Analysis Overview
SHA256
ae80b53fa28ce550437852929dfd8e9e5b2679d04532e92da64e1932d167369f
Threat Level: Known bad
The file 2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Modifies visibility of file extensions in Explorer
Renames multiple (82) files with added filename extension
Executes dropped EXE
Checks computer location settings
Reads user/profile data of web browsers
Loads dropped DLL
Deletes itself
Adds Run key to start application
Drops file in System32 directory
Unsigned PE
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 12:00
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 12:00
Reported
2024-06-12 12:03
Platform
win7-20240611-en
Max time kernel
150s
Max time network
120s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Control Panel\International\Geo\Nation | C:\ProgramData\lmoYgoQE\wIAwAoYE.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\YEAYAUMc\EQgskEAc.exe | N/A |
| N/A | N/A | C:\ProgramData\lmoYgoQE\wIAwAoYE.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\wIAwAoYE.exe = "C:\\ProgramData\\lmoYgoQE\\wIAwAoYE.exe" | C:\ProgramData\lmoYgoQE\wIAwAoYE.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Run\EQgskEAc.exe = "C:\\Users\\Admin\\YEAYAUMc\\EQgskEAc.exe" | C:\Users\Admin\YEAYAUMc\EQgskEAc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Windows\CurrentVersion\Run\EQgskEAc.exe = "C:\\Users\\Admin\\YEAYAUMc\\EQgskEAc.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\wIAwAoYE.exe = "C:\\ProgramData\\lmoYgoQE\\wIAwAoYE.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe | N/A |
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\lmoYgoQE\wIAwAoYE.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe"
C:\Users\Admin\YEAYAUMc\EQgskEAc.exe
"C:\Users\Admin\YEAYAUMc\EQgskEAc.exe"
C:\ProgramData\lmoYgoQE\wIAwAoYE.exe
"C:\ProgramData\lmoYgoQE\wIAwAoYE.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qQUsoswg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UscYEwwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kIcgoksg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gsckoMAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jacQkEMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dUUwowkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZkcAUcUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jUswIAsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OOcEoooY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WYgMscko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ccAkgwsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qIYEEgMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LsEYMMIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VqwAIIUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BgAcEskQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bCQQAEYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\niQIosUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kygoUAko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WWsoYYko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ACwkEwAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ieokkEck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xUkAEgww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tkcsQMMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lOYowAUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PqQUQEwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sosYEwkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GIAcgIwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WCAYcsEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KoIcIkoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lYMkgAsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JGgMkIgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XcMggAUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "859508736-5982004881479943546-1469842895-761510431484595491364280351-1058908268"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TGgQIgkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rQgYYMsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AKUMEssM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1922317095467219431-700775955996002977-1441943032-1739771917-36286800-1713991843"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ockIEwso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-432165095413056322-1514624223-234220726-575361086-9418859521130216252-974404538"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yYEksYYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\twUQYgoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VgQoMccQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lycQQcQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BMUoAcMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eQEYwkks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UkEsUscM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ioIAYcoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OyYQYUMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tuccUsMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HOEQUkUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PQogQAUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PcEIggos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mcIsMwcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gCksIosk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iGIcsAMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wgwEkMYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\REgUkQQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xeEksIso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dYwcsgIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lmMUAwAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HWgMwccQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gCwosccE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YIIYwcAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IAAQEEIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YucIkcIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oUsUEwME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BcgoIIcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:80 | google.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 142.250.178.14:80 | google.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/2436-0-0x0000000000400000-0x0000000000420000-memory.dmp
\Users\Admin\YEAYAUMc\EQgskEAc.exe
| MD5 | ea3d1bf54fda696e2c4e579305fad955 |
| SHA1 | f79e8ce0c1b78614f7148e7c628219bcee4db3bb |
| SHA256 | 11bd54757b5cc6bb345f23f872b244301674074bc724a47fdd1d9d2d8b9e01ed |
| SHA512 | 3815bea39ce41b963cbda5cc73527b4712b36cbefef6099463a589cec32714673116987c932b66cfe31ccb291544a6e108bf4732627b3c22e8df72f0dc7b4a93 |
memory/2436-5-0x0000000001BE0000-0x0000000001BFD000-memory.dmp
memory/2436-13-0x0000000001BE0000-0x0000000001BFD000-memory.dmp
\ProgramData\lmoYgoQE\wIAwAoYE.exe
| MD5 | fe10555c35fe4fa2d3286a2557770e2b |
| SHA1 | 2145d3091d54887ebcfd265037a301b0d61b39dd |
| SHA256 | ff1fade5c8bd12da0d5a079ffe544c76f5fc81ed2550d1cd590c09bee9e097a6 |
| SHA512 | 523db9de21d3bd990fb11baabca9fb62da15a1f636df6a184846dde90f6ef9e2d88a90d1b53d64d71c142b90db5fd7cc239c95a28593bdc301cc2d5b28e0c1ae |
memory/2436-28-0x0000000001BE0000-0x0000000001BFD000-memory.dmp
memory/2436-27-0x0000000001BE0000-0x0000000001BFD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\HaAAcgks.bat
| MD5 | f5ebb872190a142eadcecbd3fb290472 |
| SHA1 | 1d68f9b94d99fa512b9b88860a4b627ba5b7a063 |
| SHA256 | 819c23dffb8e169247c21362eb359a6e2430bbde0d7d7b2dd250a5ddd292a179 |
| SHA512 | 08e676fb4c3d6874f11fb34a7a4e544b0f615339e1734b0117269eca41cbdcad17252c8eaf66380a87c317e4732d643bb414176e63aeacbbba364476b3558767 |
memory/1708-31-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2728-32-0x00000000004E0000-0x0000000000500000-memory.dmp
memory/2772-33-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qQUsoswg.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
memory/2436-42-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\MyIkcsAA.bat
| MD5 | 304e499ba0b98d468a9ff676c61152a3 |
| SHA1 | 8edf83e991d5cdb27e077babda8a28f12b57b436 |
| SHA256 | d7ac14cf7a70d44de3c77a19555b22cc3e37e0d2f6f74e0dc903aef6a98ec997 |
| SHA512 | 3870bdddd655812d696a2cbb52f331a77cd27963dec251362d3acb70c13c39619381fa50d0d61b3e07017c6491afeabc699930b75c04dc1472844579b3b9bfcc |
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
| MD5 | 3ec5c3e607f34cc9d912e6025ef19268 |
| SHA1 | f0311c3dff7cfaebc9ee927477b2c8b97465e6f1 |
| SHA256 | 7e51a0181f0a07085aefb09c3131cb9d98b9cef7b33f471345ba5917c5619f71 |
| SHA512 | 9ad55ea85ca9fe3eebdd14f09147016c58bffb31c99421cfac13e93b6ddf8b28991298ac417fac663075f934884c6fd982ac28c3df85d327c97a11d45a42cffe |
memory/2992-56-0x00000000002F0000-0x0000000000310000-memory.dmp
memory/3004-57-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2992-55-0x00000000002F0000-0x0000000000310000-memory.dmp
memory/2772-66-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GCMcEwYI.bat
| MD5 | da4c57edf5a7174c85f6618e9a0fbe18 |
| SHA1 | 9dcae6827341e12832378b0af0aaa9a7faaac7a6 |
| SHA256 | 626a35d9868f69620b24cca80266c82baf049af47da62602258bc32d37aa87f3 |
| SHA512 | 193b31905929198337683dd6aec1c28d5dfa8c0a7e35ee40f091f80a214af9f6a393ae0af64dc513b3c8c26dc54874ff4190fdbb6f10d2ebad68f4576fb9f6b3 |
memory/1068-79-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3004-88-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\oKkokwwo.bat
| MD5 | 28cdc5b09157939c6cb91e6e3757b6d2 |
| SHA1 | bb33a66f600784b2e86c640dfa9d5e665f76f176 |
| SHA256 | 8790c8154339835158885300ca64420e90eec5c490081c5c3ef9db1eac4fc1fe |
| SHA512 | ad29e1025b65a6abc0be9bcba26a548488f9531c32baaf14673a04e87036d250a7495710e746c472dbfdae593b3246d5d2687acbf5fc74ee0a9400d0c2135d6d |
memory/1280-102-0x0000000000170000-0x0000000000190000-memory.dmp
memory/2144-103-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1280-101-0x0000000000170000-0x0000000000190000-memory.dmp
memory/1068-112-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FscgMQIA.bat
| MD5 | e1a1f446482290eae1e002133f9dde13 |
| SHA1 | b727f4ac1811759eb8c07469b7f2366bdab323a5 |
| SHA256 | cf08752852639e3bf6968fb31eb5d719897109d7c051cad984e64ca2f8496298 |
| SHA512 | a421ab63d6831e5b89222d6857d7d9ae28d26bce94b371fe2b699a7f4138a11fff46b9f20de9be212a207ad933adcb21f8ad1ddfb1467f37e2bb263a7ff44d98 |
memory/2404-125-0x0000000000160000-0x0000000000180000-memory.dmp
memory/1464-126-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2144-135-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lMwAUIcA.bat
| MD5 | f7572eeb097dc7b3cbdc613957e89ea4 |
| SHA1 | 0ece7b6709e8dfd80357ad58a622c369502e4ce4 |
| SHA256 | d2302892a2e9a3504f80c5d52d81b0bfe097fccb29c4782b1bf8811f121eb0ed |
| SHA512 | 335d6fb4bfd372ebf4954e5dc8316ddc0b6f324ba31e27ea82155443dd4f72d3fec0003864e7f033a2b2564fb21fe92390447c242f06318629b5975e8be6d85e |
memory/1976-148-0x0000000000130000-0x0000000000150000-memory.dmp
memory/2300-149-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1464-158-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\twQsAUUg.bat
| MD5 | d124690744211b48ece6c35264beac0a |
| SHA1 | 9b1e75c4b8a384ac0da1c4d9b2ad201645fd46bd |
| SHA256 | a77845d76431e49b6e1fd475e6c05599039e7b44ab0ca46420b938119317c399 |
| SHA512 | bb7f7d4cf5a7bb4054a08dc8f3fbca7c92c38a67e1612dd2f8eafc121f76e51a3f9d6d55b14487063c136bac0512573b4beb566071e79b1e8b4b151b42d163dd |
memory/2644-172-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2664-171-0x00000000002F0000-0x0000000000310000-memory.dmp
memory/2300-181-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\hksYgogs.bat
| MD5 | 1343c786d6829d8178b6d87141f21366 |
| SHA1 | 64aecd64fcfd1174dd029b0c11363c9b45a8e4fa |
| SHA256 | c47b0625386b890707d76189653c9ca3aafc80ef3a5f6b729f4b5dcfd6366592 |
| SHA512 | c2fb655fc05d2102cf885ecd7750c8942a636769f75a967077d74660f611efb41cb053821a6a3fc9c70164c6aef121d3a96ac7dc37e716117ef4b65a5c5cd6a7 |
memory/2560-194-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2644-203-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\VwEwIwEs.bat
| MD5 | ddf0c2c85948c4ef0be32643d97952bc |
| SHA1 | 85971945c5906a91095abb1cf06b3af8e312e679 |
| SHA256 | 73965e30163df38c730465656c4767b183bf781713f031fc1ef99f5af47687ca |
| SHA512 | c777f4ff81deb31d7e364f1d10985d2145ccaf1f34bf1613d7fc8f68afb4ff2fea982fb0bda9e251dab1aba877d99034ca01db7be038775f0e495b1b4049fc1c |
memory/2348-216-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1724-217-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2560-226-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\sukAkcso.bat
| MD5 | 9ebc600d365d85441efcd2a7b868809c |
| SHA1 | 8fa302ca5fed84440e78be93835b208c30f3e7aa |
| SHA256 | 5539f4e1cec295c3f705ee456a1beb833f8cddb9e8c9a960e70ac3c3bf03f8e2 |
| SHA512 | cc528fa8f71119c2f9baabd8783ca6f99ea59d2f14fc371794896768e29654666603326cfcd9619261097a5612b08dbcb05bc72376bc889f0f1b1942492798a2 |
memory/2072-241-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2456-240-0x0000000000260000-0x0000000000280000-memory.dmp
memory/2456-239-0x0000000000260000-0x0000000000280000-memory.dmp
memory/1724-250-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\oCEUQUUQ.bat
| MD5 | 5ed95d021d03aca45b8bbf05df886cdc |
