| SHA256 | b1f1e12c4829242083da2149ebb3d72289872e638ac90690297594410448518d |
| SHA512 | 3be149f72260bdf96833265bdda2526622b948917e76d9b4558575ae74b2861cebbb06fb7c2730ab4e6b764ee5f03fa9b32760b4a51324aac535e5cafeef3e9b |
C:\Users\Admin\AppData\Local\Temp\wMME.exe
| MD5 | 4a7c56166d00ba7697adc75fb7c74d22 |
| SHA1 | 2792c61229c8471ce7394dfd1954b0fa027f4fc9 |
| SHA256 | 7d428f6217e89412c8b89daf23e3066cb81686f4039473f6ebaceb12fff3cf41 |
| SHA512 | 28f6f743e87a5beed4d2f009bd52fc2cb3bee62c8ebe91c0d980a113c29dad448bdb5e9f16cbef9ee65ce0bb7ba9d4e3b1844526e06ee7b9bedfdf55b3cbe143 |
C:\Users\Admin\AppData\Local\Temp\uQYK.exe
| MD5 | ded4bc2059817a8b96155a077a7a45eb |
| SHA1 | c174d8cff45767bd4e02592b514065f79f5b57fb |
| SHA256 | 20040b0ba55b8416130505a3821901bad9ff5184459e841dc1c64437543f038d |
| SHA512 | d26e2314615d7cffdbab3ac6e9dce56fb65d42a2ba925cd86a7820e3c353264dc2ea3dd3b2949538ecaf481d58b7ace166a31d4fee3c10b81fb82c25a0c715a7 |
C:\Users\Admin\AppData\Local\Temp\oMcE.exe
| MD5 | c98f8fa1c87162d11ec1fe1d1fdefaa8 |
| SHA1 | d882444ea1b52f0bfe6b90ca45a23611a09722a0 |
| SHA256 | f997344b3e926e4647ed2cd3eb9493e17b683e1f7d88b68b245f2e74cff2edcf |
| SHA512 | 793f78fe2ef16585584ccc1e71e6bafbd28044bf53e4330e5ddf19eef9547bedda79861f712552aec41fff4809593e8ae74a1854aee2941ef67e4e728825b964 |
C:\Users\Admin\AppData\Local\Temp\ecgc.exe
| MD5 | 8a18f81d767e2498d278035c956a5200 |
| SHA1 | c6af82b01ea1f62a801c775943ac3dafa00d2f8a |
| SHA256 | f029eae7e6790c6616954c2b7e98258b57fc8f78d57d5d9f7ea11ad6c429b788 |
| SHA512 | 2a6d454df85d403ffc9a34263556b61f99bdb1bbaee8368a683c8403b7cec35d392449ef453e95456310d6715b5604fe5c7f5bad0e00ce758805bf7f4981ea3c |
C:\Users\Admin\AppData\Local\Temp\UMEQ.exe
| MD5 | b98245434581e6509c0163b0b44c9e84 |
| SHA1 | da85eca15c89ce48d1f59a9d205849ff1fc5f8e3 |
| SHA256 | 054267b4afa4c07a5a7144bbd797021b1775afc827268789b7a9dea28c47aad0 |
| SHA512 | f47e86ab26e4acdc39437266c11bd463ce6eccce445fa272963d4ac833684498fc8489b59b266c5fc86cfa39c6bae2830ca0e2a5237c7d6b33cbc7abe4f01ac7 |
C:\Users\Admin\AppData\Local\Temp\GAoi.exe
| MD5 | 4a9d5d87c67ab0f321e81ceef25e93f3 |
| SHA1 | 5d872c5a5ca7effd1468b5ab62c3300e4513540d |
| SHA256 | 64fa46f8c0dc5ba8a7406cc4e093774a04c0237237b0a17bea089a6014677fe2 |
| SHA512 | d78a6859f425d1e997982b5f5721787e89a2062fa811b51dbd4ef272484216e28f7cb0c294c4aa99600e6c619e0ceae15b40d55be46f9b01f3c0fa73742b5924 |
C:\Users\Admin\AppData\Local\Temp\yYQE.exe
| MD5 | f9236ec2e9c3d08db1d2e56e651a9c7d |
| SHA1 | 1aafee3e366cc98d5228179653fa5da8d801d6a3 |
| SHA256 | 904cf7f4d886687802b4c95e956153968bc5eb047694683bd6a3bf8ecfc3a67e |
| SHA512 | 297147d8db293cb5fd0e7cacc9a3e9bada70a2737b1c08c32711a684d6f0297508e9f6b155f5f84e8e66e366f182ab79933f77e82f8491314c39a1761e014521 |
C:\Users\Admin\AppData\Local\Temp\uooW.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\MAwK.exe
| MD5 | d2686faef2dd407585626eab70904cee |
| SHA1 | f2186e7c1d6fd30fff6194f86bea8f27e8c44cd8 |
| SHA256 | 1d4fdfe5785bd737fc9ae3631bef1c0879c7e77c3691cb89fd6d21f9d5dbd7cb |
| SHA512 | 1cc1cae1d282aea8eafff6d2b26308f78a5e02a18b6957a3de3dfa335c38aed148276cb79587261a5e4d4b45bf5eb202e8a0a242eb36ba056f7aefc2e59c8002 |
C:\Users\Admin\AppData\Local\Temp\gYsi.exe
| MD5 | c62375959690699dfe23172696c1457d |
| SHA1 | 563c37bee595ca93866e9abf120053d527b1c400 |
| SHA256 | 1801dfe1680a04836fa0331e85532aaf23bbecaa86ed5df912dcc1879913a586 |
| SHA512 | f18940e85d236030501af97457ca2239245c4eb7741fd76a172d2810a8dd744cfd1e22c67d9f5265346385a4fa37e7521522cdcf4d3e218379ada02b5e22699d |
C:\Users\Admin\AppData\Local\Temp\gAQk.exe
| MD5 | c017b45b2afec60f417e02fd1c9fb17a |
| SHA1 | ac2d9ca382ff0f43b5236f3fe55f29fe6fe0411f |
| SHA256 | 5e9b2ecccd5752b8f844a2445ebf8bea21d6838d8f7896bd38f75d010ea8c5c7 |
| SHA512 | 3232bca6a5b087815e35a2d2fc0f685fb3c42c19bd02c4d0a0afd4bb6ca60d8b12c082fc0f2e41ab72eec36bb8935752a7b2a6d999e335be2abc402b816f3990 |
C:\Users\Admin\AppData\Local\Temp\QYkE.exe
| MD5 | feccc6ac55a37639bd16ee93819f5fa2 |
| SHA1 | ab5f062c84373f55603e72e35d6d449db72e2245 |
| SHA256 | eaaa63c7167817010d1f83447d1c10c38e1ecc60ae20a0871214a94cd976c3dc |