| SHA1 | fe05b00801e5e7454517a80ccb2f7165928447e5 |
| SHA256 | 634672e68b974bb1e21b58bcc66b23c3662dc399673dac104779a0d00a73a6f6 |
| SHA512 | 3f31e1b1554a3aeb94eeda70e01feae3aa23ec48a6b08d4dca7aff21a6ff041afab23c23faaa698c746f4a7b6886db6daf99ab0ac92b192145f6b3411062581b |
memory/2416-265-0x0000000000400000-0x0000000000420000-memory.dmp
memory/932-264-0x0000000000130000-0x0000000000150000-memory.dmp
memory/932-263-0x0000000000130000-0x0000000000150000-memory.dmp
memory/2072-274-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\UKsEYgEs.bat
| MD5 | eb0f0013a2645df54c0e7cddbc4327a3 |
| SHA1 | dd4387bc46150a23d709713506ce5587aaf09945 |
| SHA256 | 25ba538ec2fc0f458965ffc952db1ab628138d6c401710e4ffb4025eaab87d19 |
| SHA512 | 7d3653866417b02784160017797039ab3c1eccaedff139feafa9d00819871c00a11ddab2b2edade18f34a1078c6412e52e9f8ebb908c624f1a2fa233da6881ab |
memory/2044-288-0x0000000000160000-0x0000000000180000-memory.dmp
memory/2044-287-0x0000000000160000-0x0000000000180000-memory.dmp
memory/2416-297-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WqgAwckU.bat
| MD5 | 8317217127825d66ac6e054a97afd2a9 |
| SHA1 | 157b24829862683a292703aaf47a5f714728a300 |
| SHA256 | 7583704544827a4ee78ae3c990d25fb4ef58c0b08dce09940fa03cbbbec27bb5 |
| SHA512 | 44586fd9ad438518eef7c2b0564d553d76a23a773f4fae3422b4a3a06692d3f4b25669174d83a58215a9f37045c23d42002bc6b65438285ae8bb49d749992525 |
memory/2724-310-0x0000000000120000-0x0000000000140000-memory.dmp
memory/2640-311-0x0000000000400000-0x0000000000420000-memory.dmp
memory/756-320-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lEEkAMIY.bat
| MD5 | 42ca4eef576dfd908668d6f4d844169c |
| SHA1 | 2d3c2f80d5cea92e39c8d04397d2b61ee0d9a1cc |
| SHA256 | bd6d855d23c37ded3bdb9492d9af4e901cca1a3f6da739852d7f951975e95cb5 |
| SHA512 | 321de6c7872498e197d53fb680cc696c707880140c69ef08f7fa75635549cee6602f949018c45c91f2fa3d068aef0c752b9cc93140f374e4cd924b4e64ee1773 |
memory/2460-335-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2608-334-0x0000000000120000-0x0000000000140000-memory.dmp
memory/2608-333-0x0000000000120000-0x0000000000140000-memory.dmp
memory/2640-344-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zGcAsgkE.bat
| MD5 | 84453adff77ab769e7e7f30674eb6790 |
| SHA1 | b281527b7f8bb844029bc7d79074361dca5cdbb9 |
| SHA256 | 2063304cfba020b2db42e3a1cbf7285ab61454d743ffedac322e3d7bf8c67549 |
| SHA512 | 3338362e720f96e49037d6eaf4655987864cb4bd031fbe107bfc081ad05838fa6789fa3ce1c60ea67130bfcda560bf85c7de4c72dc5097428c19dc24a6e68e0a |
memory/2888-358-0x00000000001E0000-0x0000000000200000-memory.dmp
memory/2888-357-0x00000000001E0000-0x0000000000200000-memory.dmp
memory/2460-367-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TYQQkwcY.bat
| MD5 | 78976b20628a42c31ae35cb2de25be41 |
| SHA1 | bb8902fe50a27e46b00b38f5ed4808b81c061cfe |
| SHA256 | 2fd24daaefa4cc42f95ea9edf2d33627823c7115da53830ac3b742dcb6f33bff |
| SHA512 | 5bb2a70846c8263987e9e7885a08d19881340dfdf78efd0037b0498004180dde2c3a7ef84b77bf7e4cacdb138e70b7f077099a6cf04c8f56e8d5512cebf7b953 |
memory/2452-381-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1964-382-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2452-380-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2828-391-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jUYgkgcw.bat
| MD5 | 3c744343a5121f49e8da959f8ac935f0 |
| SHA1 | 9f906dba69fe907cbbb613e0145904860d83a1a8 |
| SHA256 | 4c0478e48e8e1960ce31deafb2675b9eb2742c9affae90d5d5401d0de74546f5 |
| SHA512 | 16d5e0639eef0e8d04c12f10ab5a05ad1e1370969625a55f5d3daf1803d0de69941631c0bb3346bd5ef0b524d31c9e3098914da42f03a9ee80b89ef57ee30b72 |
memory/1804-404-0x0000000000400000-0x0000000000420000-memory.dmp
memory/900-405-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1964-414-0x0000000000400000-0x0000000000420000-memory.dmp
\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe
| MD5 | 9d10f99a6712e28f8acd5641e3a7ea6b |
| SHA1 | 835e982347db919a681ba12f3891f62152e50f0d |
| SHA256 | 70964a0ed9011ea94044e15fa77edd9cf535cc79ed8e03a3721ff007e69595cc |
| SHA512 | 2141ee5c07aa3e038360013e3f40969e248bed05022d161b992df61f21934c5574ed9d3094ffd5245f5afd84815b24f80bda30055cf4d374f9c6254e842f6bd5 |
C:\Users\Admin\AppData\Local\Temp\IqQIAkIk.bat
| MD5 | d96c084b686a770865341e6006042ff5 |
| SHA1 | 9033d5c9cf7745617c0154754682e7f66add6cd2 |
| SHA256 | 0d986d92e734f60ce2ff45481ad699b4666c26f3f8c53e5ff4b9aa274d77212d |
| SHA512 | 312ebb5693b08a4ba01986b45a320aecca8c62257ec8cbfadaae2abf1e1574250d8319576f838d377ba7a262192ee985085d2d978163792914d1b8e2bad6c975 |
memory/1160-428-0x0000000000100000-0x0000000000120000-memory.dmp
\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe
| MD5 | 4d92f518527353c0db88a70fddcfd390 |
| SHA1 | c4baffc19e7d1f0e0ebf73bab86a491c1d152f98 |
| SHA256 | 97e6f3fc1a9163f10b6502509d55bf75ee893967fb35f318954797e8ab4d4d9c |
| SHA512 | 05a8136ccc45ef73cd5c70ee0ef204d9d2b48b950e938494b6d1a61dfba37527c9600382321d1c031dc74e4cf3e16f001ae0f8cd64d76d765f5509ce8dc76452 |
memory/2948-432-0x0000000000400000-0x0000000000420000-memory.dmp
memory/900-441-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QYwe.exe
| MD5 | 5521e719849b3cebb8326723e2f57739 |
| SHA1 | 4ff9fb40bac3517513f526d57f1f6effd7b6a674 |
| SHA256 | 00b6d1f3bf504705d32320e1eb2c9958cab7b4d2f85ce3fa1de89fda456e6df7 |
| SHA512 | 19489c364609a6f07ff2a2efe818331bcc38d488722bde9cf61d0ae6f8cb9f971e5ff57b1de5f7e0445a028f51a429cff5c0646aad791a2b1a3e982086c363cf |
\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe
| MD5 | c87e561258f2f8650cef999bf643a731 |
| SHA1 | 2c64b901284908e8ed59cf9c912f17d45b05e0af |
| SHA256 | a1dfa6639bef3cb4e41175c43730d46a51393942ead826337ca9541ac210c67b |
| SHA512 | dea4833aa712c5823f800f5f5a2adcf241c1b2b6747872f540f5ff9da6795c4ddb73db0912593337083c7c67b91e9eaf1b3d39a34b99980fd5904ba3d7d62f6c |
C:\Users\Admin\AppData\Local\Temp\CssAQwoM.bat
| MD5 | 58192e632afb31d60ef588c0be2effa5 |
| SHA1 | b02eeb4e7c9bccc56589f7699487eb9a75cbd947 |
| SHA256 | 9c0628d061ed8ab5f7b01d49c41549b47f9aeb0cfe3df2b84d592899015b6494 |
| SHA512 | 70174412471be47847bbf0807d1f982c3e62eecbee2402dc56b255d3929cf15a1c9ff7e01afacbf248d139ad537da5f690b5eb8ec6598f6008e19430ff75d07e |
memory/2820-470-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2468-469-0x0000000000170000-0x0000000000190000-memory.dmp
memory/2468-468-0x0000000000170000-0x0000000000190000-memory.dmp
memory/2948-479-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CwkS.exe
| MD5 | 3d75c7937488000eb23e9b5cf06b6b52 |
| SHA1 | 12adcc624c71f515838b3e2ab0058fc1ea9c1499 |
| SHA256 | 1295647a438010c87d6a2b471a8c615b210b26e610bb4af6b6ce3e59298d429d |
| SHA512 | 58890d1fb119b7e310760b0667b05c68fcae541f9a698f6a84f7153a9e89fd0937ff32f71b2807420d1578a4300822cf273849aac12708b76f0d28319189ba71 |
C:\Users\Admin\AppData\Local\Temp\cqIoEQkE.bat
| MD5 | 9eff2a0b3a19273e47b0bcf31f5d114d |
| SHA1 | a4ff9f032b96889dd662abd11a9d5e061092566d |
| SHA256 | 4bf9b8cba00d0618b8158dbf165a13c1e4bc83c793a40d3f4a5de62be03cbcb3 |
| SHA512 | 30d7603b086f82ae8a5fdf72f0399ff9add267bc6c88d842540a787ef1a2b825cae6e00eca9fe7e94277a2b0406cd103edd113244bf866be0f3b10045e7fbf90 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.exe
| MD5 | 0ed812570f3b30b067b9ca313f13f831 |
| SHA1 | 5f986e1c1c27dc30f270036fb97d8d565d9db6ef |
| SHA256 | 27ff956ea92cb2457a391f3693e96c042d9e6927fc1c0338f9acafd237dc186e |
| SHA512 | 89878524e1b39a2766c9847596cc306481030889a1d8688bcac7bd1be70ed81d9dc5c8a88b999f630641d5e44e0df8afd30ff45292715b336bb07235d82a8c42 |
memory/2836-515-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1416-516-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AkUo.exe
| MD5 | 804c614beda5f5e04c47a472f0203f19 |
| SHA1 | 8a281a76d1e11da41b341ffd26266a35f166af45 |
| SHA256 | c4c4b371c86312c275e08853947e8b175d7e3d940f43068bab4f21e28d7dfc89 |
| SHA512 | 650c393941fd26d114aadaa0c79bc46d1e59ec2fa612c601cc043932e8a9d24b9b2da5bc5e7e677c5d2e0a5ea2cada14c0ac8f5be2f038e3f0612cb9f0a93d83 |
C:\Users\Admin\AppData\Local\Temp\uEkS.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
memory/2820-526-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uIUE.exe
| MD5 | d22c93dc55243318b350be85f1a99355 |
| SHA1 | bb0268ef4727f3d3fbcf8b65f5babaa99bafdfaf |
| SHA256 | b0c7cc9eb1f845289a347c6b425927e26ec229a259622dc87ca91cb8c6e10762 |
| SHA512 | 9ce09266ed7738e9216f02aa684edba804c08184aae180ed98a1cbaeb6fed2e8033af25afc1aae74760f8a41029173ad2160ca96203361f7c2222866cf6bf1ce |
C:\Users\Admin\AppData\Local\Temp\GUAu.exe
| MD5 | d201a1c4ef1f6798bedb151840be338f |
| SHA1 | 6510aa9ebe23a4ec7c9b19e2c4b97f7f6bd4a708 |
| SHA256 | 2d10c86f27382413e109b18165f7333876e01c06a5df65dd9ade866685db36c3 |
| SHA512 | 1d2401c021bdf825d57b1645658a6033b73b9f8099152685f1376d6283450715110e90ce7f6e41d2763e00d45cd37f174676433f2fb9c278c24acf6b3fe6ff11 |
C:\Users\Admin\AppData\Local\Temp\Aswi.exe
| MD5 | 5aa6b5fddc3517a69ee16496dc5fc33a |
| SHA1 | 34478f62f0d92a7233f3187bd3947bc6467e921c |
| SHA256 | f1c43e506616832852c944ea99f81a0b87bd92840dfb76e89851c42b42ed0112 |
| SHA512 | d615786b19614c67b387d553bc850961c6d557c14cc617e5f597ede582966ee3fefdf42735036e2b1131406700d641bf99904c27857b5e5c627612f2edd95041 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp.exe
| MD5 | d0d376354e6eb2381436eb25bea1d0fa |
| SHA1 | cf1754f414ee0ad343e367f763528672edb3fc58 |
| SHA256 | 370c4ede186cac7f4861fb02b9ba1b51e381466ca0101203baad9cac27aa86a2 |
| SHA512 | 7f365c93da72d21f92dfd981513d75bcd2af24626ffd7c9f272acaefd5e43a40b8967e5cbd77cb85b1a4d7a5ed8d7b4a40b0ab5bdf64eb241ad94eaefa9f5b7c |
C:\Users\Admin\AppData\Local\Temp\WoMG.exe
| MD5 | f567f42e2fffa4aab71d2c5caf453343 |
| SHA1 | a304f2f5b0b120b95f4e1304cef682be83e9fb2d |
| SHA256 | 92df6f9777ee253f2c5a220dade0b5c453be3f2e95d664f27a1b671b6f0525a9 |
| SHA512 | a29a207aaefcb8ee4e880318a6209209ee0263b2ce91ed1a2a796ad7a8a3bd38b70d84c543156c53ea7524cb78768c15e5c9a5d21f6f48019752a013afda09ac |
C:\Users\Admin\AppData\Local\Temp\mUoIMkgc.bat
| MD5 | f70725d70916bf05cf7da2ab39b6158b |
| SHA1 | 0ced87b207af4ec4d2e927c49bde0e68d2fbc65e |
| SHA256 | fc82ec8152f42a276d72443c2ed16df5738bcf403c4ea69c87957952775cb396 |
| SHA512 | 46a2557c777557b83b160d1607fbb7a0e2b126f20a59f07267c282ddf09d56bab57afbecadb25c1a9b378070ad5e64420abe17b4bab9570db14b6efc4ae281f3 |
C:\Users\Admin\AppData\Local\Temp\cMYE.exe
| MD5 | 03b9dda013968ce8297bf237d36ad80f |
| SHA1 | 429374ff0b340c6b04ed9370fd7d718df2d827b3 |
| SHA256 | 5eb4d30a3402036b4e5cc3f43b2af9a1f314f7a07fa4694c2a0b55bed97033e2 |
| SHA512 | 3a1119d61b1c07e833c2a553b64ee52093fbbe9364dff3a9d3097e0c0124dfe7af57e4bcde48e0c97e1f76c9ada8c2cd071a5c46adb0c7ca82e70b634911a163 |
memory/2268-627-0x0000000000170000-0x0000000000190000-memory.dmp
memory/2036-628-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2268-626-0x0000000000170000-0x0000000000190000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MwYw.exe
| MD5 | 8309fff9f901dd00874d75c2f325024b |
| SHA1 | 60daf09d8f0c51528224ed3226a1681a9083effe |
| SHA256 | 2323323a17c00d28417b8cf4ab12bb2dabe3d4cedcfda9416d5ec0ac8443f8d2 |
| SHA512 | 64171e653a48e1f2b6833e56710e3a259b6bbd34bbf2ca2208de776065b220fe2db02a5d46426c6fb49517d763582a797bcedd2987616ea1e2131baf8364b0b6 |
memory/1416-650-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Ucws.exe
| MD5 | 9059c4fc5745d1c02274b3f244f94d83 |
| SHA1 | 69aec48cd702efd4b0c9b7303361c7baf6fbd6a8 |
| SHA256 | 86a6e4b1fdb8a0e3c92fcf338fc5f17214e72b159ca54f4a6636bf978a04f31b |
| SHA512 | 39f29b20ad3eceb91f6e0f20810ed5f37188a46ec13fbfd3f906c0a886f7cf7b052f4ac1d6b7afae0975be105eefbf25cf7f6ff033a4de0c12ec0a8e97f85161 |
C:\Users\Admin\AppData\Local\Temp\AsoS.exe
| MD5 | 70e90f923918ca3f836e0a6b5fc4fa5c |
| SHA1 | d898ee4ff8c631a073fedeab5119322541fa076f |
| SHA256 | 4a62a450f65dabda3cf890af3d22b4dfb63bb9eeda9a9021d7217e8c704159ce |
| SHA512 | 278491c21c2a83e1ea2f3d1275a6a9a7ae30e48725ef152faef05bf6bc5c264b49033c0e4eb7363db00f4f6a841e867d0b34ba9fa6aef2319d408979e05ad134 |
C:\Users\Admin\AppData\Local\Temp\yAok.exe
| MD5 | bd3547d8361fecfe738730b37eafbe1a |
| SHA1 | 7f6f5c14495b9af8ffd52b92a70d6ee2c73dc343 |
| SHA256 | d4130a7b30c4424df726c53565dd4d5845efa0820afe91d10a70a70de9f49e5a |
| SHA512 | 738630ee7a43d2ed8c657b7d5e646bf0546d602697233f0c478efe61217d2ddb18c9fc71f606b11001f98ff50e9decdfb7c1db386ef9b2de9cf47bf9dec07ee6 |
C:\Users\Admin\AppData\Local\Temp\YMwE.exe
| MD5 | 24ea68d5740376cd29f2884eb2a0011a |
| SHA1 | a83b3f17c9bbb1f505a19028ee6ea5e538dcd58a |
| SHA256 | 8f54607048df8706feca47c9e203add8311f2e86d7a74f6256efdcf01af8dc90 |
| SHA512 | 5714e79278892c3d4c0b880e0daf0bbbfc5b776e25a8fe2bbed371f8be1aee038fa7fb3d978773dc96bd4cc036f87b4dd99c9197485db6144afa9bc927ff168d |
C:\Users\Admin\AppData\Local\Temp\vGgAIcEo.bat
| MD5 | 215a375f7a51ff6174d1b9754c9382f4 |
| SHA1 | 5e08beee00011679c4af5a37024194c4c24f26da |
| SHA256 | 5ef772aac04a5856b743986ce43f49c5b8a8606bbf3589b9843f9a285971d9be |
| SHA512 | 9e0efc507dbb599f9d0cc2ffa12f06a1b45faa2ab0bbf77152a04733ad2379f7429aecbfd16aad1dece31b2ae1b9206b3901dfb93e578ead34aae0d8ef88e396 |
C:\Users\Admin\AppData\Local\Temp\qkUI.exe
| MD5 | 975eba5f7d5fd98ea61f36764fdde43d |
| SHA1 | 24ff290ba6b403c69d01b2fb789fbbcbe7771dcc |
| SHA256 | 72d8b544a0b34bc93b05987cc7b83692ce9d2206fc4d9c0ec2eb80f8176a5497 |