| SHA512 | 0a8f452e05be631019f3b1faed6ed36ff3c9e45868d6e428399d2e3b74d2083955dbb3bee04e73772648b70915a6e90866de49bbead8b15ed137c649cdcd190d |
C:\Users\Admin\AppData\Local\Temp\KkoQ.exe
| MD5 | b2f453aa3c32f63c747f700de1ac64b6 |
| SHA1 | 66aaf159f276e2eae4a4726f4a44e5b13a23433e |
| SHA256 | 7ab9f95afa15f58763edd21fa8d188b8ef0fc3a6cebd350be3e112777187b757 |
| SHA512 | 95350d2eda5cb4401bb52ae96ae0b22c17cd94718b23f09326fa25e3f37916232355cb896720a2492940c6efdd8c7e967f6bf05e5e0ed593c8325f442bf06ff4 |
C:\Users\Admin\AppData\Local\Temp\KAwU.exe
| MD5 | 32f723a06e1ab7f47b15cbbfa16acd6a |
| SHA1 | 2018e24e389c045386c3132c44a4a7ba086e7f39 |
| SHA256 | 5b52b9c5eac42a7922a28f7f19756703952499d9f625ac2ffdb438a36d94f7b8 |
| SHA512 | e72b0a0b124ff5837dd41696adaf497e09f8bb5b4f8777f37873999e4261b6b171c136177ff0dd449284fa0d9faf4395dd4f5fef8040386fa697f3d5d1e0f8f4 |
C:\Users\Admin\AppData\Local\Temp\ysga.exe
| MD5 | fbad3bf499007fa8e9bd41ac85f18725 |
| SHA1 | 17b564be98b63c9a274bf0e8ae65b5814830df87 |
| SHA256 | f741321b170c5f6d26be9867de59cdf60d1ee9e2db00a0c7072e0540ae9ada91 |
| SHA512 | a89a4ae817ff637ac95a9afd4fb9bf133218010b258f7084322a6820a13b0964b5ca6a57515573562f8722dfd9094e4ae543e45d805ae8842cd247ea0cd1eb80 |
C:\Users\Admin\AppData\Local\Temp\oIQW.exe
| MD5 | fa0bc0a1feb1439d0d391d1da566fb60 |
| SHA1 | 29dbf7bed2899f786316f40e6c2faf354d5ac716 |
| SHA256 | fb1f5db3d8d72c92257ed1f607766ff88087098cadc5e69a44e1065ef832444f |
| SHA512 | 69f8ff93f31090525e39b62a4c657fe1ad762bf16d3eb1fbbe790684050a275c11e8de5159db08782f22ff404fdb0580b79ccacf553e72ed1b8e4c957afedf5d |
C:\Users\Admin\AppData\Local\Temp\yoos.exe
| MD5 | 81b73526e1122239ab66e8c2591d5bf3 |
| SHA1 | 25e2310879146a991299e3cf82ea191ac244d0c1 |
| SHA256 | a2acca5c75db442e85eae602a2663ed388d5ddb83c3d4dc8216334d9b9f5d8ac |
| SHA512 | 8e7b834097355f0f3c542133bd0f06f8c4c583a4d8535fca18daa45ac0464c60c477097a4194383aa2295c795485c6361a7028faf7cac2235d2736f09bf59f91 |
C:\Users\Admin\AppData\Local\Temp\CAIY.exe
| MD5 | 27fe369ae3a4b220c988c494a4dbee66 |
| SHA1 | 8dee41e710f5bf3de983a2a22bbcd69edfed4692 |
| SHA256 | b20c3c0fb3512a6c31e11bba25db948c28f8e750abea77830f679c31c7deebed |
| SHA512 | a33cb39f38e5dcd7f8a7342d6b042e5e7f05a4df6cf45ab1ed4908150763e4f2dc3761677f77fd6d7a8f38e44fe48aa8927aec00ed287d269e999bd464498009 |
C:\Users\Admin\AppData\Local\Temp\MEke.exe
| MD5 | 3b0affd1092e707c256ff0c8ab974124 |
| SHA1 | f5673a8384b6819b8e0234a658b8e048754da2d5 |
| SHA256 | 71deff22b12034caaf528e3ba616652cd33c6b5215f0e17dee87eb050770e72e |
| SHA512 | 1512da9b6fdf557c7fac42f68665dcb75b770d66473c4d180179f95967faa0758c4cdfd8fabe86564e8dc6f8c2e4da4ec15d9d521bd7c3d82ffc6cc0428a3057 |
C:\Users\Admin\AppData\Local\Temp\YIki.exe
| MD5 | beee96edad21d3e2294f9db51a95f174 |
| SHA1 | 9089413f4596bb534d24ed625078076cb3f3f66a |
| SHA256 | 4c4a6d0135abcea8806d83abd438c8291decd5104ae4d8f2a5877556c99981b0 |
| SHA512 | cf9d5e28b63b97b7c8e6f40143bbc767f49d4e8ee5ab5b31671d2f1a2334c0b4f33733c4d6f747e94a32e7dc9af384186eacb9374c662ec4da53f937bafba1b5 |
C:\Users\Admin\AppData\Local\Temp\ogsO.exe
| MD5 | d6b66d154af83df464751f931c32d21a |
| SHA1 | 483bc0c8ec37511ae9249fd43fa52f1d33ebfecf |
| SHA256 | 675f6fe3ee05fcef502bc9721cc924e11e54afbdf78018d0e1c3d909697fa7fb |
| SHA512 | e6b2df76b091eee33b40f1dde795024606a12e3ca662a49369e155cfeceec585a3caf617d1090fd715bf756ec1f73916d9638399e379fe30c2ecf46db2f7c088 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\32.png.exe
| MD5 | f093464ad972943a601e98da6bd770ae |
| SHA1 | bf2c6aacff8d60370037c5048de0392e1774828f |
| SHA256 | f32995719297f1c9715f3a032e96c0b0aa86a9d4e3abc5740fab48c50180f3e2 |
| SHA512 | 9794ac6050b27ce91a8b63cbea820f77f1b091668c927b751a3e7528d12498a54691462075279f6eadb1453c75178cf70a27253d7aa1e0ea309f269b86ce0e16 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\48.png.exe
| MD5 | 88c7b5af784e7e5eea254054ad4da595 |
| SHA1 | d06c6d0fa9b71a1e4f06b385478353add00906af |
| SHA256 | ff90b018b62798a985a0518c8c8788f2c1da5bdbc03f2c8288658396c1e900ca |