| SHA512 | 468ede3c37d6bca0560d3eb406599e75452eba9238caf665a5f17bf0af87166b84fe2c96d4478b8f35dfcd1322529a1fd7a87e87142fc485e731bdb29b2c3c3b |
memory/2748-739-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2648-738-0x0000000000160000-0x0000000000180000-memory.dmp
memory/2648-737-0x0000000000160000-0x0000000000180000-memory.dmp
memory/2036-748-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\aQQW.exe
| MD5 | bc289c6b5dc026e66a7f943f140605ab |
| SHA1 | 591f588ad5bea4f56e928e7e7d0a6c733165770a |
| SHA256 | 210bfd0892d4efe6788d926f68d314d88a7663f13b5af8fc925842492a98c23c |
| SHA512 | 0379e40d268572517d483ab56f11eaed1fde424a4f0639098c10079166b57bdf4aa232a0154b958a78a6b929fb9506ec1d2dfd2bc5787ef0d071e8bfd1a86fc9 |
C:\Users\Admin\AppData\Local\Temp\uYAO.exe
| MD5 | 42eebeea3032422eb3744bdcf1aaff21 |
| SHA1 | 7c1b71b40eb90e5e656a8699e8871731f1e24c19 |
| SHA256 | 7e5618e88bf797c2e2febc408eb6ddab583b1348e187609dabf1e9e40f52f1e3 |
| SHA512 | 9756fb314e922f840d7a8fb68ef62ae8475c1b81225a9dd5b69bd1c607a66192868ffa3ca2adc258915b01b2a9e8d9ec913cef147008bb949d5d3f5eac3ec1ae |
C:\Users\Admin\AppData\Local\Temp\sgMM.exe
| MD5 | a12b1118f9f007bbb74c2bd0872188c2 |
| SHA1 | 63111b21484ff0d3ac2f1273dcd90a3a83c8f98b |
| SHA256 | 75d6f60620862dcf46595406ca60b8d0d86234c6324a2f3c3832af66ac6446a9 |
| SHA512 | 98ea670c9d1ac6e329c484e507e74e87571bd4258b8ba966cec2c760ffd7605383ebe47bc6310ef5eae00b293b7c20c34b442e191f3731f93e56f5635e76397f |
C:\Users\Admin\AppData\Local\Temp\CwMe.exe
| MD5 | 7566cf9e96c5da1fe34135bc2ffb2152 |
| SHA1 | 3e48613fa96e12e39877b4f7957ce3b237545ce2 |
| SHA256 | b16a2eaab3a272dd3a4c7fda3b543c0beda0b055b4a677f94043e461f0a6330f |
| SHA512 | db8a2f10c891020aaed746420a317b49c86bf98f37265b0970e3ece3e9a18c9ee730c8700ea42e114797d85affd06081f1780541b20f27ae9f33e8989cadacec |
C:\Users\Admin\AppData\Local\Temp\teggQoUc.bat
| MD5 | 1713bba4a025b836130aec98b640a962 |
| SHA1 | 049240574283b4e9cd416121299267b5d1184ae2 |
| SHA256 | 8bf8702445a81dcb794fc801196be60987b7da820b77ff49481527af8cb4fcb6 |
| SHA512 | 8f30effe5f1f81360859f124d7e5424d2c5a7537660ea712df6f71327ff65f5884b586e1a3893a5c197291177eeb42094c522e26e00b53900f7c96515f624532 |
C:\Users\Admin\AppData\Local\Temp\gwsi.exe
| MD5 | d89d9f10bdbecee505279ce3bd95ab51 |
| SHA1 | 48d234246147fa845cc54eadf6ca8d8baf23c303 |
| SHA256 | 4061afb1dc90fbb8287cc90f0e884c1abb3d295ffa571f42b248c6f34ef18d83 |
| SHA512 | db09d45cdde4df3e5735760945dc23ad96db479698705ed6c11430163aec0b8912c2e7049b088e99838d545a90174d45835bab650e8dfbb62efc2967cf735330 |
C:\Users\Admin\AppData\Local\Temp\qAAQ.exe
| MD5 | bbae1ea6640c86734cad5a3e2b3ee68f |
| SHA1 | 8738195b4fd20ef45bd373eedaa4c990cfed77d4 |
| SHA256 | 94b7b35b1017cfe56d01ecaa22fd0683e6c543342d5b1e9ea84eaae76fad6107 |
| SHA512 | e0f407ce17edc281c2c15a87b7d60c3d4e47762e183abd4fe6d8a9e978804b37be4071b933565d6f3e7e5b0a375bbd2e0bbcf243c5b7e2eaa7d588d6f72debba |
memory/2980-838-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1452-837-0x00000000000F0000-0x0000000000110000-memory.dmp
memory/1452-836-0x00000000000F0000-0x0000000000110000-memory.dmp
memory/2748-860-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CccQ.exe
| MD5 | d24f5b2a3795bc3208e2812fb3add735 |
| SHA1 | 501f09ddd452989300f87bd1a3c3cc733e8a9c94 |
| SHA256 | fe899c6199b5313a2c2b3018458f8bb0e6d22999422c7bd08141c9f16988722d |
| SHA512 | 328a9065d485d251660d8b5690f9bd27b9ee304be25d3adc8e8e2d15ebcc2367d089dc1e33dd4b36a592d0a22557a3f766186654db0dbe7d688cb783b27eea1f |
C:\Users\Admin\AppData\Local\Temp\Accu.exe
| MD5 | ceaade30202e9674d52965c0f37e2e20 |
| SHA1 | 7da85425e2210ac9eeb7cb649fb39f3930199f9e |
| SHA256 | 715fcf21ff34cf10eb5d6985319065bbe69dc70d69b7b7eeaf999214b731efd2 |
| SHA512 | a310c2e9d59720f1211fa1d3b517841b7f8fb6f293541f1acb89c331f41be0def06652a66ef6624a248a331ac42f31f1e862525b337f5b33e0bac258bd1ec72b |
C:\Users\Admin\AppData\Local\Temp\kIEm.exe
| MD5 | decdd8b4d37d293be574a825a4df22ad |
| SHA1 | f351d2b29644f4de2eb823ec2dfb7fe1c779b5a1 |
| SHA256 | 33ace3bc3fb7055717d283f30c962805aa62d8e47fd38e14ac81d9aacde30b98 |
| SHA512 | 9c80e3ddaae8f971c63e8d58a3e104b8f7c0cb5b65a6bba57f72912fad765112b9f51f3eef6a95b70bee901a6ef9f5daf23ea8fdae90e6f75e7f4617ad8fb9c0 |
C:\Users\Admin\AppData\Local\Temp\sUYQ.exe
| MD5 | 6cf2f6af919305e3b8be629b430fda65 |
| SHA1 | 0f12f007a871a55880b94b3cd1c92ffdd6eac062 |
| SHA256 | 944b337b66010fda81f3bd7db2098079d0400969b9ce2a8d4f56cf38883e6b82 |
| SHA512 | 1687c7d51e0f3cbbd27359645d0a7c51c33cb9c40806146c7e3115efc990c1a14ffecc0d9ec89d893a4d73faf6ee3583594cc75b77605273426bdc5e06bf9a4f |
C:\Users\Admin\AppData\Local\Temp\sAAC.exe
| MD5 | e95310ac6d77484d238f69c2bfd61ee6 |
| SHA1 | b74ea7db244328cabc18d174bc53cbfad7c10634 |
| SHA256 | b1b5868349f5a04a10c3dd0985ef99d16b8bda5cc773bad63c540a39d9eb54f4 |
| SHA512 | 9a488d9af7b22928a2a596b48f5f5f5ee867a78e3cebb8fa3e51932a9261b06e59f0fd809c1a31ef0e4fda8b2851a7420be6dd276f8489521ee36e71bbb5d5d8 |
C:\Users\Admin\AppData\Local\Temp\Askc.exe
| MD5 | e133f74845be7144aed1b5f49a48aeb4 |
| SHA1 | ba61d550275d843d50be418ba8488bc548153da0 |
| SHA256 | 71e58a1f5e3cfa52ff7a65a75315abb8fa6bb5438666b54bd8a76aa0b8e4e5f3 |
| SHA512 | d4ca7ed85c7f311e682ba0fe06da2ece041cda6031e2d2e8d75ee7c31a30c4f835f915d9b19942aee5433152ac0d8283aca1da0b859da3444d74b4def5020050 |
C:\Users\Admin\AppData\Local\Temp\xUsUIQwc.bat
| MD5 | dd35d6bbd4051c32735da72c4e72c346 |
| SHA1 | 532622ab365169b02fc65a9c8e15832b1794a38e |
| SHA256 | f42e19b1d47f1126c722f33af5078ace939b2fe4ccd83123b366b3981eebc5eb |
| SHA512 | cc9520f395fae0c18b7df0120fdd0d69f79dbafa56f3be14d01e8aa3146012b19da9d6d41c7a21e3ebeededcac6c00ce26ec64e75837dc812aca74d51cdfac9f |
C:\Users\Admin\AppData\Local\Temp\MoIo.exe
| MD5 | 00172265b5f50268483e57f9f0c4bfef |
| SHA1 | 0bd6ed4e69492e39a0ce13b1c90c55a2f50c26c7 |
| SHA256 | af2c757de544170cab5b0d1b9943b86de45fe180786f2b640e4c0a54617373f4 |
| SHA512 | 2d396fabbdcacf4cce0b106df487f3c1900fcc4557c4578b0480ac3e542251b7f94b3723d1516b16d0ad99a40c9acd2ceeea3f3bbfa763d355def691e280ea23 |
C:\Users\Admin\AppData\Local\Temp\oYgS.exe
| MD5 | ca36df2b313edf9669d0819e696985d7 |
| SHA1 | a24faccd640e8168d4fd46f1ed4a7ecdfb2b5de1 |
| SHA256 | dd5cace7a28cade4192709304d1386a4876b69daf588035d713682bf555e7a95 |
| SHA512 | cd31bd65018a7edc106148bf93c2b1ab1854df4a651d15b02e194f558ab34f0c42020a3dd718079cda5d2e358478f77940cfd15e216b6a82341412d88814a1e3 |
memory/1176-964-0x0000000000400000-0x0000000000420000-memory.dmp
memory/532-962-0x0000000000160000-0x0000000000180000-memory.dmp
memory/532-961-0x0000000000160000-0x0000000000180000-memory.dmp
memory/2980-972-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\wUYw.exe
| MD5 | 66011f64f5bb66033c6a0efb5e5edbe4 |
| SHA1 | d053faf680e607bbe72128ae640767e7fda870b5 |
| SHA256 | 2e655fece1d10dfa16f5b9bb83e2fe55f27a9ce75594272ea91a91361ac1f382 |
| SHA512 | 74fd620a3a270703fa142b71e1a454dbec27ea603b9f4b1d7f8a9098733d6d36b1bd77577a2d4d519a380aa605641d43257be2acdd3230af5ab63bd3e815bd4b |
C:\Users\Admin\AppData\Local\Temp\CUUQ.exe
| MD5 | 016ddf182e3757559e1133b8fd892771 |
| SHA1 | 79c24cd3333467ea79161031d57068222508ddb9 |
| SHA256 | b7a2d0a1c83273f9806ea25ac7143c8e5c12f003fe594b4ebd56a002859b0cab |
| SHA512 | f75f9094ad10abee6cb2723d8de06ec3dc4213460ddfabdbd83f22e15cc386b769fa4b88406c85c709cf8437f5479c35d7397e176bc3be3cfb8d96bd858bbbea |
C:\Users\Admin\AppData\Local\Temp\aAcq.exe
| MD5 | 7d0accddbe24a3aac5d4da0e34ffc6dd |
| SHA1 | f3576afab7226f9728479e3382840ee9a4a45e73 |
| SHA256 | c6ce7b8682b830142cbc456ea4dd99d00833d0e888fa42976a014fc576a8edae |
| SHA512 | fd24a493dc569a3f585a31ca961604404e3bcbcebf8e95966a3a0032b9fd684ea3d6adac9dceb4e29429d5229207ddfbfbab1bffd14fe399a8ac9ac0c2231ea8 |
C:\Users\Admin\AppData\Local\Temp\OkMm.exe
| MD5 | 693d0e4642f428224e69ba0c81aec481 |
| SHA1 | 3a1208d5024736cd6ad4e7d8f3621de8c54021e5 |
| SHA256 | a613b2039578cef39b86a43d3acb77c4a8c0bd0123ac879059fd91d3ff61d8c6 |
| SHA512 | e2c143a1dec7ed0ec2e8a1f41aea878a170d69ea2b7352cee8f4557aef3a044cd478bc50b3d2cbb2ea4b8a0212915f421c68218f5de82b6836a1a1a839ccefc6 |
C:\Users\Admin\AppData\Local\Temp\jeIAUEQc.bat
| MD5 | 11711f1d672f9e84e78bf62c6a188f86 |
| SHA1 | 1899d0408512dd672ebaff73425aaefee1ca2161 |
| SHA256 | cc604c08a0431f39890a2135918281efdf6b1027a5dec84647a859888b10155f |
| SHA512 | 02203049e7544f9fd4f6ea1b18375f79eb12913e3d58eeb2824905184d500cc29112cec6f5d67efc22de508c15de1c370d392d05dd32690e76736f457d764ca9 |
C:\Users\Admin\AppData\Local\Temp\iQwy.exe
| MD5 | 010d1e2578b105ab0ad4f4acde71919b |
| SHA1 | 5d836aafad0ed9285afb71713755eb103b653a84 |
| SHA256 | d4ae5621ae78c55a3ce729b0fde55044fcca4fcdb41a31b60f01de5b403ce0f2 |
| SHA512 | c6486f27fbb9a33e719e718b1e8fea1c87b6e54066c02539e12b294061f2631e8bf9740c198f737db1c4de8eb2ed1017f1f4f9a02069ae4247ef59aa59b91bb6 |
memory/3024-1072-0x00000000002E0000-0x0000000000300000-memory.dmp
memory/1176-1082-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1324-1074-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3024-1073-0x00000000002E0000-0x0000000000300000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OcMU.exe
| MD5 | 7ebecc0e415e9abd4c845b368faf4397 |
| SHA1 | 5fac32fd5d56edea3c689dce740b26115687d5f2 |
| SHA256 | b40d546390840cfabae5d76e90e9a99f57fa031e4c9656e6394a370b34e37023 |
| SHA512 | df7c9687e058612c375bda4a65e589be0b2b5c21534b15b711712a67fcaa66fd31b35e33831279f6c148f5c267b398d1013622e50499ab6b48507dfc82e6d304 |
C:\Users\Admin\AppData\Local\Temp\yUMy.exe
| MD5 | 59f987cb0c2ceeb813980d8ea585b701 |
| SHA1 | 9b3e55da178987e4d1ce98f082c5b212cf7ecc15 |
| SHA256 | 3cd3a6341a0d0afe5a3d4256e70ee81014974832b7d8b08097498186a49db4ee |
| SHA512 | efbaad03ae1f79d05ce04a6f13e9e541094f2980abfc3ba04d66f22586cae44dcb2f433e0a88eb651f5498964d9f002f969cecf4ad5786b23913e9b83fce8aad |
C:\Users\Admin\AppData\Local\Temp\mAoY.exe
| MD5 | dd2d877180e0faffe3e6476169c97c8e |
| SHA1 | 10388436ad19466e0f459cb2cc00d2464cdcca71 |
| SHA256 | 9f88e78bb31277a2c085811eda222ae0511e0d761b5239a2a6af1d7637d56d98 |
| SHA512 | 4f04ebb92e60b1b50bbe5755f2d6b76ba0e69645d846eb975b9f37bb9aa7f73f60b3a8e7f1e84ab8d8db0d299ad0c38b4d6f97187ab8a33a57afdf30a0b99f69 |
C:\Users\Admin\AppData\Local\Temp\cMYq.exe
| MD5 | 3a2368b9bba434c498d3f865865506cf |
| SHA1 | 2c90af85c99ca7b0ed0e98ee0cf484867aa5ae41 |
| SHA256 | c44339110e989bd3b102f638c39cc8a8b6ccdbb5d1d39cdc104bb151cb9b7c8a |
| SHA512 | 1a86a7e5c2095842a73757b557acec9156f4150f3c28e2c52893a170636d7335ef960a18d117dfdcb0da62e36109f0f44c5220ece97b7ecc33db774f248b2aab |
C:\Users\Admin\AppData\Local\Temp\Ligwkgcc.bat
| MD5 | f71c678a520155cd9485f7a8d5dbfe63 |
| SHA1 | b6a5d6ed09f7121fb55bcf3a2a56ad7bd977b8e7 |
| SHA256 | aa27428b7536fc3da6fbc73badd72c7f797486c34f465134290defe626c449a8 |
| SHA512 | c493f8702be1fcf088ba7d7dadeca052cb770740f2d9230c6be7215f94faf9ce3698c05d9277c96a637ec1e0e95a037e484beb59cc5573e0cb2b5b11ed95cae1 |
C:\Users\Admin\AppData\Local\Temp\WUoI.exe
| MD5 | f4f56930afc6c99db392f1e9c2160ce3 |
| SHA1 | d904603d737becbbab9628f080a1d1745e307832 |
| SHA256 | 4f03fa7d05f80b811748dadb07c3a04eb9e119d6f739ec0221226cdab817a862 |
| SHA512 | 55169f482ed42a011e4068bc285c76dedc16c0f6f7f51ae0f30844c15d5ebc327be861e59d8771e1e45ee691cbd191964627a11b4bc1a8d7f40fbd023c121a9b |
memory/2312-1159-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\wMYU.exe
| MD5 | fdb02df6b10bbb4c5ff460401717f9f6 |
| SHA1 | 4c199bf2411e1d0f045f903e3ba3f9c368a874f1 |
| SHA256 | c7246cf484070653bafed67dbeff6e6abda5614275f5f4d7d6abec774223e350 |
| SHA512 | 33cce185361bb0af113e0b788ea1baf2c8683a6fd82adb211ba3c87fe7b4fc4fd63f1b9e8031b72cd5ae394b21b3aed1e291cd425eeb8668f1a792539edb8ee3 |
memory/1324-1169-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1656-1158-0x0000000000160000-0x0000000000180000-memory.dmp
memory/1656-1157-0x0000000000160000-0x0000000000180000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cAUU.exe
| MD5 | 8fb802e5957264f22b570471690da6db |
| SHA1 | f9a8f136e298282a9d60a10703ba75947917d331 |
| SHA256 | 558e31b43d4aaedb21348109693e8c21568b813411da1873efb4a3911d1aed3b |
| SHA512 | 3cebbc625a57a638a7462d71ffb86cb7845e4727b0917a5aee813201672134e66c756f025f42bf14caa02c040fda30dd5ab8cc4015401fc8176a3d16ab219e78 |
C:\Users\Admin\AppData\Local\Temp\AIgs.exe
| MD5 | ffbf22a9b0ea5f11ef137c4ff7a18967 |
| SHA1 | 043c4f797c8cf320e01dc64d6d9f71d7fe4376f5 |
| SHA256 | 64d8fe302c403834e7f3471d80c34be42c5c9b717924a023d38a416d6d250dd0 |
| SHA512 | affd1b0bf9ada7497455bd49f791f07a04190de9757c1d490d363a441ef2a8fd88c24bd02512975c0293187453f0a2573e796432bfea792d1d7c7d0d6f00bbc2 |
C:\Users\Admin\AppData\Local\Temp\eoYM.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
| MD5 | 559b90b6eab9d13027a6ed6ef4f053d5 |
| SHA1 | e5952139e081d095b7697251c3a0c71957f003fb |
| SHA256 | f35bf66b927b23cc097a7afec17c7f134d9c7496ed984fb848e70d235a09c61f |
| SHA512 | b7d91ef45622639abe6a88181e177b8438b494ec75782a7fcdb3900e5422631a198436c2c029f1d3f7a2c7217fc48ef6bf8f12fc343f1585557599efdb9be03a |
C:\Users\Admin\AppData\Local\Temp\QIwEUYkg.bat
| MD5 | cbb2b1a9a32a05f840bcd8d323e8b85f |
| SHA1 | 01547bf3be078b60ec8655807de2d511a4505dcc |
| SHA256 | e8d8542f3c10a322bba24a38cc854422e3730f8a22263b077bad07540ec58b44 |
| SHA512 | 44c2c8d8a9078515e3384cc0fffc5138bc712166e6ae1ff566dbe205267e191a60d2c96b808859555233013ce18cf0679e159d465b5c387b6e47d6404b91f2e4 |