| SHA512 | 6d5349de0edd9e3704b58c6710c00d5fa89e28c03fc27729ddb412c45793012ce5cf14754dd80eac17a97b977770caf0533f9079ccc5d378d4bb8e462fe87a93 |
C:\Users\Admin\AppData\Local\Temp\MUsi.exe
| MD5 | 66d6d30d0cf23e23b60c3c0e836a7591 |
| SHA1 | 5ef7556c3e176827da3de13fad8c7fca51c10fe4 |
| SHA256 | e40efa526f9da5bf2c152886bcbc26d19c233ba41925e1c192fd14177a9573ed |
| SHA512 | c8fea10f21172a0246e8cbdde6c9e77b787c7d7f32fb8874681d39d10bd50b9e683459c631f83b771a9251057a9f3d37ea92a9a975392b08f39b65c3563add42 |
C:\Users\Admin\AppData\Local\Temp\EoEW.exe
| MD5 | ac9ba8225bc8eee16f1b7c596e43ed27 |
| SHA1 | 0c7da594c35ede48e2d573a211ad8817b9670713 |
| SHA256 | f7316b519788878d09c9e7c5ac60ce2d8e896aedd72a50c56bebaefcde29a616 |
| SHA512 | 020dc380e94ae581f2e603f5c1899907e598d915ebe3fec071a018a2e505dd8f95313c119d3c2f8343892e410bf6066d0c918ebea8e3b05a7777ad5f91aace0d |
C:\Users\Admin\AppData\Local\Temp\yAoI.exe
| MD5 | 25fefca92c3c69e5bc8650caa708a5d6 |
| SHA1 | f7b0183c0558b1b898b1447327a1f66eec95a5c5 |
| SHA256 | a149de788aee4e3b6add364ba640ad24f9191efa41ffcb5ced73469f93c3166a |
| SHA512 | ba0a3dd910f14111054544ffa152324f5cb8ccfa67b81636748f21696e9b05ae4658e2df6dd46ac03a1dbb55be76d5e12196b06e925efabeb1edaac1c2da7bff |
C:\Users\Admin\AppData\Local\Temp\YoEY.exe
| MD5 | ef86e108d5f09a6ba5f0513e26d8c9de |
| SHA1 | 7894ae6469a1e2b1de19ffc54dfd70692c139a56 |
| SHA256 | 75b0e3e3e5b06a89f2962549407c807c6bf66e2978a766917c8a8994f085ce89 |
| SHA512 | d513e26e7d8f32a28122d5ac7942d1e19d052e7220134dc5ee1326f856cf4b12497d36d761c76f6067987f80c06c0b680a3355ad25939ceb009e50a07dbd3497 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\256.png.exe
| MD5 | 5386518222f638673e188bdcfe709944 |
| SHA1 | 8a9df75f5aa1560e6506b16800ae0fef8e2388ef |
| SHA256 | 77c9592878d719c4b89bfa1ace342e82a191a12b2423f994558437da2292fec2 |
| SHA512 | 52e412834b2112fde6537a10660c6bfd89de83aff50e2448a1d4389832715ec6e107c0f3ed5a6d96b4fb3e79a28eae643284c3a12f7774440cefba5da86725c6 |
C:\Users\Admin\AppData\Local\Temp\CMEs.exe
| MD5 | 5a48938903fc2ac84223a82b3858e042 |
| SHA1 | a9f86b53bc387f187d8907b290cafa3e1faef53b |
| SHA256 | fb5f87ba86d2da5639be41b9381815bd8c94db45099eaedff379ddc6a072c18f |
| SHA512 | ba7d9996bc0fa5d89176e885f61185704fa08227c78e2dd31ee03000f346a1f1cc581d0043686953b8f36711c1a6cfd67fa1cf5fa7a2623ad7bc2189cc5edb9f |
C:\Users\Admin\AppData\Local\Temp\MMIu.exe
| MD5 | e612b1f1d3b92222a802b2b3555cfe65 |
| SHA1 | ebe4f88a690576aca45f67953b074ff6efd10737 |
| SHA256 | 20cf7dae58d65fac8a94f084e5dcba411530e59890357ff86b1e8ab0ef740203 |
| SHA512 | 7a5b93cbe5bd646dfdcda04d96383d1e0f03b8f81d61f2bd0e05d687c71adea1494c8fa18d72c98f698b2d4d9298a872484a4a90bfec38b5e776c72622f28b9f |
C:\Users\Admin\AppData\Local\Temp\aIwM.exe
| MD5 | 071227eda74c1260251047faef8712d6 |
| SHA1 | 317a0783b58542adcf4eb91f7ed1306d9ba9bd18 |
| SHA256 | 39b1d448e486d99c2cd8a79519953ef7f4b9eb181aa6c0e15580a5c7f63b1938 |
| SHA512 | 7fc1f6f327bab1a1323207c2b31f53587c816720be60f150dd9402092d48b590885bdb2201fe19c2d9765e323ef6b60921c1ed6679bd050856246da45cc0407e |
C:\Users\Admin\AppData\Local\Temp\qcwY.exe
| MD5 | df7e0687495316c253c050c4ac7018fb |
| SHA1 | d6f179d657e6d81a36e95c6916a76ba50585d7a8 |
| SHA256 | eda014b4fbfceeb2622e6658398221b4bc3698e93e7a259726c2900ecc087cc3 |
| SHA512 | 39e8beafb92cc12ed887f62302bf81d436425846447012ef440c85af8bd2585c9c130b049defe399b40f39cfe5fbf4c53e5d6fca8cec5b575a7cb0fbebcb38b8 |
C:\Users\Admin\AppData\Local\Temp\IAUo.exe
| MD5 | e890c5e590dda507d320cc08b23f7113 |
| SHA1 | aba0eab5ad051510a615a219dce5de9b02d3e815 |
| SHA256 | e8cba55546097698666f4e4b18a2e13a701c9d8e2d6b16ff77c3a7ac2ee74549 |
| SHA512 | 1ccf357b387cc4e471cc34266225bb3d8dd9ff28c5434a5edd761e19602c0874df07a57a525df0df034992d5550e9814aa3de16ca9ef18c2f899fc3237962a8a |
C:\Users\Admin\AppData\Local\Temp\wUgC.exe
| MD5 | a5a0b6d5ecaee07f6f89d3f79a8082f7 |
| SHA1 | ca7a69e14794b31a9e19970b7454043e85794f97 |
| SHA256 | 4d01882edd09c414fffcb3d907712b53421f9e723b95343de44b9840540ee232 |
| SHA512 | be8f019144a7a8c7277df98f040ac3ed91fe4dd6bd82a3616e859517f01c17532c2900deb03a1fdf1da9a53230f6b52841db8ee5676ff61821372ed383e6e53e |