C:\Users\Admin\AppData\Local\Temp\CkYi.exe
| MD5 | 49ec69dfdab03c06736d641c673fb4e7 |
| SHA1 | 6c2922f8e93d90b28be146fb0d459a9b5d882b68 |
| SHA256 | e31cbc61be4b08d3ccce9ce591f799c1785fe4d4cb36ddc07da9c5c7ea229be5 |
| SHA512 | 2afb36602f39ecca773e353e07a97f92701542ded33f736dc3db8c69473b107650e2409e3466edbef5441dcd1b944f6b4cebec64b8083246d97d5a0a0e9a0159 |
memory/840-1243-0x0000000000120000-0x0000000000140000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Sski.exe
| MD5 | 9c03697dd1af831286235a8e0b2d83f7 |
| SHA1 | 3e885b440f36b5b44eb6772e262e0b667f08ca21 |
| SHA256 | 48dc71529a97eb73bf3c06ace83cdf0974e23015de7c717c7df0ae986f62d327 |
| SHA512 | 75a500628e4548b6fdd6d641d006a494cb9f737d6acd512247666ee27103c10676ce1a643056b8fb03181b49678a92de6ed19f29b49bcdf5b54ea44a7b5e986f |
C:\Users\Admin\AppData\Local\Temp\GcIm.exe
| MD5 | e1eeb50298d4d4478c03e1ca8908f27f |
| SHA1 | c1da049c1659562a86aa9e4fa9c4e1649e9be320 |
| SHA256 | afa43dc6b8ce8bc0fe3f502e494bf2f3b296613b7e8c8d70f35c5918bc60bbd6 |
| SHA512 | 6bcec3acde121b0272d3a54609fe3dcfc44bd4ee0b87fc0eefd3094c7d7cdc741302be54a9a75f73f1d7fcf6d7df964a047b58ea4242b6eb2c1eba3bf50c0b9b |
C:\Users\Admin\AppData\Local\Temp\cuwoocAs.bat
| MD5 | f747526e46ced22121fd19b767338eba |
| SHA1 | 32d05619e8f0278f12e93bf28b7d8ba448f4a04d |
| SHA256 | 1385e761cd31845f5b89a14b16c36f04dfbe60dfcfa493b6f729ccc1cc419204 |
| SHA512 | 129ed427a6117cffecb00f5d767c91fe4b6fe2ea0849b38c5ba59d049ed2c6928da48b2a06f5dcb6ea4d8fe74d6ecb45d7cc72442d984cae09b690d69a9ad0fb |
C:\Users\Admin\AppData\Local\Temp\QsAa.exe
| MD5 | 133e8b333be9b289e69516ca8fb51093 |
| SHA1 | 745ad3c2c94ec3e8b4241f5ec6ef2ab9c20d9d5e |
| SHA256 | 8e0731ff7317fab78623156fbe633090ee60910102249bb1097916f870eeb004 |
| SHA512 | 7cb9fad0843ca8ff5553d6c18ab8d14890b2624b812fd0c2100ee230b3f2b2dd1a0ad195f8670a5d6326130d39df8b1a237834fb83232be989c61ef4051c1ac8 |
C:\Users\Admin\AppData\Local\Temp\qgky.exe
| MD5 | 15edc06a128e0a2693b597c35230b5bf |
| SHA1 | d4273854a6cb0580afa6330f3abe007f1eb461b2 |
| SHA256 | 52012dfb7f0ccaf0d760244b6ffe6e33c7629f9d4adf3282eb6dc5f05cdd7a36 |
| SHA512 | 6f6c0910145dd2dce45cb33443b27dcb63052062fefd3297e19f051c58042c5621d36f1e83c4d856b90743902d7bd6f993bc05ffd00a1bbe4c8b557500834242 |
C:\Users\Admin\AppData\Local\Temp\yAMy.exe
| MD5 | 0dfcb09260f959d68f29a938fe374580 |
| SHA1 | d10940a137e7747a992ae472ce7765c976aef5f2 |
| SHA256 | 2e6085d9149551ecf0d7545207e202b96d23e515194da95527d4803be23758df |
| SHA512 | fa9d87cdd49546170b9ba3d4d0fa5f2bf3a0f4622f4c50f8e8e6f940d7da1f0822e403c27e90e510addee1e5b88929c4b2fd44d73a10a4d3982fa0ca0773dd50 |
C:\Users\Admin\AppData\Local\Temp\SkAy.exe
| MD5 | 3c8703d6b5f216cddac47adb0228d853 |
| SHA1 | 4fdd9c9392b9b05a06fb482d6245ebbd97d22de3 |
| SHA256 | efdef5a64e469af3b6ab3b6bc680ac33e57fcd15bd89317d364a1664ab79da45 |
| SHA512 | 62c4e269292cd904aab062a9e14c05eba5e17dbacd598bf24dcf972acba99c96f0ba82b77494b9fa0f44fe556747eef2d531e5efc551d06e20352da6182d85b3 |
C:\Users\Admin\AppData\Local\Temp\QYMs.exe
| MD5 | fe2c57940259693a6bc370f3388228b0 |
| SHA1 | 32b0a877dde80dc91dce2575d0ec10ea77228c0e |
| SHA256 | d4f8a38978f6572565a4f46c4e7f295fdf92011eb4b87ac1f27aaae7993acb58 |
| SHA512 | 0f1cc4219f98dbf97136638e80c0eccaf61a1caf0c506eb159ec2034f4851a59063cc131b45c5613a177c6c6f962e750ca2837e215f043541bf51272864d29a7 |
C:\Users\Admin\AppData\Local\Temp\UoYK.exe
| MD5 | 547aa7f8b0916ea68207dd2bc53b6134 |
| SHA1 | aedc2db17eb507b5ad4b98dbf982f5efb703b3e0 |
| SHA256 | 1fc8271aa254012c4f202d0131e25ce4c030d4955e9481d09374b6603b46d151 |
| SHA512 | 096542044770d0236b22e5352be5ff79f188fb8355eeb8ebaf39d584e7819ff231897dc21e902e9688e4f9b5be7497007a84b0fb6a0a57f39b879cdc28eb27ee |
C:\Users\Admin\AppData\Local\Temp\MIUoAkkM.bat
| MD5 | 9861a3ae082e3b56ccf9facb48a89860 |
| SHA1 | 0b3a363fd1415e9610483277718b0efaf67869c5 |
| SHA256 | 6453a9a4c539a18a45a9905a036cdef6ea229af7c3b54ca66893eecbba1fbad2 |
| SHA512 | 63e193c813071cb612b23464fe3be30c0b024032d872e4e252c3aaa8e3fb2b75d90d30d0403efcf84ce067ede877f179b6481abfd38ec0e115950781af36dcd5 |
C:\Users\Admin\AppData\Local\Temp\UEQa.exe
| MD5 | 4dd36e4c39154e649106c92f76ab2c9b |
| SHA1 | cff4eb32b1b27160680d89a107d7d6392028195a |
| SHA256 | 78f65ca235ab5c774867268b412a2e70de89d6024b97a9da4400cd742e256a5d |
| SHA512 | eeab5feea12344c7f8c94958bf0d7075702fe2063dd9ff1224f5d8d97ec37020ab8f5924aab4b59b22bf2412e0316af31889e18a0874cf294c0334f8b26abe78 |
C:\Users\Admin\AppData\Local\Temp\McUe.exe
| MD5 | 011e699d383697e99e403b2f1ba81d0e |
| SHA1 | 022130e7fafaf82364eafc7d836165841d1147e0 |
| SHA256 | 66658440b3711b8649ada3d87b24cd854b3009a41de007299c0261ea2c6103dd |
| SHA512 | 112aecc11164506a270b6cda9bb788832baba48326044cdde3c8977cf49e27eb84341a738d70a8b1270de2e686d4fa0996acef1d656d0a7e374cef26385e182c |
C:\Users\Admin\AppData\Local\Temp\OQkW.exe
| MD5 | 0c328632eaca77d8f057b3dd007d9284 |
| SHA1 | 97720b1647907a1a92b3ce65949528fd55b17793 |
| SHA256 | 0f54eff35282c8bd8c51316b4d91567fb42610df7f52e354aa71fe7b1b33f228 |
| SHA512 | d089049df91a6191c8fd798b6f687d72161af871896bbd11a4f48861fba704efaeea3430a24760810beeffe9339fae9e7611f8a93e427ff015c9bf694634bbf1 |
C:\Users\Admin\AppData\Local\Temp\pOkQcAUE.bat
| MD5 | 1bfa772ba632d972943067ab578bf631 |
| SHA1 | 2adb43888a9058e53275000c7ce43ee72359fc0d |
| SHA256 | 68fa873234c67d29a04af8921ade8403fb1801bdc760d485fa035581e4a7d5b4 |
| SHA512 | e0da8aa188ebec6e9240e626032cb168dc48b66eba97519552b20ca606f67b2afb611f5c6f891f831a2b343ac1a1798e9d2fbb3d406e5f183c4b8517d6aa7d3e |
C:\Users\Admin\AppData\Local\Temp\UwYY.exe
| MD5 | 8bb58fb4e610f8f00539abc688065f5c |
| SHA1 | 04bd93c891bae31c1738be982d96def8f23ecea2 |
| SHA256 | a3192426939b6603b5003d5b222fd3e93d15ce536097d5eda74c0e458be428cc |
| SHA512 | e65fc7b650cc9d784ea067b6eac5e86e5449300058ea55f4239a9dcf9179762c9ba941b7cfd769b3a45599e793da46c328a66314f9efd092fe70a6db44930390 |
C:\Users\Admin\AppData\Local\Temp\IsUe.exe
| MD5 | 3f8ac01eaec17e854b911b85444c2f3b |
| SHA1 | 2c97e99e9199ec71e3fa1a403a355394ba20d91b |
| SHA256 | 9757fab30d3c893b752a992b8f2678d8799a2884f34a4f30813d7e6d11a98dca |
| SHA512 | c18ecec08c2dcd9e261c2836af8321a42066e014c0c2b0fc5fd028804dd25e87cb9956f41f2e0b2b568ec6460aff43db5f0881af31393c6a20276420256dcc31 |
C:\Users\Admin\AppData\Local\Temp\EgMC.exe
| MD5 | d00fb0c20f47288e610e5ad5b6d603bf |
| SHA1 | 7bf9b433fe97950686b217400bbbbf04c2dd6833 |
| SHA256 | dcf6483d17b4ad154b0a49de596eace3c13b6df294182ac91cca0fe3faae595d |
| SHA512 | 5550af2a88dd9403e1d5b32fd8ddd2a70a86dceb8539101c9a362c6746e8db5b0196a0f2684921e585bee86ff4e72717b64f71f99bb019727e4d459d75a223c6 |
C:\Users\Admin\AppData\Local\Temp\bgIQQsks.bat
| MD5 | c0aef8c970ac419f4fcfeae6ec16f6e6 |
| SHA1 | 762cc9e8057cd5137eabf0e3a7e60f3919f3f72b |
| SHA256 | a9ff7239ba5bc401f8a0331c691318b772f0c25ddce3ab7ca4d457ced54b34d2 |
| SHA512 | 11fabf61298d9e7b6dd2f104e1c5157b2215d6d0e48f080b2dbc5a177f07af690ea415cadcc87d8bad8968af73f45776ea9b909a45caa2777521fbecf4c2433c |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exe
| MD5 | af414157e5575c84add43429b94227a1 |
| SHA1 | 66042406c146f664d7c5dc6ae6f1e2fb63daac31 |
| SHA256 | b93698eb522ada318a9ead4c2253bc9abf5c9529ce531701901ba3e17f43c81c |
| SHA512 | 7d8fdf9ec1a9cb4672916fb0da73d84f36666749ca43c71be89b56bd2884f3c8740dabcc43869ccb5d9af8947715e8210931ce10843b8ad462b5a91bf0d09fee |
C:\Users\Admin\AppData\Local\Temp\iUwQ.exe
| MD5 | 1750da043e8b84554866b1d02adfc4e2 |
| SHA1 | d161cfbb3a1739d3c1edfba5c5a99ee5312dacb6 |
| SHA256 | 4733ec114a4223a31ccff05498fa15423d8d52981bbd16f6348924d650950552 |
| SHA512 | be18c99eaa9f12c6d66d05ccd55c239e4474afa87980813e911a9048e9d5977fd04fa728451b2036c32e0bcac7b0e689eda66daf8d31c73d95b4ffbcf6076fdf |
C:\Users\Admin\AppData\Local\Temp\Egsi.exe
| MD5 | 53e3942dc629f9c0fcbfe4004ba831ef |
| SHA1 | 85843ba3e197a0b3a530fa77499dd35f45c993a6 |
| SHA256 | cf4d2e1c19d187c691208ae62beee1124be77a40677f8bde6988981ee782cc57 |
| SHA512 | 74c9d1f63e6f6663563862b37355ddc8f121b86b23c29f619ca84925eb28609df6b5914e70cad5f7c4dfda1f4d2e010fc78256b0187c5a48aef2775ef94f9878 |
C:\Users\Admin\AppData\Local\Temp\NKwIcEwU.bat
| MD5 | f22cb59ab9fb776578839add424ead9f |
| SHA1 | a6150e522991218d0eca768043cc8a1cc03bf083 |
| SHA256 | 5423da790670d41f8520d9ca92101b9e929d13038ce8f929907168ad0236ec51 |
| SHA512 | 3cd0c27a831279d592d2293f76c6c5ebd1e994e8703d3a92828fb7f18bde620bd830b25011bf1c63ed3895d0f5111439c7ba727a36f561e82d341245d884dce8 |
C:\Users\Admin\AppData\Local\Temp\WcQM.exe
| MD5 | b6b116e87a2cb02b82e661298de6d97c |
| SHA1 | 5142f4202f1e816352b9f398d18782cc4b7fb9de |
| SHA256 | 8afe22e4dbb40425841d5497d47ec526891d2ab9b48e14697c3e9bc906914e63 |
| SHA512 | 6aa6934ec3d5fa9104a491dcb0a9f7b627f1b1c162fe1f9595dfc59c98a0fd95e219f165654414e085b5450d2b85506f83dab83122ff8b6feb5cb3a378b0aaf3 |
C:\Users\Admin\AppData\Local\Temp\kYso.exe
| MD5 | d0c1b5b4025089232a9bcfdd73c2b91e |
| SHA1 | d95bfad6e0492548d3b7ed01697fe7840d8d010c |
| SHA256 | 12ff55b304675609b962a240cc401e8bfdd82aedd91abd3258dd70189a1f475f |
| SHA512 | 18fb7b06786a08dbf0cc59da81800c22111c4de9ad346667a545d8c59aa3f6a62bdec3176966702c01ec0ef2b2b0edc832c1d47a6f69421a5326020873438e26 |
C:\Users\Admin\AppData\Local\Temp\feYUEUYs.bat
| MD5 | 59a1965506cedd7ba6b477cbc484adde |
| SHA1 | 2540b584e8fe67808d709a512e3445f2483c2115 |
| SHA256 | 55c9d870643e3541034263387151d9e107db7b072989f86cab4abc264d9577e7 |
| SHA512 | 50bfb34cc070ba23c7a5d9f0e0cf094a7c7b26e8cea41384d96d825ba2e10ae75f9c2b22cb0d37f02e4daf3687319d73d6fd89b15fb905d933684fcb2a706cb7 |
C:\Users\Admin\AppData\Local\Temp\Scci.exe
| MD5 | 8aa57a63394febc837119c9c27cf91ef |
| SHA1 | d07937e36f675bc4e669c7e338ab137afbfe7856 |
| SHA256 | c527c895b62f5e3f9a907b25b5929c2bd44918ca1c3b8d6734a40c9cf80de25e |
| SHA512 | eadbcf1250802ff825bf802cf3747efd3e15839c451e19dbc7c04dabd1e1cd616d6408c7c78baf164839017340c9b6a6acdbfb0b62b683baaa7f14d8335f695e |
C:\Users\Admin\AppData\Local\Temp\wgYQ.exe
| MD5 | 4edc0381ec49ce6ab078d7d25f4c2bfb |
| SHA1 | f11c4d65888e206c60dc99e3dfd42d9734fd2fc8 |
| SHA256 | 71f9032d95cb229333c393a73185cbd32457d0cd895ddaacd6af398b217e76e4 |
| SHA512 | 7988a7c684b9d5fa253aa270d92a151bca26e951d2ca01dfd3de8866acdbedb5583455ef1532dab33dce82e7a88cb1e561a0c702c71d29b05929b7effb3ef53d |
C:\Users\Admin\AppData\Local\Temp\EUwi.exe
| MD5 | 9c58e0db181779189e853ec8341e5f04 |
| SHA1 | faa3f726d7734d9e23203699914757dce4559659 |
| SHA256 | 5882aca6d4f2c752fcb11953c2c1027d3836a0245287227d58bf3e6cb3743eab |
| SHA512 | fe791ee3761c10fffa857864267e7b98130194d9ee14a8dc377a61f249d2006163541e13a4678395d4b4190e2e3975458234593b2fcbdd5ada43732b2b58ce48 |
C:\Users\Admin\AppData\Local\Temp\lAAcoAgQ.bat
| MD5 | df6f3cb2e30dfe7a6253d6a0614e26f0 |
| SHA1 | 9cbdee0b928b0a1eebc6d658c20a517fce6476a5 |
| SHA256 | 61b893adb68abeed628f7a33402c8a5b696e090b686d8d4e2bb4fae701e1fd50 |
| SHA512 | 2e96d7516beff160b3745ada4d8346c2272ac9d7183bc5a12c80f9219f11d8d93b3949f56448f1c7d08a49f2b304fecf93befebc61db1b227022081c97e41f76 |
C:\Users\Admin\AppData\Local\Temp\SIwG.exe
| MD5 | 3ed986926082cc54bf6eaf0cfc65952d |
| SHA1 | e2859b8824603cf839db3b6ddac5f7fe152e828c |
| SHA256 | 4419ffa7f6565ba8fb69720b1c36fc02ab38f87f870513df096596b82aed3837 |
| SHA512 | f877b64470f197d71d254811934a7ed1c41be9bb4fe5cf3992372b60305527709e274dfda055f9b10fec1ac57f267d2b9956579551c122cb2b238bced6f7a5b2 |
C:\Users\Admin\AppData\Local\Temp\gcsg.exe
| MD5 | 72b3350c04d69fe3196dbd75d70fa5ef |
| SHA1 | efcd6f066f6d0b65311b0295ecc983a65cfed1f0 |
| SHA256 | 6fc50458f7d0a2649224e614332cb5d481e9e424abef29e1dd8317c1ed1fb1a6 |
| SHA512 | f6503fa020a288833b7ddfe309f62aea622d5501d7db374cd10052ae688de36b59ddd19524d8f99fd00b79c8b4844e9b3c555c30d22a34e79a2c5d4057c20d1e |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp.exe
| MD5 | 7e5708c7cec0aa5be1d51e98f9b7e976 |
| SHA1 | 665a213de3e3358954bbe76c2e9fadb36bb4acd3 |
| SHA256 | d6c4b0a92d2ee23c46328aef638fa0088d695319c88d7f3ed0f2d6cc19d7cf7e |
| SHA512 | 7d2ce7e65bb42937bbd1184edfaec71a3425195efbe2b3c8923b2e8d947a870aa80ec2bad168a52e890dc60f2dfe06a06714b0a2617a3aca7ad3432b57273889 |
C:\Users\Admin\AppData\Local\Temp\YgYq.exe
| MD5 | 12c9916d1014cca6e86abd2018060431 |
| SHA1 | 980505ae4838332b71437a5a7cda544832b0ea86 |
| SHA256 | 6e4cf0702018ac16be39bf7d2e36a8c0a39ff600582cb70849d089f640705410 |
| SHA512 | 703f1931866025902d36ba3f6a16c913347724b3cb3d808b6c66a023e8cebeb04bac4c4ada2d4637deedab145c582683845d07642b4261e5e47fe2696fe83cbe |
C:\Users\Admin\AppData\Local\Temp\agQgEAAs.bat
| MD5 | 4ceca420d6743e4407d37f9a4f560776 |
| SHA1 | 6a2750d9ba8158d27d1ced2e83b8461161743d26 |
| SHA256 | 5a37c66a4fdb2444b447a9c68d0c33a7216837f7a0f81b934c6925bc078d87a5 |
| SHA512 | 044ea3be7795b7603a9d1dfde1bf841879c925a69149148e41935dd254bf4a48212f68a0e77680dac2dd4da1ce15dba150cf0ce2b4a06b23a1f3b70e9fa0e50d |
C:\Users\Admin\AppData\Local\Temp\AUUC.exe
| MD5 | e3f8f1382093038fc094058d5397b9d4 |
| SHA1 | e87bab5060bf45c1ed6eaf970f70a2985b88efb2 |
| SHA256 | d6b92dbcf16d3fd659423fcfa190f4225f2b9f2f6e6fa61111bc619c9f801f37 |
| SHA512 | 8f5dadf57eed470cf0805f3ba3553e734bf15a9827fb653942675446f38beac6c6d44a235e6426dc5be430c9c9c17eb661e882e94fd118981a10cc63038daad6 |
C:\Users\Admin\AppData\Local\Temp\ckAg.exe
| MD5 | 0f9fa30eb80c4aede962257f5064a1cf |
| SHA1 | 856413006cd89caeff9300692daa87c806d7f538 |
| SHA256 | 5a97d1d4e160368674a109c59296759a99b5f9248aff7542850d9c0731f18daf |
| SHA512 | 49db04366a07d6d2e8c406b16ddef58b783218f446d8b14d564c2fb87cb64d44ec597be4974483c131e2c1816e4f9ccb7816bfa33244861367e9b5d7b034055e |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp.exe
| MD5 | 3241e378773875a3a5edb5471b7d0869 |
| SHA1 | 89e17d44d1d7b608caf9125ef463882c5a02c87e |
| SHA256 | 131743399f051946dcf819d85805897089bab3e605bfe7898917d5ac0df89177 |
| SHA512 | aeaefa6924f4452c5cff88e7687fff6e183d05920f34c9d95bac8f45410c37cda7d05d1083423ac7fdd552057960bcae1302cf7872f2564a5d8927bd5bb0d4e1 |
C:\Users\Admin\AppData\Local\Temp\akEa.exe
| MD5 | fc73db6c9efe792565ed63d4a51244c0 |
| SHA1 | 0fc1f4b4934bde9d7a39ee44f1193fe7f7ddcc9f |
| SHA256 | e348ee2957f7554927c07cd1576b1329813b3ee1a2894c6f9d22f2b1794cbb6d |
| SHA512 | 30b6620c02e28bf2a8fc0647c2419a72f7f4094e96f69da9e4a40bd8fa897ce9e643bd0547b4de514f24dcda547bfab0ff79da12928b2a892095874ec6c694c2 |
C:\Users\Admin\AppData\Local\Temp\YEIU.exe
| MD5 | a55b057f28a4578dfd7a5e922a88fcc8 |
| SHA1 | f6f3fece6bc18f11bf2826a3d5d40dd6ee52f36d |
| SHA256 | 2c8c82f81d507e082841dd4e5c9f0f661e7ce4262600ca9b9b297c556d981008 |
| SHA512 | 420f51e24d44b5a3d8d614fdc24a8153cac1319acf61b6ae2af08431250264fa1e93b2426d4a5fe29d7395f1cbfd47ebab3794ed400657fe8ca07f77f788f7b9 |
C:\Users\Admin\AppData\Local\Temp\cukkMMMI.bat
| MD5 | 1915b339bc7f40bfdbe9392f77e0346f |
| SHA1 | 2e08c8e32d9aca9d04ea2e7e72bd0f8f6f17753c |
| SHA256 | 97b23aa06f0711d0aeb76d9177dad3bd7e870d8c403dd14ae3205229591dc544 |
| SHA512 | efee255738c82420406372da1363a570e9f613c9c11cf8041193c51838e03777fa91f5a0071dccdd5898e103162999f7ef233b2e0a2d9cf527eecf9d1fb31058 |
C:\Users\Admin\AppData\Local\Temp\CIQA.exe
| MD5 | 1810c51e140c7a7a11b68e2d6e9ec3ef |
| SHA1 | 9c136e1d381b1c890dd641e9538b79b4a613994a |
| SHA256 | 489982b163a1acdf49b137023bad5df6788cb36ed2247a54ae8d75fc0779f7e2 |
| SHA512 | e7ebcf0aedcf2bb0177bf53579a846631741d5dfb85f59cc68b30d0597b1f269ae0a952be4d59c3217dcd82c045f21c50a307c6a1a22c1ec484110ca9f2484da |
C:\Users\Admin\AppData\Local\Temp\AMwO.exe
| MD5 | 44cb99563a3cf7b4e165c7ef416aa819 |
| SHA1 | 6596ef164d93ffa02bbb9b467b08843d4d54b07d |
| SHA256 | 3b5f2466b6e13f8783e196028d376ec1dbad4552e998c97065a5fdf0af318ea0 |
| SHA512 | 8746a6ab29c1ccf7e7dec6fd7fdbf90c733efa180b0635b53ce8e7245df6016c3c80ad238defb05c8025e9b3dcae72609da5bcc1555e315e3d366fe1fd344a2a |
C:\Users\Admin\AppData\Local\Temp\WMck.exe
| MD5 | 9e0eb5098ab3d05ecf514a7c2ca78f4a |
| SHA1 | 485db829f9a337aba82d120f2b1e1fd2a881b13d |
| SHA256 | a0e0e7e3ad2901f26acb6c4822e16836a9220192890c971653f469643851b929 |
| SHA512 | 6f88b648278a924b3dd1b56e0762b6345a24b8fd9ccc5d4bea556d49eb7d5109c33f25f6d1949fc67768c8e23b8975ecf0f28d4b58efee225b812e4450a78c25 |
C:\Users\Admin\AppData\Local\Temp\MMcccsIM.bat
| MD5 | a5ff95a72b0fb89183b2279479f40934 |
| SHA1 | 99655056ab2f21b1851cc47d28c9246200a1b9b5 |
| SHA256 | f87edf5445e20e9ee20cfae00db950422be49451c387def9e71650f69eb72073 |
| SHA512 | fa39a1373d6b20e6b16172f04b433acebffa2a8c332d39984d1c2481d4dbc834c3b2430b53d9e3d9b0716814f708bd60e484141adcfdb903eeebd75450b01620 |
C:\Users\Admin\AppData\Local\Temp\WEUo.exe
| MD5 | c86bc161fb3a5cc901a4b40096b691ef |
| SHA1 | bd8182eb39de9d5b29e9d97c8c24ba1a1fcf12e4 |
| SHA256 | 4646db8d8a26ecbf3a1c0cec9332b0911cba2101f4254fc1fde5aace00feea9d |
| SHA512 | 5a46135cb70536f1e466dad97e0d102240b653e6b8466d3ce42fee172d3d156227a0ef43929a37010becee26768169029a05e73a9b734705d5474a416dad13c7 |
C:\Users\Admin\AppData\Local\Temp\SggO.exe
| MD5 | b10a043c64fc6ae9eeddf69061ea56b6 |
| SHA1 | 48c988641750d7ce00e4a773b7ee21772c8f59ca |
| SHA256 | 3ff2319e89c37e2047092c5ef47916630748f20b2f2101144b93f1cc8b9682d4 |
| SHA512 | 0478414d218f48440493cc9599bd2cb79b62b1dc7cd2a74ccb753c654f3d720a6db925682c1946532b9d15e8bd61e5bd90e525be01fe5b1b2f7637a10b454afd |
C:\Users\Admin\AppData\Local\Temp\QwUi.exe
| MD5 | 1916f847a2aa0fbb9400ce8a4cad165d |
| SHA1 | 88baddaf9fdc965c1bfb75562bb6024ea5f60d22 |
| SHA256 | 5b6e3a7abdf3ee39068a0d25ab93700946c4b5be23d2d2a5b210b958ef31c6f3 |
| SHA512 | b12acf78bc1cb36d85008693a57913cdc0149d9793562116d73a2a509b3d0c95bf9b5cf79f582864c394ecd6ec88c1025a80b9c6f77e790db1b3135434d68f24 |
C:\Users\Admin\AppData\Local\Temp\mewwYMos.bat
| MD5 | 1a0b295dac98a490a7435dc157997c70 |
| SHA1 | 9787366b9695cba8f9728fbb2b32f31136288663 |
| SHA256 | 78aa0161df7222a36564ffd9161a0f89d15349b6aa758997d00e9f8542f41087 |
| SHA512 | 3622f64f633e9cebf317aeb8185446dddd0de163c47fb23385abb06a22940cfd3172f24bb599e5991e868bb0096e3c7a3be47336557af3d02ecdabea5f030d1f |
C:\Users\Admin\AppData\Local\Temp\yIAi.exe
| MD5 | 758c6aff782adb826b129be1c11dab18 |
| SHA1 | 7973c081700f2fd21d85d1aa477e308954aafe17 |
| SHA256 | 2918232e49a06e5c4deed1ebb77fe2cf07c83259de1f61151c8ba76f6e236b8b |
| SHA512 | e4aa049fae6aa2e37248efb14e9134dbc165b7049de821ed0cb690b7873f30c22893b970ea370a1e4e3ee450de449ae2af6cc074df3bac43c41fa97ebb496af2 |
C:\Users\Admin\AppData\Local\Temp\oMAG.exe
| MD5 | 0f8f6643d43fa1cf7e6cc9f0d312ad3a |
| SHA1 | 0fd40c09b7b5df9efc188973947756d1fd2bbd12 |
| SHA256 | ea426abbaf50aeb3acff08c63d61aa4d4c70f0e6afc8cfec00d21f3b5b8803e5 |
| SHA512 | ed0e3343ee8a677c9d096ea3f25cae47e14c848e79d6992a41e0ee1641db2c012fe318840f9fe6a7aa597e32155f04a97012598ce8c00d31843f07bc7974ce36 |
C:\Users\Admin\AppData\Local\Temp\ggEK.exe
| MD5 | 74c7703e1369c124ad1acd3a5f5a1da1 |
| SHA1 | b5961ea8d355922a4313b4202137f8e739a726b9 |
| SHA256 | 0d6f6e6d047290b4d0890fc9a0276e2d554487a6f1f5f8f33ac2357f008f4359 |
| SHA512 | 8a7b70d08f2da00103b9c7b6d816a775a80c93f9f2ad3cc9de376e3d0d200cb1aa0f0120df55c1760b7592eb3fc522b1811ce8a0c88e109ad3000f8621b61df4 |
C:\Users\Admin\AppData\Local\Temp\oEck.exe
| MD5 | 6c4a2e4531d7be89d3b0cabec5d7e574 |
| SHA1 | 1b10dd48b472056d01665ac71f451f61ca0ed7bd |
| SHA256 | 835f3a77f9352c26a7f677659d37a7c535b1cdf42ec5f3865013d9787455eee8 |
| SHA512 | 3424fb44a6fa04debd98b7c10d323824b68110a0b8a0d76a7e377f7bd934344c91a6697439b44cdb34f6bc77f6e499aeca0512d6c390c351f2956f8e1683902c |
C:\Users\Admin\AppData\Local\Temp\DCgQIIAY.bat
| MD5 | 0f82a9b0ece22b896e0cdd98a6bae3e1 |
| SHA1 | 1f74d410ad78257e1752dbb84654332bc0835ca1 |
| SHA256 | b5ed85cb28dc00d06105878d71398b9973d97a3c4ce8f5f90fb3729ba86cf1df |
| SHA512 | 1eeca78ec61481d4e4f99cbe359af2b030bf4170d668e2f81a76097333ece663e655989a171a9478e83ba57366b96cf5b5696b5b14a96e5fd32cf72b4c9d9891 |
C:\Users\Admin\AppData\Local\Temp\Ecwq.exe
| MD5 | dd3defd23635b401f508462e4f5e686d |
| SHA1 | 8087902499e33a9e8c54fb74efddc4c2e52c1c30 |
| SHA256 | d2e3ff83009387d0b124f47f5ba3af2a80131a23731ed054f306bce9aab2bcc8 |
| SHA512 | 1ef0d3debd2ce7eff32d41caefeafe6e9b355f52de0db39cd20419d1182b9cdbb9daf0466397a98d36d3515edc1a23ac59b2380dc62e84ebb0056db279baba91 |
C:\Users\Admin\AppData\Local\Temp\UQgO.exe
| MD5 | db9dc5b04674f1532c9e1cba0531ce38 |
| SHA1 | df0cfbf97c6adec5eeb00a6d6d9e98024ba8ba4c |
| SHA256 | 79704d99f56842d5338f34632eec96419a52f53841ac0e59009567d2c04b3169 |
| SHA512 | baba96e82464afc2aa72131a62a75f7f708bc698aafe7aace3a98a90a0e8496fe4f97b4b049e0fa43afa733a5d2af673d0203ee7d1680602ab64d9995374f9e9 |
C:\Users\Admin\AppData\Local\Temp\UYcE.exe
| MD5 | 62f1ae9c8eb7aa6f0fec418858f31791 |
| SHA1 | 1a11e3c90189b5daef3c7dfbb5e4e80074733d27 |
| SHA256 | aa4d9cf4de1be302287ff64bbf5e1b1d85863a52819a2172ba014ee3b2efe7c3 |
| SHA512 | e6f329ac24ec01695958456c9c16f9fca9efb3c0e9ac862383db9aca05f742d9349b1b8d8082d1fa242730f97e73101ab13f741e037e3bea185d260b439643d7 |
C:\Users\Admin\AppData\Local\Temp\uIAs.exe
| MD5 | f6966119d6d198535335db00e8cc68bc |
| SHA1 | e7e6521a33f291ddb87477f37950a8c139c79691 |
| SHA256 | 968e0d2bb35f1a2e3e1b46e0ddb400425e9ce820d8cfcdf67a5b478c192027f0 |
| SHA512 | 521993f1efa939449d06a7b5245e514b381071038078c6e1285cbb35442446d0ff54f2a0e1bd2e9e020bd93345b0f920ad7f10d90c4c1c978734e247c1da4d86 |
C:\Users\Admin\AppData\Local\Temp\niYMEAgM.bat
| MD5 | fa4b639861c55607238a70cd75e453ee |
| SHA1 | d625edc3fd7fdc1f9502b75d37004642f87b104a |
| SHA256 | b5cba2118105d05579e083c19bf5c6c56bef71d226454098dae4ce644a130a6a |
| SHA512 | f457ddbdb78902472d317cf6a7fd46a728e08ca6555c64bb70af4e8242571af1ee8521da37435d329f8bb249417ed0c7d407fa32045e709e345ec56147e6dfe6 |
C:\Users\Admin\AppData\Local\Temp\yosu.exe
| MD5 | 3a5acac057b2d72ac63d1f4ba5000c73 |
| SHA1 | 1c763847439c144d4ea469f468b9206ca4eabd51 |
| SHA256 | acdf9f3567a440c3981ded0324526cbe5e5212c6958e14f162bde88fe5623b16 |
| SHA512 | 45549734bb449489546dcbcebef082163f416d815abc312eb60dcfaf569132326eeeec4a69be7ee57ef033b68d9044820cdd008ecf5c2b87e7795f5a3e0e9252 |
C:\Users\Admin\AppData\Local\Temp\AIAu.exe
| MD5 | 12bb1367d4f4a07cae2f129a5728b898 |
| SHA1 | 02158861f09596e6ca39fe164e9ef3dc7cad33f1 |
| SHA256 | c7cf5f736fb0afe729e3dcea7c47be7ff82639085728cbf1ff6d67128eba07bb |
| SHA512 | 5feec3d889bb7c98a997d33822143c60a102df8165c63228e2466ac6440145273d8f5b2192dfc55140256e1219fc30b58a373cdfa86500cad2dcd4e22e82fc61 |
C:\Users\Admin\AppData\Local\Temp\PYQwIUwY.bat
| MD5 | c8b45f850d3e436b60dfa43fe33f85ec |
| SHA1 | 79a2ec610321374285a1834da7695c1a0612084b |
| SHA256 | 1ecd903f31aaf60706446c0b0f3bd43ab0237d96c6e4b7b0d20af9e6f6a584e7 |
| SHA512 | baaf51422b87194bb8473c53a8d0875778cb2b058f8eb8172274459aafebd4f945139e6be61db09cd5e700350ad3f543f295884c652b5ce9feacd03262aa4793 |
C:\Users\Admin\AppData\Local\Temp\aEIW.exe
| MD5 | 2891d034334239945d9e6227353e9f94 |
| SHA1 | 62dd6d331dab5cb7db4f99c58b67d14a65d29301 |
| SHA256 | 2e190f34654f0bd936fd93a590d2db16fa3b6eacc75d6a0f54210cfe9fb8168e |
| SHA512 | cba2fb747efcf01bcaec3c7f5434f6629d0a0ef12f100eb95ea6f41283676bd59f85eab97f047742a0f2a8ca8c0544e8e0ec4926fbad06dc1fa6570aa3082dab |
C:\Users\Admin\AppData\Local\Temp\GcEk.exe
| MD5 | e9e58b22239a7991e802aa79cfd5272b |
| SHA1 | 563bdbba10434f9d1931918493ee0135ab8d297f |
| SHA256 | a415a2b430319697d8e3f1609d53a1c376a797b0c2ad26e679e0c2eb4274d323 |
| SHA512 | a9d670df3dc9c14908f149c8086b409be34a6ff44edfd9cd9c842e2fa81d91b9126fae4215a0f3d618e4472aa3d8f354a3f5dec827816dc1b86b55e33111c5c8 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp.exe
| MD5 | 0a045571c4a4e849a36892191dacc2be |
| SHA1 | 8c610fdf0ac7c8f401a2239d270b9edfccdd063c |
| SHA256 | fd6469c922439f315e2b959e8a65b0c1104e6130ffe4d46b4bcdc99b63e899a2 |
| SHA512 | 7c82ad58b2234376af8e589732ba4eef37ea98f04420e5f457d692f6c638cea2b769159c74324c7bb6a9829dffe344c4247ba16b676dd63e66f71859d77e3dcf |
C:\Users\Admin\AppData\Local\Temp\qAoMAAUA.bat
| MD5 | 2f37e1892cb707355d88e3fb3625d3e7 |
| SHA1 | 39069418f6cd24909e3eddbd8ba9c1f4a21ca16e |
| SHA256 | 70d71f6af46a30d569acbefbb5acaec491280c1ffe29f9c81d4970de2e53180e |
| SHA512 | 86e8405593b27e765c5b700fc4231aaad04ae4df743875a8e38ff326da93f30239e38e35956d4717099d10b7b06aa7b8bf79f20c9c20a8e3434eb0805b32fcde |
C:\Users\Admin\AppData\Local\Temp\uYQI.exe
| MD5 | 21c717517850b6f69805e2faec9ff099 |
| SHA1 | c54e81432b3e9f9a7947e51990f02c94974950d1 |
| SHA256 | 8b1888f228b591b610ebfaabbdbdd528ca6ab5d310dd282626bab80dfe9b9abb |
| SHA512 | 0be3be6f544e01bee1966196e807b944b035ea3cbc2ab35815dadabed9ad6cac31dbb27aa8ba054d4aaa1a8b1f8fc2b8a0352ba117b0fea910096a2233e4c780 |
C:\Users\Admin\AppData\Local\Temp\kcwAgoUs.bat
| MD5 | f58ab1178367fdf54f1e65662ad4ac70 |
| SHA1 | 17482482e46f422011930a90a8fda96c01a6d707 |
| SHA256 | 97b5d6736e8d6d2f564a628afe0b2ed297d58b8c84cd2d5cca62afdd96162c98 |
| SHA512 | 2ec2201b9e7fd4df0b8f3df7ae930f37d900e766542034bc7d7c52693d3245104e6b8588f2a073bbac8d25e8f475fdae440fa170ba25bf11b9b339dbea04da69 |
C:\Users\Admin\AppData\Local\Temp\yIIy.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Public\Music\Sample Music\Kalimba.mp3.exe
| MD5 | 36bcf838f3239d8dacb3d314a450b2f5 |
| SHA1 | 2338c57c8a977b701b7d374d526380e7b479139a |
| SHA256 | 5f2ec097376944556ac08a46e152b0af37353fdbb02b9c0a6aa7566cea91ba2f |
| SHA512 | f2c863a8e2da6cff1aa4f78d9898c3cfd36f3f0a4d623e834e95c60e757313517dae0f913a6cbe8fc4553e3dc7c899eb8c359e94a954faa0a5cf11f4b984b61c |
C:\Users\Admin\AppData\Local\Temp\CosU.exe
| MD5 | d5391380d628ec3f7f6b167ec719dd22 |
| SHA1 | 31d27b75f5d28c71d0e07edddda4be2e0d83c213 |
| SHA256 | 5e930ed6d33e94554068299845b577f2d4b28892e2a6f273cd5826a0913c1284 |
| SHA512 | fe66276683188345822eeaa013a2728258272fe4ff8da98eda82e1b4ffded1e7dbf551e955e5b29d993e2223b41568a54db35c583929c61425ccb5d0b6bf1942 |
C:\Users\Admin\AppData\Local\Temp\AOowEIcc.bat
| MD5 | 6aa5304fecc5cb5c7125c3fa1cfe48d3 |
| SHA1 | 4c876eba1f2b49e5ad516ec61a9f1a7142534564 |
| SHA256 | d4cc6c6ced2df375830ea022a6320710ebac0c5838266abe5040513b767442c2 |
| SHA512 | 18eacf6d3d1bd57af069ce816c5ba18bdffbe6c25c1935a8da4ba7c7772012675c0316e12bbed15f75acb777f8715cfd48b39c019d59db0fef02f29e803052ca |
C:\Users\Admin\AppData\Local\Temp\SIgc.exe
| MD5 | 54d87d5f97b9c5b89d4803ab4e19ed54 |
| SHA1 | f6d28c487365e80b9fd77fcdc8a55001fd7edae4 |
| SHA256 | c25961b23e9e5c6a4d39927d675d31a354af8290df10dcb9bda9ec2928d1bde1 |
| SHA512 | 1e10a727eb656db1974eba018324f9f559af565eac9101d32427351b621dd9ee28793a20ecce3813c8845f0da5b73ca18bd1fcb6c8f3d7e4711e117e3dec4296 |
C:\Users\Admin\AppData\Local\Temp\CsIcoYwo.bat
| MD5 | 6abf6b4c1c9e6c4f2be08cd2fb25fe44 |
| SHA1 | f565f50c2d3d0dc2e9401bb3c22a2b066271a8f2 |
| SHA256 | a125a116d60927d772d166a13649654f4c45ffe2e1024ea8410096a09591500f |