C:\Users\Admin\AppData\Local\Temp\SgoO.exe
| MD5 | ea5ca149cc11e23fb95c45ec23c1dc36 |
| SHA1 | a4ea5e04bf9ff9dda88abde41325b0cfafb02a7d |
| SHA256 | ac7eeebd50f2974b44114fa2cef93e8632de20495de97fcb79c89fb088cc3e5e |
| SHA512 | 2aed7d9bec41aa58716c24a0d78e00608f073d9880e242c6ecb52c8ae792baef5e56eed04ac45bbedebff40096c0c7d5baede746839e00ae27582785ba1e3237 |
C:\Users\Admin\AppData\Local\Temp\qsQY.exe
| MD5 | 2924bed04024f0a5d8bc7e59958b7867 |
| SHA1 | 6c22179d3a46f6e36b9f77667952d788066930ff |
| SHA256 | 5cd55089efd56937aaa6c2053dc272e72af68208e6297cc851b3ac2f2ec8096a |
| SHA512 | e70b25baad49e35c33ae2c3e29c40061763d6e51fe0d699ab317988ec7aff6a5071bbdea77f8a74bca4dfa85d7bb066cc70979b35e7b15c3469875e5c1c73e01 |
C:\Users\Admin\AppData\Local\Temp\aQoK.exe
| MD5 | cfbe780bcb4a01a0206507fd6f20b714 |
| SHA1 | 0f21667ee691c7c56267df809a6ce52786240577 |
| SHA256 | b63617e25dee615b04732fe9e34d6572083ba783f0715c2d7ffc07c5b7670f59 |
| SHA512 | b989fd593c71559da1736ec33ea6733e95a4dfb124ed100a4721b74646da46d7d53e3cc13e97a9c8dee600d1555f5ed2d00a859f55d4a251e2192d5df246b83a |
C:\Users\Admin\AppData\Local\Temp\ycAQ.exe
| MD5 | 250db6f9ded256bcb9c88245400e48c5 |
| SHA1 | 5b57a0c3baaa5c36eeac5f40e49770655b0664dc |
| SHA256 | eb1e36c537543c9485eb438e6b273346a8ae90038ceb90589da553c80d380eda |
| SHA512 | 57c1ed66785f1f225164be108da646a7ce2382efe744217e39e818a4778e9e9848da84e8a736868d4ef4b5b66468006439c641cbe6c2077185c7abeed0bcb3c3 |
C:\Users\Admin\AppData\Local\Temp\GgUc.exe
| MD5 | 82790740c10770573a565b1bc85108c7 |
| SHA1 | ee88af0735814c3684f47d53a8b77110744b7636 |
| SHA256 | ec003009d56f3aada3203f5f18742a48e8107ce7edd4bd65a2fcbffdda8f4e69 |
| SHA512 | d1ee9af453f7f3659943f3836030c66d0e0ea1f42659d26b4130282830106c62ee441b8baf2d18d06658c6fa0d2b8696e95c6ea7a955341a3654775180e21f05 |
C:\Users\Admin\AppData\Local\Temp\UYwy.exe
| MD5 | 2b2076bd9e4728cec432e218a63d0806 |
| SHA1 | a14399a0beb60c18ee7522bf8f15b1ab14aa280d |
| SHA256 | 0e833b3c282f07aaa4e9e1d6044ea3d8cc2b0074bedc4285fe988176258fe327 |
| SHA512 | 740d4f66438e5260b923ee6579ac84c454c1f50526337923312773a065c224da5794f95d9b36cde4bc48449ed95b55f62426577d2da3e3ef7a8d05de56dbb233 |
C:\Users\Admin\AppData\Local\Temp\WQIs.exe
| MD5 | ac7cdeb7570c3db16cda280be0b28f19 |
| SHA1 | b4cbfe9b81540165b6dd419f9314c68b8ced1524 |
| SHA256 | ee4bd973528ec3355c70b6fc174277fbd7c63743ae48b5c8ce9fb54fbb9f2b21 |
| SHA512 | 90ae03f595d648bfe5e98a0577494ad870f98a3f289cc7702c58f1dcf2a9fca351d896ca40316f563023d7168dde126c431a09fa48c00381fcee651f83ede78d |
C:\Users\Admin\AppData\Local\Temp\EosQ.exe
| MD5 | 27ebe1d5174a7e01d1a669ca22b42884 |
| SHA1 | 9dd3576735e5969025390bce2fe8070a62bd254f |
| SHA256 | 3d44e5b1cadfc4b3b0c07cc389a3d15bdf48c7e85d5a6e9ab1a1bbeffb5562d7 |
| SHA512 | c21f9367238a2a03e228208ef53e8175ef6bb5ff96c1c0ce428dfd2a1dc1d8e65d76e36d8b24dbf5a28d36582635861f5561d5f9ad7a7008fc10f704efc6aa48 |
C:\Users\Admin\AppData\Local\Temp\QwkO.exe
| MD5 | dabff98e4498f3b2053fcdd897016ef1 |
| SHA1 | ef55217c221fedd954c6df3027b7594d5e86ba4b |
| SHA256 | 486a1142fe093a720594aac905b1ffcc23e57f446ade1a15e3a78f3c2d2f6b5c |
| SHA512 | f1c1f44338619d8c75941da2cc87cdc5057f757bdd7e78bf8868473d012514dfcf295d30d39e4146cef8ca01b081152053a6314100ca3073e3f9d2d8b7e91133 |
C:\Users\Admin\AppData\Local\Temp\sgkg.exe
| MD5 | 7d1339113a6a05b48ddf582d2a16ab33 |
| SHA1 | 4368dff37ce7534fe3f63d2c06d040eff538286b |
| SHA256 | fcd9cc1eb7156df2e7ef41723cf3ca23839b663c50577759af298ac994a31cf5 |
| SHA512 | d62fb77e7980b00caf582c3b648b77ef1137e67cab02743e9126c5e85ee7d138f73693f83d9c08109723d5c2d6737843600e41eafe4d3ab4e0ab594d90f1e667 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\256.png.exe
| MD5 | 63368f090c0bda2574e491f2de206483 |
| SHA1 | a27ce1022f71b612fdf2ec3f6db366e5dcbce22b |
| SHA256 | 0a95938da4b61dc3f0e3a519839fc923707ba458352e3521b55d7cd3f3744527 |
| SHA512 | a029e7e8e3fc96a087d047e2bf81a72a9ee806177bbfbe86dcf6a9e129a44da2ba494230b615a592100cd33867e87da7aac46fb6b5303c03184ef29be535fca5 |
C:\Users\Admin\AppData\Local\Temp\sMIE.exe
| MD5 | d4d3194c53be9e6b75feb8f64f806429 |
| SHA1 | 247c8ccf82bc3c52bcacd33962aef0acf8f9ce2c |
| SHA256 | 059508c5135c9ac9b7caef92872f462f7b201ac28a026af9e9d118b782f9649c |
| SHA512 | 79e8578105028a85c185efcc03932c30b7dc6a39676ddad93c210a85ca17ddc669037c20fbed759dfcc29198d7751c704a9b608414da562e8fab9d9b62a21860 |
C:\Users\Admin\AppData\Local\Temp\iMEY.exe
| MD5 | 71cc0e64965f2f12b98b3dd8f9e9f4f4 |
| SHA1 | e5782b54f8800c311a51cf769eb208e9bc89b329 |
| SHA256 | ef24906f9a57c591d7619a674e4c6616efd7a1826359a65b14c758e04bebcdaa |
| SHA512 | 1bc02195772bb699240189852c5f33f8ceadae928f53e0b961610d9816ddc8a4ebc465539160d8e0bbe7d202256df250852ed0daf44b5d1f7a39021908ea63a8 |
C:\Users\Admin\AppData\Local\Temp\mMEA.exe
| MD5 | 0d8af2d2bcba3a3c872351386f6d9d73 |
| SHA1 | 70a4679fb0edc5b8e996608cdb87ee947806a263 |
| SHA256 | f6f0d1fa78faa43aca181711bf0be8916f869023461cdc30e13b893422f8f247 |
| SHA512 | 0284cd83133ba78e9604e919e68c6519f6d21b1da24620672aba7499c8fc32390ad3c60ea880ef5f29c114b6ebbcf162555a8bbf0dee9e6f36575a51cd7deffa |
C:\Users\Admin\AppData\Local\Temp\kUsw.exe
| MD5 | c02e722f84ec75115b8160bf1642ac0b |
| SHA1 | 8a6d439416578ead43426c1843e48b3e9d52c4e7 |
| SHA256 | 8e45b9ce216408e0a3a4843bfd63eace25a0c66b366b88473d4b624a4a3415f6 |
| SHA512 | 7c5d9ebb59bbad579d8ce4b6c5eb8df50812da2f05ac65b4fdb91d1c24a08077622701f7906da69acc34f72adfac096c33a15a83577d3f8fa128c3ca5824080d |
C:\Users\Admin\AppData\Local\Temp\OIQO.exe
| MD5 | 89fd8eb2eccdfbf524999bd975fc8bf1 |
| SHA1 | 5b9c427926d8444bfbab56aa778493e39681a931 |
| SHA256 | a97717858c6c16a6facb6b146683a7a6ed42729caa4d3820d33f89711c3c1d23 |
| SHA512 | 9689cd588a67c0055e47495f51e43cddf9fa9c5ac4dbbeb8cb134fdd28da120d33397bf2a47659f4752e124b41312782111b54529db819622d1e7ad756863028 |
C:\Users\Admin\AppData\Local\Temp\OMQC.exe
| MD5 | b522fb970dce661e0b97c163ab5c8a4e |
| SHA1 | 8eaadf0b564a1b59f9d847e0e38464f401ca4e64 |
| SHA256 | f5022e498a5c9582dc761f5d6ec94ed5512b7f5bc3e752d533c8cd6f2e6fbeca |
| SHA512 | 2b6ecffcacb0e9b0e6db83d62f9b2277029caddafdce3c5068cd081273c4c58e9adbf0ba7bc88c4a066b43cfd5e6e9e654411d007c5a55c4fd8c73f6baa0d9a4 |
C:\Users\Admin\AppData\Local\Temp\SIkY.exe
| MD5 | c3fde3c7cda40392cc7dbd5b837033f7 |
| SHA1 | 49fa483d4be26674fb16261485fd8e4af6b34709 |
| SHA256 | 0fe694efee76eb83dc013731f4c4b56b6b9f1d40f792ef568ba90a0fb13cac27 |
| SHA512 | 128af45381930ca4a4a0e1afd009301b6c5fee92fe28a92f5658027a820d060b148f089c3f0277de5ce74acb587c07b3f4e12169f3dc061a61f40e9d575c0987 |
C:\Users\Admin\AppData\Local\Temp\qMUI.exe
| MD5 | 26ecabefcbccf5e87868f2f0cdc35cc4 |
| SHA1 | 30744b920a359a97bbde26ea4c04d434f7d5188c |
| SHA256 | e150202707f77c466c3bd81bf607b8f24aa254858bcaf3d9b62f492ccb2dd3bb |
| SHA512 | 0ae7aaeec7f2c5695a81cdc0569a172e62500b10518a4e18afcfa379ad550e90e2adb6395494efaa3b7c780f78c630c60bbc0f11a6dbdd4c3c260ec00a7ff36a |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Error.png.exe
| MD5 | 9ebf9daa2e174c6f820328894ea381b8 |
| SHA1 | 19d3ab4d9a7ed769943e151bad3fd674fab6a3f7 |
| SHA256 | ecc32bb7671a98a8677224bfa437447971a97f3e716ac54e112430c28eca1d40 |
| SHA512 | b8310634a1f3007894b3d6ea95bc2d0165d60a3854b4e12bc02446108822cb03a2b1368babe5b1d4b034c0775afd5d4371a40bec89a6886e383fabe41fab2c39 |
C:\Users\Admin\AppData\Local\Temp\mEga.exe
| MD5 | 2726326606abc5e1a2dabeb131f71e79 |
| SHA1 | 60f193659d8014ce5c598b5cb613af4e95fe1e73 |
| SHA256 | e2d0179027c13c3a1b59f5d5c51da57adb95bf8cd88a7f94c0fbdc75d0746ce9 |
| SHA512 | b520e414debff2e1a64b23f81160372c460583fef1d6e88415ac7a4c0f084ac4e1797c4851eb71f2da5ca9155af1a94876da11ee3e63d985243753c883eb5d7c |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\KFMLockedFileToast.png.exe
| MD5 | a3a29f13317e8925bff4dcd532990e22 |
| SHA1 | 91f99cd579af8df3fa6b0737de99aab3336ca73b |
| SHA256 | bdc6d071a0fd7fad72e270ad3db0a96d7766ca1bb92f9c3975792d87ad0e1939 |
| SHA512 | b6d1362d09e78290d48abdcea49f5f7dbbd8ecbd8fec69f86fb74c1e3089a91b24180798aa57aa41b38f4e916bc3f5ca06635902c64ab6c3330dbda0f2d4084b |
C:\Users\Admin\AppData\Local\Temp\UQQu.exe
| MD5 | d7e74779d87e6bd7773ffb53bb6b7611 |
| SHA1 | 0e5d0a64aa81d7b3e49738d1a909249214fc1e32 |