| SHA512 | 7dbc427c5537ccc2257e8be13193e5a01cb796eeb5bef7f9755b0972d72792bf142e96a652c12972ecbfc177800f72fd7dfde53307e873d3cbe5a19c28145d71 |
C:\Users\Admin\AppData\Local\Temp\cUgq.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\AppData\Local\Temp\kskW.exe
| MD5 | 4dd946760423893e2aa99cc4d331b43a |
| SHA1 | 2ca955e0ba82f9ac9782d975d75685ecacb22901 |
| SHA256 | fc996224167e04d46ce0e11f2c6c1cb766b5680ec72aee8b1cca35efc46fe769 |
| SHA512 | c9de551defb19c5aee26b3e06eb009212d82a04453a1583e7cafb692cece5f78f0ecc7c97c920048a4af66142b7979d00e4900137c0fb85d337f01eca6a444cb |
C:\Users\Admin\AppData\Local\Temp\WwAE.exe
| MD5 | 65abbfc4e0bacb73f0650ff98ccd5d5d |
| SHA1 | 04a2f3e79b4f96b2b3d5cc145f94f99bec76a626 |
| SHA256 | d6af027eb50250a2da830794bcab32157dc10507bb0afbce06a0a552cdff0786 |
| SHA512 | 191eaa56f9715f368101fd586b70477290603feeae4584810be0f9b936176dc04bcd043734b1af09f337999156251fc55240a35cff85760e5a4500e0ce0ac3f3 |
C:\Users\Admin\AppData\Local\Temp\qAwO.exe
| MD5 | 7d01b45e143ab81afa5964e0b13d9f86 |
| SHA1 | c7ce164aa52707801c38ae1bcf0700c03306f8d1 |
| SHA256 | 7b15c8fc81fe40807f09e3d2b0eccb6e54021d11aebcf5769416e5fbedb31425 |
| SHA512 | 9d2230e9c7ffef0a295744aef0d404341051314abae3078ca2e5d77b7028299fab9215192dba0b05768d0d79c318c1440a6a15e4071100871fd7821a9572d997 |
C:\Users\Admin\AppData\Local\Temp\IwoQ.exe
| MD5 | 29f53a821bd94b4ef31c188be08b9547 |
| SHA1 | ef0199186ae016606d960d2165356f0321a4a610 |
| SHA256 | bb0acad786cf99f8664fbf7c93b0932f0809fdecb20468e6a0b4d5c6d560abad |
| SHA512 | c8cc39e24e0440d1a643abee3555e8e98bc2bb2238dc2c2e04d1204e74c41156922358b453076a264ee490c6def0e531a341fbdb88db339499199e2bf3e20df9 |
C:\Users\Admin\AppData\Local\Temp\eIIY.exe
| MD5 | 5c94dbdac459bbd9e5fead3058627c6d |
| SHA1 | dc1c6de51d5458e3d2d0ffe97fd2fb25e21d5673 |
| SHA256 | 1e81833dae78591a261dbfd125b41b14bfe9c95fbe0723fd25af0e73c8744915 |
| SHA512 | a69f20945b98ae66cd9c5f4c640af06eae66f41eaa9ebc53017f91023770a4f231c21a6e35100f117601f04bd4b5a25d0d5d4532101532686c6b8617f2f9b53f |
C:\Users\Admin\AppData\Local\Temp\MEQW.exe
| MD5 | add8a3f94d5edcb0d0f2dbc244276b9a |
| SHA1 | d9dab196934e72963a334b600c14dfd0e73134f1 |
| SHA256 | 30690035c4c8d43d70a31e5ce2e3e31d51ee2129967bcc8f666405fac2508ca4 |
| SHA512 | 65c0e02c5892e93fbdde4ecb662864c3e7fd6256d982fef63abd117cd1e16be7eeccdf116f320b594a9f2b463df4a34748153cc4b99ad3838e57d2b92e1cb15d |
C:\Users\Admin\AppData\Local\Temp\aIsq.exe
| MD5 | 9ef71a3a693f6d505d245fdcd0a992d1 |
| SHA1 | 0062707e3e2fc546c461d630e525db49feb6ed79 |
| SHA256 | d1c8f3f434c89ce1bba116f93dbb19516d564fc947bec6934aa430868e654c11 |
| SHA512 | 06e6925c9475474812703b1acf4d307bbc4d849f97069588aee6d4196ed562f6a8bf736b797010ee5f50d20da2fd35f0689e9566d7552377626c79481cdd6337 |
C:\Users\Admin\AppData\Local\Temp\RewgQksg.bat
| MD5 | 8a1667c10b8dfd5fcd9da08da91f9779 |
| SHA1 | 8cfba5ec893feac996cd3fd423a7d6c132988435 |
| SHA256 | 5d8fc02283fea6d6f0e16d9401b9a3e25563f7ce6fa7166ebc1b1c40ddb40f3c |
| SHA512 | e11018e5a85c66e0aeb9a5398fc74a74cfafe630834791b8e6ac1f44df81299959a661aea6537d587372bef7abaefd142e7649660064490164bc2c09bc67a6f6 |
C:\Users\Admin\AppData\Local\Temp\aEIa.exe
| MD5 | 05110b6ef433807903141fa4388c61cc |
| SHA1 | 80220b126bd1f747b8921763292bce3c8d02f52e |
| SHA256 | 5e1f94649ac7ad1257f22175fd4cb153c7e343325bedd441723a6ace777878e2 |
| SHA512 | a9254780b76ac5bec099475024d25a9dc66691ca1dd6aeefc245ca83894ca32576ba9b309bb036ba6f3d1158fbd352677b9832e2ea9c3def78cd715a8ca21194 |
C:\Users\Admin\AppData\Local\Temp\JYUUsYMQ.bat
| MD5 | aaed6e6f9c8cd7fa037f440771563d62 |
| SHA1 | f100b94e23912f70aebebbc66bc5ff31023fe397 |
| SHA256 | adc6f2ffe29d06afc380d69cd1e72ad67248dd8225f2ec0da2eb7eaefd096b1b |
| SHA512 | c5eeb84194ba62d5ca51438a1ce5130c7ec40d7fd9a43916a03fd4ebf4bbfb3e54061d3f171585ae8c949766e9bb4c6a75dc8210514bb34b9c141d98e111cb96 |
C:\Users\Admin\AppData\Local\Temp\pYQIgkMc.bat
| MD5 | 124046bac17c47bda9f6fc98aa3e8463 |
| SHA1 | 160c5400c6f9af829c665267980225a81d8f248c |
| SHA256 | ebe8b2900067057ecb14b2c841ea0c2fdc1cb2d195d965029d4d87a6d85c8266 |
| SHA512 | 7296841216546abbfae8301ccddcedb1a847fc4ca7b5ef36ef8287747c734e19fff03ad95777e2c886c75425cbb606b31d3ae6645b01fd98b4a096ef916ce7e0 |
C:\Users\Admin\AppData\Local\Temp\zQMYwsco.bat
| MD5 | 693d794e0dc486163a0413417447ce34 |
| SHA1 | 02e9463501b88397114f0458668795d0c3b117d7 |
| SHA256 | 976ac44eca77b88577c7e6eb3d1b8401b233547b555168dbab1c69b7eca6d4e6 |
| SHA512 | 01d2ca0ee0ad06bc6de6f9b84f4371fdaecb9564042067f5e323b3667f3691e0eeca7ed71a845b5b4fc17c71eb45ee279fb5a2115399ec06e9644efa73cf3b62 |
C:\Users\Admin\AppData\Local\Temp\yUIkYUwo.bat
| MD5 | 9ce2b54de372210dbdf49d9cd6dd9c31 |
| SHA1 | 36537fc724f54747c6b920f52bb48df7e54970c1 |
| SHA256 | 2be388b3946ff19f61c9447aa92f27c9ca1dbe1e7c1e0f6db28ab055d5e7da52 |
| SHA512 | 8c571fc05f4b6c7bce25f9d63a9d1d85ad8cef554c61de7a3043e1fe8629cf4aa9dd2e84bccb5508c638bb1554b1b0dab2fe9b4d73c810a5b683953003ab696c |
C:\Users\Admin\AppData\Local\Temp\GoskwoYM.bat
| MD5 | 8316a429a20743628e15f286d150aa94 |
| SHA1 | d920953f1ddc78405c2fd4db838154a3493738e0 |
| SHA256 | 13f8b42032a69695ac3992b69ec0b95945eed32b8ab607bf5054f0a0ed580abe |
| SHA512 | 565860d4b8471ca9325949160bd8e362daf0398cc9cb89251c4a3f5d516e97cb102cf6f26dce79c25e63f487c8b7ecc04c440772ce7f52a44880f346044e4135 |
C:\Users\Admin\AppData\Local\Temp\oCEwwcco.bat
| MD5 | a51e3df5449f60d26ecaa5ea833f630e |
| SHA1 | e755f6fbf6309072f8bc7aac0b38c693485f9b3c |
| SHA256 | a0a8925e729a7e869c806f3b6d0aa725da2e77ebc9df160848529dfbf440da21 |
| SHA512 | 022ff6b0da65a513ed8286b4c8cd587a87a3d8fb71cf5a268d704d694be79fb89b7574aceaa26760702e9209a6059409638df87615bd3792eb073a92fcf75bf8 |
C:\Users\Admin\AppData\Local\Temp\gQAYsMMk.bat
| MD5 | 1286ebf8d672e17c2da8239fe2f6d8db |
| SHA1 | d292cec80f8ea593e9f33dc3dbd6cd00209cdbac |
| SHA256 | 624752b404ddb3c3203346eccd795b1427141c874008f862a2848c85fb82373c |
| SHA512 | 2d5f610f79a2b9c524bb2651b9e3d7fdd14d42f7ca120f940a864d7651bb53b35f4619930f3ad819b5129ec0091535941609a006d53ebf69af93af7b0d0a1780 |
C:\Users\Admin\AppData\Local\Temp\qgcgAQAk.bat
| MD5 | 3e6fbe0d97c5c35dcc18bdd7a24c3cf8 |
| SHA1 | 58ef9fbe92f16722fcabd7add9ca6fd6a3bd7862 |
| SHA256 | d67add566927bc56cb188b970a1185e1d6d4d78c0c5e5a100ad9edb91f269747 |
| SHA512 | a64bd3e41a5953074cae497ead3bbb7af83d262e23583504fcf9b9b7cb52bfd43fecf24fe948cf34ba6c187b5ea820a59594d754a51b03b06799ae709f023eaa |
C:\Users\Admin\AppData\Local\Temp\xiIIUEAc.bat
| MD5 | 5359315551bb29e004e464ab871098ec |
| SHA1 | 5d9a3af3b5b3b839fba71b54a7cb9b7576d32213 |
| SHA256 | 0b5fcf81da1c8f70c3cbb5a8a88968e22974a361aa83e5581fb4b01bcabe9473 |
| SHA512 | 1fd28f579a3c09d67d9a1e8305b81080cd64e7a47fe0d1b3e9c6525d6ff0f51ea05de17bb398fcfd6a46743d4749fd901388f61d04fac77b2687731ea01059cc |
C:\Users\Admin\AppData\Local\Temp\lyAcQAUI.bat
| MD5 | 22d2f0ba8227d2d7e739aefbe1e5bfd4 |
| SHA1 | 3c2eb960ac77d9561beabbe19668beca04da8893 |
| SHA256 | 88f4bda04cc0f466742850dde1a53cf2a0f92d07c4b76ba73223f247ecf2d818 |
| SHA512 | 1246ff179a38ebea1ddde225c51995cea946503ed9a835cea720d579b84f2d5706590d367666676683559026da6be809382e5e83fefc2012cb241916fa44d334 |
C:\Users\Admin\AppData\Local\Temp\BeQAskIM.bat
| MD5 | 456d08254490f017a855b1d41ac1678a |
| SHA1 | ab0933ce76d0a63ed445ffc1bbacb26e1c405be6 |
| SHA256 | a0663d0bb39413ed413dbc048ced3ad80909342ced08d18d41b1e8145589861d |
| SHA512 | ba1481ad95bebf8f0f0c4fbce472abe38dfd0dd5d692d16192111596ef9f08327acf6aa81397c35fae937838816ff958cc1bc628f1cecccf22e5a41cb05e9f52 |
C:\Users\Admin\AppData\Local\Temp\HiAYgowo.bat
| MD5 | ed4dfb446cc23e32f3248dccc6338ac2 |
| SHA1 | 603973c28ce6f5db91a08a0b23bc4de802dd55a7 |
| SHA256 | f1b016b40a11907a089a0878bd829ca3386d14c47bceef006754868652be4294 |
| SHA512 | 2ee930a03b4fb96540a536d681b78be0e8f35f81683b5bc9cde5796933227f80aa5cfd8143565bdf805f911cbf7eabeecdb84be9c0bbf49827c825913fa1dd22 |
C:\Users\Admin\AppData\Local\Temp\ZSsIcokM.bat
| MD5 | f0261aa98dee8bb27e9f1e57221cd915 |
| SHA1 | c359319db666925d8d8c559012929f7c225fd732 |
| SHA256 | daeb5f8e67421bdd376960adba4dbb71bffddf14816629bb6e4834233040051b |
| SHA512 | 442e71f7287cb2055c0eb7cdc0cd9fc8fcac13921ed9b5ae81b219bd31e345f58f409d2de8d66ac5f12e91ea2f50425ab7d51406f06da24f337aa9df3cbc8ea5 |
C:\Users\Admin\AppData\Local\Temp\UQgIowoo.bat
| MD5 | 4e4a6fdbe0c75f4d3fdd3e1a2b051aa0 |
| SHA1 | 0e6d033cf22eb2b8c03b673e8ba851ae6d71af7f |
| SHA256 | 59467c32a65c1f23e1dd51403b9a0bb4d2cc42df605c4981c1bb0645ead92700 |
| SHA512 | 9a0280adbb5b17e5d66d3e394a6b8fe6cf15cd2d45362b49833382cd82d15a2e9a582d88b75e80099f1a6ced8d97ae62f5fda698115b41031eb51207a87587c8 |
C:\Users\Admin\AppData\Local\Temp\uMYgUMQE.bat
| MD5 | 9755e02ecc9e8c5b86d799387cfe23e0 |
| SHA1 | 441a6032383745967ec295baf89db90dc9cd4e7d |
| SHA256 | 2f8d99c9e86d86fe6a8cc1c3979093a76954d0f8ff74feca3bbbb765a586b2b0 |
| SHA512 | 2bd34440838f88b68b68d2987e3c9b53345ff265a47d9ccc9fd64bd6cd115815eea18d65c28bd196022ba5d8f78c1be67874257f2cf1c25144e8e1589de96192 |
C:\Users\Admin\AppData\Local\Temp\WMEMcoss.bat
| MD5 | 9192a5843185b75fb3b76b55a1d50714 |
| SHA1 | fefb5845f09b4714335d8c84e4be0594a515da00 |
| SHA256 | 4399eddbc6463a9c618104b4fcdd60ad842487d187e0b52acb3e1945d331d875 |
| SHA512 | cc3c52b088357174c01d531b1b4eab291690878a82d234b6040e97e09a8ae625ed90aefdfb9d11a507da0e3952261e6cabcdac834085192d8c6a06343d71e05d |
C:\Users\Admin\AppData\Local\Temp\owkAoUwE.bat
| MD5 | 3987792ac5cdf2fb455121af5f2a5b18 |
| SHA1 | 880b4002fdad91ac258dddb16e19fad74d68e430 |
| SHA256 | 411825fb41ac17465b939cff3416c3480fd3efd86405e87f3b6839993383655f |
| SHA512 | bab8e40bfc57dedfc7309e3d92a53f29395a4178659d8dfe65c641e0cd0611d858b5e01b95e660159a4c6f0518b3ee90454461f427c41bce61504c60ff9bf314 |
C:\Users\Admin\AppData\Local\Temp\zgoEowMU.bat
| MD5 | 9e41915ffb0e3e5c02caa59cc969218c |
| SHA1 | b5881879db487a4aadfdaad3bae854a5095250af |
| SHA256 | 331eaf890dc7e25179560a891024d5df7f6cdeeba953605c05100ae94632794f |
| SHA512 | e2b7ae6cd8a6519c6b31e197df0a56655f6404db2b199b1f2f1fc025e9794f3f4c82cd57d2e9000967897e44d53df1750007abb79cae216126b2ba7350dd8566 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 12:00
Reported
2024-06-12 12:03
Platform
win10v2004-20240508-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (82) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\pUcMAIMs\Icggcsko.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\pUcMAIMs\Icggcsko.exe | N/A |
| N/A | N/A | C:\ProgramData\ckoAAgwU\OSUAAQYk.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Icggcsko.exe = "C:\\Users\\Admin\\pUcMAIMs\\Icggcsko.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\OSUAAQYk.exe = "C:\\ProgramData\\ckoAAgwU\\OSUAAQYk.exe" | C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Icggcsko.exe = "C:\\Users\\Admin\\pUcMAIMs\\Icggcsko.exe" | C:\Users\Admin\pUcMAIMs\Icggcsko.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\OSUAAQYk.exe = "C:\\ProgramData\\ckoAAgwU\\OSUAAQYk.exe" | C:\ProgramData\ckoAAgwU\OSUAAQYk.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\pUcMAIMs\Icggcsko.exe | N/A |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\pUcMAIMs\Icggcsko.exe | N/A |
Enumerates physical storage devices
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\pUcMAIMs\Icggcsko.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe"
C:\Users\Admin\pUcMAIMs\Icggcsko.exe
"C:\Users\Admin\pUcMAIMs\Icggcsko.exe"
C:\ProgramData\ckoAAgwU\OSUAAQYk.exe