| SHA256 | d52e44956536432f8deadbf912793fd394093a39d579cbd32984d01d6dc461d7 |
| SHA512 | 780a7f586c41b16891b4f66dfb2c970123b3b88f14df259f79d1ff875b36b5a6325bf9f1f6d805a3ca4bfd729e143f344d8e434fca5bed3af3ed352e98863b9f |
C:\Users\Admin\AppData\Local\Temp\sYsI.exe
| MD5 | b3f8fb8469be84e5cfed2f2da26512e3 |
| SHA1 | 66e37f282b3102046cbd08a8b471bac3b81994c7 |
| SHA256 | 15281689cf5793339b37f09f482a965f1d7cef3eec92da85532cefcabd19b61f |
| SHA512 | 56c0e5eae1b052e6faa80e2bc816859e61e2e8433c62d50829156d900948e27062b72aafbf27c5d9b0f9e6e077d738b69005d58904b87a66118dde6a6c8d63a9 |
C:\Users\Admin\AppData\Local\Temp\kAMg.exe
| MD5 | 9974cc78cd8e0d03f9bbc877f40e5187 |
| SHA1 | e08a942bfce99469116b6d676b787f923e8af243 |
| SHA256 | e1409d2dda9f2b402f089fb9c4e8d6e58e783b13ab4135a0124864dee9031d41 |
| SHA512 | 197bad44379b444c1c2903cab42ed3618ae9f57772b806690edb0f78d970fd57c2cda7670ca9c7f745c916c3e221335f221ac698c4dfb4354b22f609f07ce140 |
C:\Users\Admin\AppData\Local\Temp\SgAy.exe
| MD5 | ac9a82e78f8692741fb3d9b52eb55aca |
| SHA1 | 307e387a5c957b373cac9cc7422e05f311f470a9 |
| SHA256 | 20c1efd3ff08864f503dc9a045015aa57346219926f018d77d2d06f7e9a69919 |
| SHA512 | dbe47bdc59a5db17646900ccdd84e07dda6aa2eddd4a780a77bc092c848ae2c3d6251a81c83bf5cd8b5ebff627be233c2426c5e24b41d6411a3544d3eded2026 |
C:\Users\Admin\AppData\Local\Temp\ocUC.exe
| MD5 | 7bcf9b72be0987682056191dcf1ab527 |
| SHA1 | 01316ed2a57f5ff8806320857ceb1b11e000a0c5 |
| SHA256 | a5fd71204685b46fb7a63c2d5b4bcd155ce99991c26f82f418d0d201b1d727ee |
| SHA512 | 527c324e35b85cc39b93e3f6c2530a44beda7f7fe3e36c2bf52887700a4dbfb0b6e661f322b7b092971a4359086e07a7491139fe8e56906c8b2700c3c5edb1df |
C:\Users\Admin\AppData\Local\Temp\SIEW.exe
| MD5 | 3416fa0dec33c7251bd00a3830ef6da3 |
| SHA1 | aa615e8344578abe18a400758a8f1389b009871d |
| SHA256 | fed1e9f36d55fb9bde1e7a8cf939d566c530c5b944728aecc9845dce5d45886c |
| SHA512 | 91fdbfc3bbdacfefbc27c503b307d311b3388222f5a517952f6841b486bb79fb8adb638cd2aacdb4cac73afa90cd228c19c8e8abe13f1a3c3bdcbd83e76fbd95 |
C:\Users\Admin\AppData\Local\Temp\ikYK.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Temp\sIkk.exe
| MD5 | 5625d3fd50e5311d1dffb9122a96512c |
| SHA1 | bb1cae79e443ed8c1504c0cee37e8d9c4f6c0646 |
| SHA256 | afcea576336b5be438f43be41cdece88ee48c3d9e20584af079bfedf6e15b872 |
| SHA512 | 58a78e4607fbcd9069f31ba5c9f673940fdf3fd26b86edf3fc68081bcf3629b66a28d9ff2efc8b63d1c6dc74cf2905c1410dd88b692f9c25f0ec1f82b1be35ed |
C:\Users\Admin\AppData\Local\Temp\UkEA.exe
| MD5 | 96ad7ef6c10b9f4522686f176c765bac |
| SHA1 | 2674c42d3482048c2bee09c60b5a240fca72a58d |
| SHA256 | ffaab6188349350ea2e3d59f06f6206eb5e8ff62771c900e42f2ddc6b0edeb87 |
| SHA512 | 6c40009c58119fd23c534cc284194380db391e8136c5698a8c14a31a62809fc1c551a36429efc754a3a88ce8c05b346167caa9575736bf3a6dde1459002c2461 |
C:\Users\Admin\AppData\Local\Temp\Mokm.exe
| MD5 | 4952932df3b8a98a9b419de8f151d70e |
| SHA1 | 2313abbbec6b0de710eea262bf1451c6d6330252 |
| SHA256 | 029f78c2154c5f98bd1adf5353cf1db1647cd4c38cf4773657ea37f88e78680b |
| SHA512 | 278827483dbaae6b81b9333aadff645daf80695a5d663cca71f82d8a3040743b553febc572ca5a0bae2509dce1999d3555122e6245de994985e84eb3bec68aa0 |
C:\Users\Admin\AppData\Local\Temp\OAgs.exe
| MD5 | 49502ea68fdfb0baed9ddfdbe31118fb |
| SHA1 | c8e2392c7223b601b75177898b0c26a6d989de5e |
| SHA256 | d88cbf571988f7c13aeecbdb73a31abe1af1eb7e039edb24575ed7ca7263e658 |
| SHA512 | 5d3e44891ad71dffd98a554d307886b7060a8665f4f4f1d23f735b68aa6bb4629739383d789431b1acc4ae0dd298644a7cb1d082ae7966999cc55f4bfa05e156 |
C:\Users\Admin\AppData\Local\Temp\uokk.exe
| MD5 | 8a92f96d391ee583b6faef3b9ae9823f |
| SHA1 | d26e87abb4d47d75be0a18340e1811632eecbfd3 |
| SHA256 | 96141f5061c0c8cf2609849b3f64b3f2c40616e9eb684290cb14b54f0930c045 |
| SHA512 | 77b661b2228da644497dcc1d42e6ee33c188ca1f02a66a0b332fe0b39215d7732fdcb86f91c5d4b3cb19aff1485756f795f79caf05bf77818cecef34f9e9b197 |
C:\Users\Admin\AppData\Local\Temp\KMki.exe
| MD5 | c0f34a3b7d874d9c798f374e46c1786d |
| SHA1 | 4daf70f96fb1cfb58776d9ccd4b673b00681529d |
| SHA256 | c293b6bddaf3929989e55a60930d05af2475d6e7342ea8cf2cee4ef6245ab131 |
| SHA512 | d22fb682ea36863c21669edb7a45567d808a46813a650fb78dda46c53adccdb19385107dbf62a1a46e80355f5c68e69c99b57c49dbfeef9b98325f33626a79b7 |
C:\Users\Admin\AppData\Local\Temp\Agwg.exe
| MD5 | f5be9f43a51d89d9171d538abfb80186 |
| SHA1 | d30f4cc46bb9afb55ea88e8cc65477ced906ab15 |
| SHA256 | 147031d9e95992539dde9cf69e7593edd30787ad8ef0a4f57670ae4faa64657e |
| SHA512 | b9a9df664db9737520e32fb8288d5f54589359d2cf0d2caed6fc248e01ba2bd83c89ceefa230d10664bafaf03750e8402d2133c9284ab851c1a89f618b641787 |
C:\Users\Admin\AppData\Local\Temp\oIsa.exe
| MD5 | f73325f382f010496143270be6158bbb |
| SHA1 | b09b0424420813c63fd75042321aa79131a76eff |
| SHA256 | 793176427d4c5ecfc9f4f19bef0e8354bc9735f95801865fb3283816605de45e |
| SHA512 | 879a92f3b869c1b41c2e7dd81f9c57a0c73b083d9e6f64aa62904401420829d05e1cf01c3ee3332ed976c52c656a2ab4e2ed3c90e53d786337e63c09d9c510f4 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\26310719480\squaretile.png.exe
| MD5 | 7e2f14316f177c34411e36f122b12a5c |
| SHA1 | ebed797db09dd32ccb7bff76b09fdd850769997e |
| SHA256 | 87e04cb011541a5a2e1c374523853e601973f007822268e6ee4e62049954c2c2 |
| SHA512 | e23aa80ea92798abf0e4841d81012656b58839e9ae7e3e3e548aad71909625a9cc99a043b33928adb8ec1f3143fe2b243a00e2a32ac28c2e4e64ff4f74fbd217 |
C:\Users\Admin\AppData\Local\Temp\UkEG.exe
| MD5 | 9bad6af57494dd7b9e873de94eb08907 |
| SHA1 | b62d06b28f7c0517aa2bbdecb8618b9f2217db1c |
| SHA256 | d3610751743b5e78a0ca74a3e65bfc415847e4f2451a5fae66278e787333ac02 |
| SHA512 | bd18b30d7176b6237ea4c86b930e7aabbe529617d10d45f1669b26eb8c04fdc54eb4caa1840a95046ad638976490a425bdce3396d1c35daacc4f7d1b8200c414 |
C:\Users\Admin\AppData\Local\Temp\ywEk.exe
| MD5 | 49ca0a5a9b33d994490dec38dcf27849 |
| SHA1 | 66b1c7e9f0908a50b6782fa3578fa37e715e2895 |
| SHA256 | 4b6eb0577c56741db7ddf5b374fafa1123a8785f1ceb9c2e99007a8ff857aa15 |
| SHA512 | 534410a4600b8bcfa1b33760cfa9b2d40ac9ca14c0d812c3eece1879abaa5c743aac0d6e2701d9e5ce31a475ff6d58ef14662b399261518c0d6c777a75c37ffd |
C:\Users\Admin\AppData\Local\Temp\iYEC.exe
| MD5 | 070f4e00e5fdf10d6a6bb2676dcc3b8a |
| SHA1 | 795363d51b435abe2a7923578e7a434524b71f29 |
| SHA256 | caf4c0d32a19f97b5f8fd93022bd56017659125512e9134af8605cf8c43ed69c |
| SHA512 | 32b04044d2f2bc83dcbb301867a35e258ac1139b6a180a51a1b081ff994bb84d18f8bf5428b03d2e3a141fa8eda1e4428b5640d74b0843db1d105fc71cd903de |
C:\Users\Admin\AppData\Local\Temp\kgkM.exe
| MD5 | 2200016665e5e704b7e6ee39574d8f7e |
| SHA1 | b479783b7eddde08bb5e95363aedf119c2c99053 |
| SHA256 | 3c1c0ad781af5ec68bdc597cbf8c2678a9b7b3626f8cd9be3064a76da4334a7f |
| SHA512 | 0f2f23905162ff67590cc09f826b813d6ac260512cc73a2e5e7e4282e0c4d3f1b6f16411e59c83ecc80dc12d4f99e89d40a7e847e7e848ec0f1d5d504427e341 |
C:\Users\Admin\AppData\Local\Temp\mwUi.exe
| MD5 | 7f623110a68f29b985ebd849dc19c759 |
| SHA1 | e3bb903096b9d72c191b2b24bf287feed4cbcd5c |
| SHA256 | 3d14e12a211841f059969cd996ee673847193153c58f9294385cc2b397a79ba0 |
| SHA512 | e30d563544c90f4544e80d654c0e0ff993cf04b1febbe51b086ec48d20cb4cc0dfd4e87f1f82a794d7352cd6be4677084f4b01e2877af4401699e9f87778dc0b |
C:\Users\Admin\AppData\Local\Temp\mkQA.exe
| MD5 | 71eccb01a74cefda8d6306eeb86e7330 |
| SHA1 | 1ee7926ef420c14c7ffd8659e8fd3a7fa40b6996 |
| SHA256 | 24fb1ded35fcaacc01a1a5477a846b1b5ff9381fbdc15b5af7cee9fd1051dda1 |
| SHA512 | 288c836e14e24868c8f3e7d6b76ee8c231f3a9ef3e5468c7ccd3c6291b128b3e37fe360d94fe4854b13bec484b30e82876337d79d454cb37d703adb26ec95f18 |
C:\Users\Admin\AppData\Local\Temp\WQQO.exe
| MD5 | 5a851107fcdec3be80f234c34a90d399 |
| SHA1 | 5a61d1bb51ddb178a4332d19531750710c10944d |
| SHA256 | 462f1d8133351ad8ef317a97e6408bd42894a18ec74fae5beb33c548c505a8c3 |
| SHA512 | f8ed8f6c1b2104500accd0611884e8dc8219d9df3746294ed1486626df4bb284c34711e3691c1c37addcce7dc2cfea3e1aff3e365855b1eeadcaa76050c89ced |
C:\Users\Admin\AppData\Local\Temp\uwwA.exe
| MD5 | 3ba7bcc73cc22666d92667fb3da57d06 |
| SHA1 | 8f75569baba29693205fc03ba7ad5ccddaac8ef3 |
| SHA256 | 475e59a15ffe4ae61fda2ba859b0a090d8df76d5fa72c8ea57ee1450ca3e3322 |