"C:\ProgramData\ckoAAgwU\OSUAAQYk.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EOgAoIIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mmgMUkgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\guUEMkUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GIwsYgkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VOAEwQEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vykccoIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DYsUkQIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tGEIswMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GyYgUcMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IucwIYcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\omokUAAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eYAsggEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vCcUgoEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HOkcQMsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PYkwQgYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SCEsIEgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QAcQwEkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\acsUkssE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QmsgEQYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DWgIYMAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FWgsokcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pEUkMwwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lgcEgQwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gmwMMwUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UIccYIws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ISYowoUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VsEMsgoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xcYsoowY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nicoYgMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pqYgssEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uWUUAoYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wikwogoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lsgUUEwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\basQAIYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BIEEAgAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xeUoQwoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ImoQYksY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ooYwoQEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\akwMwkAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JwkMcswc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rmIAIkkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZSgUAgkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YkYUwUMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qYgAsUYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gaEMUEAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\begMoYkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZqcAwYAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HEQQQAUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yYEQIAAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WOkYAAgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cycMQswU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dkAMMEwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fwYkkkUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DmkgMIMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cmQggQkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YuwMUwEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MosQcMQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lUsoEYEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PqMkIEgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bkEgoYYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tWkoIosM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TKcEcEEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oMsQMwAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KcgoIcEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ckokogMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\juMwMcgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zGAUsIAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HqQkkkIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jGgkEQYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\akQQIkYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MsgMMgYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FoUkgQgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bsgcMoQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VyEowoQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uCwEEcIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WSMoAsUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aQkgsIYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QYosAQAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BKwwogYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jIAEAkQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hKMwoIQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SssckIsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uSsAAgoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eoQgUwYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YmYgcsMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pEgQQAwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pqMcokMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmUMYwgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WMcEcMcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qSMUoUko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GAkgQwQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oekUQcYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zMsAYcAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xQwwMggE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JOskUMAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/4880-0-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\pUcMAIMs\Icggcsko.exe
| MD5 | 6587d3f78238b996ddd6a1f4c3c670d8 |
| SHA1 | 9be2f6ba0176b86292af82864fa12bcbe4585309 |
| SHA256 | 86bb707d8d3f88fdd11c7f5851af21152ec23f160d96674f7c55a45f3c6e6826 |
| SHA512 | 9a4fdce8a8bf0d5e447ddbc3c6440e9c9f0687c1c864d330a2a58ef8950ea3cccf5a4a3824f3113e3e3ad6bb8cbea91037c8ff5387685354a6db4237b21054ee |
C:\ProgramData\ckoAAgwU\OSUAAQYk.exe
| MD5 | 00e9cf63d1aefe3ba4920bd50affcd07 |
| SHA1 | 9e336ec79ddfaff8ac1b410bef20b84c658510ef |
| SHA256 | 128d19bf619b7faa9e6ece208bc333756c7aae7101f63574ebc526fe161935b6 |
| SHA512 | 13f487bfb427d9eaaad76c6cbef1feda8581e12a4259b35938761670df8393b0d401d5fd105c2f05f49fba6830e6b45fd8ee8210c5d233015766ef0b58eaab1f |
memory/2844-15-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2372-8-0x0000000000400000-0x000000000041C000-memory.dmp
memory/4880-19-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4260-20-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EOgAoIIA.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\2024-06-12_9c6ec48eb16153706191b02cf4097fb8_virlock
| MD5 | 3ec5c3e607f34cc9d912e6025ef19268 |
| SHA1 | f0311c3dff7cfaebc9ee927477b2c8b97465e6f1 |
| SHA256 | 7e51a0181f0a07085aefb09c3131cb9d98b9cef7b33f471345ba5917c5619f71 |
| SHA512 | 9ad55ea85ca9fe3eebdd14f09147016c58bffb31c99421cfac13e93b6ddf8b28991298ac417fac663075f934884c6fd982ac28c3df85d327c97a11d45a42cffe |
memory/2488-28-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4260-32-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4072-40-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2488-44-0x0000000000400000-0x0000000000420000-memory.dmp
memory/5040-52-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4072-56-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3196-64-0x0000000000400000-0x0000000000420000-memory.dmp
memory/5040-68-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4300-76-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3196-80-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3888-88-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4300-92-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4476-100-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3888-104-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4072-112-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4476-116-0x0000000000400000-0x0000000000420000-memory.dmp
memory/5108-124-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4072-128-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3704-136-0x0000000000400000-0x0000000000420000-memory.dmp
memory/5108-140-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1308-149-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3704-152-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1184-161-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1308-164-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1184-175-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4612-186-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3968-187-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3968-198-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4420-209-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3704-210-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3704-221-0x0000000000400000-0x0000000000420000-memory.dmp
memory/388-232-0x0000000000400000-0x0000000000420000-memory.dmp
memory/5092-233-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4968-242-0x0000000000400000-0x0000000000420000-memory.dmp
memory/5092-245-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1196-256-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4968-257-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1196-265-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1580-273-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2648-274-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3616-280-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2648-283-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3616-291-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3432-292-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3432-300-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3856-302-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3856-309-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2092-317-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4016-319-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4016-326-0x0000000000400000-0x0000000000420000-memory.dmp
memory/5104-327-0x0000000000400000-0x0000000000420000-memory.dmp
memory/5104-335-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4040-336-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4040-344-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3060-346-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3060-353-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1020-354-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1020-362-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1432-370-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3324-376-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1544-379-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3324-388-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1768-387-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1768-396-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2296-397-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2296-405-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4556-413-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2924-414-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2924-422-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4440-430-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1324-431-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1324-439-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4804-441-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4804-448-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3440-456-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2244-458-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2244-465-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1544-466-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1544-474-0x0000000000400000-0x0000000000420000-memory.dmp
memory/864-475-0x0000000000400000-0x0000000000420000-memory.dmp
memory/864-483-0x0000000000400000-0x0000000000420000-memory.dmp
memory/884-484-0x0000000000400000-0x0000000000420000-memory.dmp
memory/884-492-0x0000000000400000-0x0000000000420000-memory.dmp
memory/876-494-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\skoy.exe
| MD5 | c74d82745cde98a0cf065ea4997adf09 |
| SHA1 | cd1a9bee08766907bc10abfb8e4657b45e459911 |
| SHA256 | 65fa8125d719ade19814714a409eefbe47dbb6afbed4b7f12fe52b9304026dbb |
| SHA512 | 64ad064e78f58b0b9219e1220aed0a2831a3553c81f58d8f03a4d7a8255914714923769517bd6ae575d6498a9e2c93d187b60d629005ed5206a0596f0ae8ccfb |
memory/876-516-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gwEq.exe
| MD5 | 6988ea112ad28edce900036cb35b26d0 |
| SHA1 | 11d626ff21792fddda2587cfb7c7bf6cf5c70ab1 |
| SHA256 | 56366f263366318999f45d5414de9b3d95f965398079ce507d704aa7a50b73f4 |
| SHA512 | e8effa9d563edd6df8035520bc768703ce31442f489159394cdb392a9f48898d9e112873025280e6b189fb0e18aed206b04039e2c762c29afb91a92e1a30e4de |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.exe
| MD5 | 7ebded6dee83fc81bfc38b64a5d4e402 |
| SHA1 | 918874d020c2bc6f4783feb5926de736625a3fae |
| SHA256 | f05692d4d3df7f57560d7d8d1d4e182b0b62d578ca23a0d182ddc00096b4148e |
| SHA512 | 3d4bc1167260e1f5eb300ee1ae47915f681218ce803eee4d2ff712c3d8e70cb2087ed76a889797dcf69f50dd2691fbdf1433c7a1e32d1604740fc119ab30bb03 |
C:\Users\Admin\AppData\Local\Temp\CwkK.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\Users\Admin\AppData\Local\Temp\AwAA.exe
| MD5 | 73002e8e68a14de115c409f5798d39fb |
| SHA1 | 4b1f12f6d6f7ac29bc1464705d1f58b9b8900355 |
| SHA256 | 2565d8e652904e0c55c5291d4e1f9ad1a55c58c4d73216668cad6e70ccd60761 |
| SHA512 | fd53e686bbdd6e8b49bec3558c0a8c476e6c95124ff4124ba4f894853ecbb95e0bad23b00191f456f633ece054505c259fb271fb3215b46ab70f07afad9793bc |
C:\Users\Admin\AppData\Local\Temp\YEYG.exe
| MD5 | 6ad7bec21ac35a5711057e98a09eedcb |
| SHA1 | 05f1e5a481076080cd83521cf099114100068b2c |
| SHA256 | 688ce929d983e6681bf2513012226bb1b1bf7de5ba6e5250e3de51425b44807e |
| SHA512 | c4169abf3aec59e022966945ec4ec76e116faf82588f7c7f7f48db3c4adaa8641bb040317ef6bc3c906aa2a621b750df22457ec485080e37a9502fa3e9cf9c42 |
memory/1232-580-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4708-581-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\mUwM.exe
| MD5 | ef5ff0303664051b9672a41198ec2076 |
| SHA1 | ffc7e8cf02985682986febcd6cd45ec1a5c89f8d |
| SHA256 | c0bf52cf062feb9030bb2a4fc2d4bebf672ff3572d53b698b8aad55c5c9b2f77 |
| SHA512 | 2eb90c011974ed44edcbb0d3042936da8db37d3aefcd53c85f6e9a317da12e27cc24c28f45b7d847d1e3952ababfeb1a461651cce39b498fcbd8066c26d66412 |
C:\Users\Admin\AppData\Local\Temp\igog.exe
| MD5 | ad43dfd4346cbaae3678e8448175a558 |
| SHA1 | 9b13da012ab058f0a7ac0523a2781a97dd6ed469 |
| SHA256 | cb69fe634112279db5645146e399130887424379412483c49c4c5afeefc00311 |
| SHA512 | dc1becd7d9087855f6dd1a5b52b57870c5e49da7ca7bfe8ba7f4fb579fb60c0ef064547261d007ffeca6bc4b63b16c014fb7d26fd5354010c3720e9b363c7987 |