| SHA512 | 92175b3851f152737fb0c4c40d2bd44068cf32f332301a1e21742bd7c5a08432e3dce97f7e5beb516c2db15a2af5689a76de56611119dabb8ad6ecc890233f80 |
C:\Users\Admin\AppData\Local\Temp\ogks.exe
| MD5 | f45efb735e0c37540e2851ec8cc632ce |
| SHA1 | 6726cf773aadbb0ac4465375b809ea0d42e0f099 |
| SHA256 | 1eebf9fd19c1b3ffc77d55baa3be724c8fe636fc273426776316a403029315fc |
| SHA512 | f7a1434085079cf4e01d30aaafc7ce4cfd275880a1b4b5a3891472cbaa89826eb8b2ccebda01560eba73b56e2cd75eb311fe9a667ffa4ca28ba38c423a7e4ab9 |
C:\Users\Admin\AppData\Local\Temp\gMAY.exe
| MD5 | 2be9cd62a72759a23dabc37d0aa3e2cc |
| SHA1 | 552480f23561a081b59baa9c7de3d1f845d89fb6 |
| SHA256 | 1ef38f72dec287adbea09195e75e50b1b4b499fce86dbd3162909dae6ccfbfba |
| SHA512 | 131ccf9c3c8aae765d685436f89b41e3c1c0e5cbddcbb477fe2e17ce374d5f2398e010017dbb05565fe425beb11f413a25c01ded5bc1b935ebe339a9cc35ebed |
C:\Users\Admin\AppData\Local\Temp\gMUA.exe
| MD5 | 25dfeaba432865cd01eb2a75f8648014 |
| SHA1 | 557103a9afda71ca9271c0216fdf1dbf8b5216dd |
| SHA256 | 012ae85629ee844bdab0e82c871f919f526a39ec2e254074a4b89f07de4109b0 |
| SHA512 | 5eccfc213ac386102a47e23b571c874761a63c1ad4a8b6db3994f20af397f173d058de4d3ddac72ce1f4fa46f02b216d875108e8ce03b5a7b1c679c2d1ab377b |
C:\Users\Admin\AppData\Local\Temp\Usko.exe
| MD5 | ef315d66aaf3856d47fe8789f8523dd0 |
| SHA1 | cdd6d2c5cb9dd238bb79bffce043290198a23393 |
| SHA256 | 07a5cd71e4065d04da89b801010d8b3bde78c9c405f4b96a05a9e8a68c7d145b |
| SHA512 | 746b2db656ce88a2b9f2e4b4846cabe64404497618417da1937611461a3f0e1964381cd8605493d5dcaab32d8db8f486e34967973c7779f2981e853412cb09c3 |
C:\Users\Admin\AppData\Local\Temp\aIwQ.exe
| MD5 | c9bae512ef91f1272bf2b0dd61729356 |
| SHA1 | 951649abc1ef03b175e4afe570ffc9cc77e98368 |
| SHA256 | e8e9d21a9ef6d4ab527ea31443d0813407cac91378ae43b80a55f240f76d8d9a |
| SHA512 | e30b6f4f056c91267b481b4740df1f600a799da9d460e7fd17c86c62fcedac4a6a09add03af800bfcedcd90cbe73183353fe0227fcbc382ffde476f8614ec538 |
C:\Users\Admin\AppData\Local\Temp\AIUc.exe
| MD5 | 10008deae0384969695572132fa4c2b3 |
| SHA1 | 6a9d3a2092f50e805ba741e8bade6fc32b354788 |
| SHA256 | e0829ee4ba02940b43e6c2596054bd1553131f98f33d02a05edc77a3e1c61b6f |
| SHA512 | 8e336606f23d7b752cfbbfda69f9b0a18c9a1f1488a27b07fc680e1b118414a610055ca97b8f4b81115bb67b27aa43e02222e70a1fa2566a171bacefc17670af |
C:\Users\Admin\AppData\Local\Temp\Gcca.exe
| MD5 | 212923f67adada9760c76b23fcd0db5f |
| SHA1 | 244d3d217f9a0b1215deb3eb3511fff8faadca82 |
| SHA256 | 6b3b0a94f85fd2c6a1b49f437519e78d2cafef52d87d106f42efb71ee5872d04 |
| SHA512 | 66353524cfe6ab512fe382b3e0fabeee184f3e2de6ae5f84a95e1624b89d05e01d43b4bf44cf25ebc110b89aa5ee70664e99a25190e3677999f47015bb612129 |
C:\Users\Admin\AppData\Local\Temp\ocMK.exe
| MD5 | 2c33dffb1adb625cd7d9ce05c3de5567 |
| SHA1 | a2778a7bdbbe67e43a79509a410dd939f0301490 |
| SHA256 | 74d2f62444c43a4f52e65ef9a31231c9f338e625fc07a50e635e3d6ce5037840 |
| SHA512 | 082417771f0795adb00b4010173b6f79a5c0fd0d5e1ee0754d42891ee4702a041f9aad9c385b1ed9c2a22cadd55af8ee6460649e3e2d0e4fb83e8a3616efee66 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe
| MD5 | 8dcfe50f589ed1bf041a34eaeb662cd7 |
| SHA1 | f7b060985c4da082959bb13f8793e22aa9c71a01 |
| SHA256 | 6c1b75caceb8351b9a700f1c00da0c8423e3c026019015322fb510d1899b1772 |
| SHA512 | c51975ee4e8310586aa0bb70d89fdb5d302c73cd2879b20c733ebf043e78946257a11f0c47a8dec7a3cb3702a9ed9a0d4d77d99e717250a8b9351e62929d4630 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exe
| MD5 | 67f57d39c59eb5c0d085921f15092203 |
| SHA1 | 0690a10917272b7b6d045619463bf3aa34c626fd |
| SHA256 | 4ab079a95d55db7c8163949eea938f910a8d24fd089e18958b2d0c12f279a9a7 |
| SHA512 | 0c5a72b3a3fb4b4ac3770c47c0ed75618a1eab5d5eae3519b53c7da4fbf1ae6c8ff265c45bf8bf1f1e0c5015027d68b9dfcc770d1a28f344a5c6fd279168fc81 |
C:\Users\Admin\AppData\Local\Temp\AsAS.exe
| MD5 | 94a3c3a732b342c34dc75bdc28c1c231 |
| SHA1 | 36cf6de084b81414ba8942751ec61911c2902710 |
| SHA256 | 3dbd2438b89fac441ecb533ff1cf54e1d0248cf8d6dd37db31874918e79568ab |
| SHA512 | c3a61334c7b89f6c96e966ddae924f5850c6fccd3f823c8b655d72184fd41af9703afa8e1ee5527a25b1710097260aef90d899d73423437cd58f790b4d73783c |