C:\Users\Admin\AppData\Local\Temp\kIkk.exe
| MD5 | 4fa30d8bdf882408763c191b8f4e64b3 |
| SHA1 | 4f7d0e15711d7bf6c7267b60ced13313bb99981a |
| SHA256 | cc33106f277baf43e14849ee2fa77d260822dcd068ba59be99d61ecec3f15a95 |
| SHA512 | 144a7ae98a386d0f86acc31597adfea6f38dc9ff2ce3d4864ce830833a1df9e0b3ab21e7ad93791bc672b8adc581a98de2ce50527368f35f74ae7922785f4931 |
C:\Users\Admin\AppData\Local\Temp\WIoU.exe
| MD5 | 0cbb96bc1441cce4edb681d8596a43e5 |
| SHA1 | 2160d67a92c53430fb3fdbc3bdb18ab616dcb3bf |
| SHA256 | 77fb2d4176c9710d70354429d6b64e006597ae48aaee680cee1bb7b0ef27c422 |
| SHA512 | 477e3cd98d10f96d716eab2ac78b80e1b5341234438d214ff5555ac910f7388c778930cd76ec3a55bd3e60844cfeb0d887cac793a354805c83227a3aaaff9429 |
C:\Users\Admin\AppData\Local\Temp\QcoU.exe
| MD5 | 1dd071af533dd57c1fcfce1d7a250245 |
| SHA1 | afebe94dd4c03cc9d5974903b631e461c2a73449 |
| SHA256 | 11f6b056f9c3698d090e282e2cb4b487570763244d8d8c8a5b6171ba00dd1225 |
| SHA512 | c31e8c8477fa53d9a37a45c53826a30cf667b35291555d2ffd4c78ea585ee6b94ac86cd0b864139da42ca0467d6688791501cc326b50154e1a84ff3d3c8a94ac |
C:\Users\Admin\AppData\Local\Temp\cUwa.exe
| MD5 | 52c51a27ad417f426bb1fd3b698e1f4b |
| SHA1 | cc38331f74d6e57ae485bffd9a4189d98b7c6432 |
| SHA256 | aa4b23f08f5d7205d83e6d66cfe613330ff41587a5fc8e6d6d7001314394c268 |
| SHA512 | fe64185711af8e5bd6754672c97ea319f7e3cd703e50a598b40836c1b9581dc8cc6b63cee3962b9c72f0a952d901a9a9be97c96a67cf153fbfee90af7ec1e536 |
memory/4708-673-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qAIw.exe
| MD5 | 2a7acb7694df9af824076dce89012a79 |
| SHA1 | f4c517d27235446db5f3af5631914c534f16988c |
| SHA256 | bc0835334911eeda092bf934e315a3c0398c0071485c2ec130fea73241ee5f8c |
| SHA512 | f9fc539c1d33c7e915b6c09f3c5be34ed8369c7007a7ab8c440de0eeccb0ea1a91060978961867f99ebcfab2c0e33b49d23837c0b5c26334fcf60569826c9621 |
C:\Users\Admin\AppData\Local\Temp\UIgs.exe
| MD5 | 0be896feffc2a80ffb50bb0b3ef8400e |
| SHA1 | a39b91adbcec9b90c1c28859d3058927646deade |
| SHA256 | 4dd6bcf859fa21d94cd4f570a2c8dfc3d9c9beb4747596763e72e630482ac305 |
| SHA512 | 7b51e25f1d17f7164bec66bceedd1f8940aef18f2b59800b42ba1913353ad3b55907b2ba876a3cb6db7cff5191026f6c27b2d085be356cf70085c3b87249a5c7 |
C:\Users\Admin\AppData\Local\Temp\uUEi.exe
| MD5 | 4f37ce928005d1dcea3aa0f70a3454de |
| SHA1 | 25e3afaf519f6498526a148bef344f435bbf6798 |
| SHA256 | b4547c9fe8062c51a26aaefd90a7623f589d5f4d9a90f6bc83b3b97cf032e20f |
| SHA512 | e86e68b2eb68c68ae6e98cbfa594606765880afedc836d0b9a93ddd536ed1a358611f2921d59c2266f56d28579261ffdc690362a9d89ef1a65051b23726fc743 |
memory/3508-723-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4376-725-0x0000000000400000-0x0000000000420000-memory.dmp
C:\ProgramData\Microsoft\User Account Pictures\user.png.exe
| MD5 | db2cc9c009f88631c9dffbb7a4db8489 |
| SHA1 | ad8807e87017d3de1ce94749cbd8e1b239c15750 |
| SHA256 | 4ba20d4f1256501ed3f2e61484157e68c5569f5cc0b4ff5e47f3fdbb0323199b |
| SHA512 | 9873cf39b3d161c19ca71bb8b6e5b6891e58b5ad937bd1c4b96bd597b647ce559abbeddc59e958f248c8dffeef41c65dc0242bb0753f888b7637bc0cbce0a7dc |
C:\Users\Admin\AppData\Local\Temp\esgC.exe
| MD5 | 913544c1af4f67447f2e74d3a1730ea1 |
| SHA1 | 228cdb2e6a08a31434033564cbcab05afb6e8d11 |
| SHA256 | cd97d9aed6907cdd33546ce70bf791a617a1fd7c80344ff134120376dc7cde68 |
| SHA512 | 8cf1fc9f5de3891e26670958f00d3572a25ef82419dec3505d12e57ca0308984a2d93385c4f6aa63457e22c5d89ac3b30880abac7b8f22b56a98964847499c20 |
C:\Users\Admin\AppData\Local\Temp\aoQw.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\oAIm.exe
| MD5 | 692605baba3b6b02daa15671f30c6596 |
| SHA1 | 326dbea5025f4675cbb55f2a24d216d9f99b2870 |
| SHA256 | 9958e066dcf1609697eaf0f7465db49ca5c7df39a3dd08ae6fe646063451c237 |
| SHA512 | a9b5ef2a30b8b7edee4ff4fdd5d815b59b93d8342f12292dc81f44b9fe34d2f0eb3657020540092fb804dda86d9b548a89e1d0e16959c256f891450ebd8051b4 |
memory/3508-788-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\woMa.exe
| MD5 | 4d968872419df173460d50555de8c3b4 |
| SHA1 | e5976b32deeb1ae93187a2e06aa2d26902ebe156 |
| SHA256 | 2a0dd08149b0f93335941b5814843397cde4824600885a80af6d90c1508b11d5 |
| SHA512 | a4e31589356c5632a4396827436faaafd6237a398997ad3e7af2ddfdd7e70e3ebd162ce29d4c0e3c40d4d48525e6bd9aa3f3fcb3cea4cdc5d7db51a1a5a5fdb3 |
C:\Users\Admin\AppData\Local\Temp\ywYI.exe
| MD5 | f9f4e00ef661d4f6bab0459b522d3716 |
| SHA1 | 9320c95a2674783dd1fcc4ad72f3324b26892a4a |
| SHA256 | cc393206828fb113a6bfcf5f8ba8f95f6f0720440d54db2360eb53995133433c |
| SHA512 | a007a1dd83c542b2b5e2d819e4a0af61a774e7b871dea61b741d0a9297d6b508ae66f40484a881f57ebd046fc6d43eb3fb13211bb4a42df0f3b0fcccf64b523b |
C:\Users\Admin\AppData\Local\Temp\IYoi.exe
| MD5 | ea8957c51da130d2785f40dce228141d |
| SHA1 | cefbb7eca7b9bfa2bf22ee73dcc58fc197f7a7db |
| SHA256 | 9b2154dc0ea318d8b35172eb6204db857bf0da266d4efd4a5b19003cd6867468 |
| SHA512 | e8e28dc19ccd5f36c2e0964a2c36623e83244e51b571ec5ec8d691aba34cdf0bebde35f67681fbcbbff992844a0dd7b858dcb7218470db6f30d8a98080439719 |
C:\Users\Admin\AppData\Local\Temp\IQkI.exe
| MD5 | 203d03edad236c3c8180ebc74bf9e12c |
| SHA1 | f9406d7c51f789b323bfb4ab43ab2b3589dfa12e |
| SHA256 | ae68638e838a46e421e6814190fdd9e5fa80f5d52d4cda4c3ddfed081ff7942a |
| SHA512 | 4c5d3b0dad6aa4334c9d58ed6316f3af552b6b2a45477f13aa018870c46fa5875c0775311d19f6f59934132d5ffaf125a59e6e93486f9a2d9c151e38457b6099 |
C:\Users\Admin\AppData\Local\Temp\YUEY.exe
| MD5 | 3a02c8670771fd3ba586c377d79dbfff |
| SHA1 | 92dc980bc7e2d43e7ada89db5915d851b98e41e3 |
| SHA256 | 335b6f7c267d50734b06ee2890eb3640ad93d0e756c87abb2941b112e6bbe07b |
| SHA512 | 79fd398fbd9fbf5d44c2d2b23b7342620166e8d88fb4f72cea90127480c66ae331731daba358aa3d5292582920f122b32c3c8da850a67d361f8bdfbfdd2823b7 |
C:\Users\Admin\AppData\Local\Temp\wUoO.exe
| MD5 | 0deaf7d8bbac83cb37bce03293efbd9c |
| SHA1 | 68cde6980b44c6346e60367e2d0d26b37ccb1b05 |
| SHA256 | 10e1f0b9f659c452e4456592de2c11555abf3f7c7476a78d98fa4950128dd15d |
| SHA512 | f3287b1806b950cc022b9299042cc839283cdcda65f2d49da0ddce7c2df8fc89222f963475f7159ec503c097902bd6ac0e46a190f7541e26ffb141ca09e5bb0b |
C:\Users\Admin\AppData\Local\Temp\YYck.exe
| MD5 | 34a55ced10fc294d7d2b9a92be71363c |
| SHA1 | e4a62257ee06d9fc3a787fb1085d362cc436442e |
| SHA256 | af89c17d6089331f2603b838bbd458b0a02a6bee4f2bb005a197e87868df201f |
| SHA512 | 9c968694833f74608e74c467b8fc018d0ff06c1b0b44ff3eb36de86a2963bfeb85ef2c087a6f5cb2881b57a3d106511e99329a42e19a7ab65f14c876c6114a75 |
C:\Users\Admin\AppData\Local\Temp\gQYy.exe
| MD5 | ee7fd2992248aa52d5422eec021f0af9 |
| SHA1 | 1bd7a4b4c8f87de33e79ef65191b6bf0bef64cd1 |
| SHA256 | c3f35fa764fdf3547d4f61b0b57442b7e6739e1eb5c5dad8264e6f451797b016 |
| SHA512 | 3f0ef136b22b4bf6b7c11041ccfab9b1492f79f7a612471cccf61185c470f6d9d6db26d2428e3341b321123f82c4cd31eab1c197fa27365f3374b8ab2d3dca87 |
C:\Users\Admin\AppData\Local\Temp\wYsU.exe
| MD5 | 69ea555ec610f3d895c5bf216b3a3a24 |
| SHA1 | 009b811e154d2f52e87af3172cfbf22e8d49bffc |
| SHA256 | 6a5c3d3fce83d0069b99c636c1c2c3b2ae6c82de2456ee662e839cf2aed38d69 |
| SHA512 | 6425f270acd5ea91cc80562689c2ce6f7baa85835c806833cc10b6c49a32a31f62aee11799a995a9de3df09a38af5cc8184d9653ef8cc0a12fbfd3701873a9af |
C:\Users\Admin\AppData\Local\Temp\CMwc.exe
| MD5 | 482c9e06eb689e3a3844bdf1b2b18f78 |
| SHA1 | a64bf76efd92b0523995995ba514228e8bab0490 |
| SHA256 | f3d426e532206ae48bb72de8ed3417543875b6d20ded1becdf83f9a26a80ef24 |
| SHA512 | dbffe04fcf7357e472ca13e002263ca644d8e9bb61aecf102d52a0ae22cd220acb8c718d90da68413534da2f9eded91ea1f49c0ac51fd79ab29b483b90d4a539 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AppErrorBlue.png.exe
| MD5 | a300b6862768e163c15c08936fb3bb4f |
| SHA1 | 76bedeed54ed6f88ccd2bc5b32dac5e12355c43b |
| SHA256 | 21944492385160e4603fc2f73e022ccf9a66ca861dfccfb81ffe61e419b920c3 |
| SHA512 | 97935836f07245e657b86f710338e24cd8d5b6965b395771543d383889cbf72697e0638f8a42d7e73903c3809786d57c7578195a0752f4d1bd209e70490f5fd3 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AppErrorWhite.png.exe
| MD5 | e8bbeb8b16d18f4653fe09083e9bd85f |
| SHA1 | e5979cce13a52d7588a121b97b88fd7179d22a10 |
| SHA256 | 05674a1231b34e0a1fce7bbd1b1b5491d2a2702075d4ea0cb027e0c477d6340e |
| SHA512 | 6853ad2583d34ed5b472615266acacb65af9182a7fcd3aca521152d12c7e75d1c64ad0fe237fb9125a07892a1efc45049668664d40b7b9ae874b5effb717ed86 |
C:\Users\Admin\AppData\Local\Temp\sEUO.exe
| MD5 | 8d52e6f97fe31cfc3dc0bb1b235c793f |
| SHA1 | 3ec3947f69e01c1ad2a8fce8020b8b1fc3424bc0 |
| SHA256 | f1f889d3e86a9c9d7bc54863993adde2129f29a243f770ac841cf26b600226f7 |
| SHA512 | 3652f64ee6ad3aedbfc083db02241be726f8e8002db0460317c8a98f216cd6ccf946d33c9369cbe9f2c3988976a2629ae233d677fc04c6c9643c21d589e76317 |
C:\Users\Admin\AppData\Local\Temp\GkcO.exe
| MD5 | 0cabb83e56aa2477f27481bedb70bf55 |
| SHA1 | 6da56d661a31e98d3e837dd8986d81f1aba33ebd |
| SHA256 | 7fa15e9df766c57fd28dee1a6cdf0f16d324a58325cde1b45cbc38d8948e742f |
| SHA512 | 5ae0295c8752a777e7c9e2fb1f1c933a05eaa86bd0e600a737ead776f55281854184b098be41d27df6729f4f408f39c803edc4b0fb7e159b58d592ba0b8e107c |
C:\Users\Admin\AppData\Local\Temp\UIIu.exe
| MD5 | f0ab270f5ac6f1c854e7a9cd24702cb5 |
| SHA1 | 99ba6fa17afd58ce6df1646f517331de7672c6b7 |
| SHA256 | 15184de23802a9f8bfddbebbd13b6fe158e66f8c99fdf02e56a1033e1aa8b2f4 |
| SHA512 | c6c797729da732291141df04a75dfdd48339ca265417b9a6fe9ae4470516a58807d8354d4c0e1b3d2aa2972eb802cfcd2cfaf61797b9c132b2de082a8c857671 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ElevatedAppBlue.png.exe
| MD5 | 1fbe1c6e81f84a1e7bb27f9e7c45c36f |
| SHA1 | e9e0c71602bee1b2a9be478f137af9143657876d |
| SHA256 | d7c78b8b5600ebe0365f2702a8d0013388f2490e0406342548d398a091278bd2 |
| SHA512 | f6171096c3d269beb7a7f7d7c87bbcc124082f3136b6ce4d38e2281604496d2c7df421bf611c4729cde2ff3909634d92ddbc8176a2b57fa184a0edb4b832bb0c |
C:\Users\Admin\AppData\Local\Temp\qQsG.exe
| MD5 | 5909f9550e51d4dcdb5b2666b29783a5 |
| SHA1 | 1b7bd5a65c3cedb13a68cf700de999d3310208f6 |
| SHA256 | 03671375d546171d60aac0742b2e6790ad480301b34a0bb7a2586e7d6aa91ff5 |
| SHA512 | 6d50efdabac9ef747841d8af0f0c56687a7877b9705e3720bf4c728903b18d2ed4f5bb2036ddf97f935eeb4513109d69fbfdd3b9e41f12a6ebaed29d977349cd |
C:\Users\Admin\AppData\Local\Temp\SIAI.exe
| MD5 | 405d9a395e074cabebeeb01e66a05007 |
| SHA1 | 3a64297d13d8ea05c37a3e4a46b8d4c80c817a05 |
| SHA256 | 089cde2361a6c6e78104ed10f1701fafbf2d0265257270960b4f963ea9a30610 |
| SHA512 | 1511b5d17f2defd99a81ec822576aecf90d081d008e6dfe9d433f9cbb7014eacc310ba57f8cb5978af104b4981b3f6760c2a4d131474537ec12f2b959f50d59d |
C:\Users\Admin\AppData\Local\Temp\asYY.exe
| MD5 | ad3d91d95ff5430a04486043d6aa4789 |
| SHA1 | 1758cf69a8a8b73f748764440f452780d5d2486e |
| SHA256 | 8811afef30d167cd85a29f30ffd0ba15c23f19973126923a9a1f028eed9fe3f1 |
| SHA512 | 6d1f414da47c231c68c08d2f6c6d11ad517310bfebf5c42bcdc8892218b841651a4d4731ff35b054cdf894e6793cd7ccb6072391d93a63ff103cb0f764765556 |
C:\Users\Admin\AppData\Local\Temp\yckc.exe
| MD5 | 6c186362bd4908339253d4cfeb6cd23f |
| SHA1 | c124dbfe1aa4e6958de5a220918bb4db5034af94 |
| SHA256 | 894ad84236897c356786aab28a2f91516db67fb444432ef556e9a7bb108ed9a9 |
| SHA512 | 6f719503ec5f8bccbd74b65fdeb80bcffea1f58a41e115523c4482e022acbe55dbe833fe1b82bd227e1110a7cc5a5868fb9d19b01299746eaa2f0ddf69a6e785 |
C:\Users\Admin\AppData\Local\Temp\yYMs.exe
| MD5 | 8694cf4deefcbe2f66ecc596d337c849 |
| SHA1 | 6a7d4ba77f3afe2e69c2ea61b031f2281a736676 |
| SHA256 | 410f80426f7e24e4b40f25e42df145faa77e22979b0f16a4bd539a3964335a50 |
| SHA512 | 0356c439fce9906f9b45fa91b99c82f68c02289a4bd8da9b3955b56316ca07f1bd04f3c7ad6f94a70436cba08428ee3cbdc5a24bd6c92f5bb1296abe2625ee8d |
C:\Users\Admin\AppData\Local\Temp\McoY.exe
| MD5 | 877b51ebaf00cd22e804d7669ef66894 |
| SHA1 | f2627490401a9a4780e61b03b630343136d4a3b8 |
| SHA256 | be4556da6b0c343f4696b77cf1b81be2c4825b9baaca15856bd16d757b9243ba |
| SHA512 | 698c8f455ed99c4b7f66a3c9bd08874282ce5240e23b32a0ff511b9bfc9cd5c6ee142ee152116cdaad6b3edcef87cf7f3366b123840abe6a59855b44ba52417e |
C:\Users\Admin\AppData\Local\Temp\qAIW.exe
| MD5 | c1b738f0124c0bcc1892b2b05b3e2570 |
| SHA1 | 10bd94856ad052d791f93a054bbd4c433a4dc12b |
| SHA256 | 6becf877527c251746e3ffe2a2441d978f6e30e5d0b4fec79c2d7178332bcf33 |
| SHA512 | b9dc255d8818b79fd87c1f3021c64aa6a3caa2850cc1fe2d5fa40f016b26e60d9e6d4028bc2fee1acea1122ba50388ff92f96a570e2d1a996117db407b078481 |
C:\Users\Admin\AppData\Local\Temp\kIMO.exe
| MD5 | ae036cae2307e7c3b815dba8735996b2 |
| SHA1 | a21e116fc3f6878d7fef91fa3564cfe40813da7d |
| SHA256 | 92455d6b39651da3153c70dcbdd8233e64ac95f91708ab622f09dc68789ecb57 |
| SHA512 | 545f5b2eea6814ad4f5ec0454eca1df0f27bcafdf75fc7d789fef224896f415a7a64f3277a6ca409336a715c3fab2f6b3b130301cfcbe07b1d7e03952f99ff63 |
C:\Users\Admin\AppData\Local\Temp\Mkgw.exe
| MD5 | ca1638116877c12bd4d8e5811a9e027b |
| SHA1 | 9d893134c9f6f38e7278e3db496a4f7a88a9bfc6 |
| SHA256 | 7718af1761344b65ce6914ad28bc99a9fcd390b67accdb0a19e6a9e6123f8f53 |
| SHA512 | 5899b032d7550b28a0dfc21231af93236b43a3a421f0ebccba5020ad60f8c34aa80e03464ebf0bd9913040550b4e14602a77a86e941f6a76ccd4930464c480f1 |
C:\Users\Admin\AppData\Local\Temp\SYoA.exe
| MD5 | 93849ccd65e84d619b8b2f710fc3fd8d |
| SHA1 | b48e570fb6aad4c902e0b8f0beab85ebeedcd7a5 |
| SHA256 | 178435fbff1dccec4158e9039a793221344cb8bba9bfbe0428de87a68adb6b07 |
| SHA512 | 097d92d917a8e6bf61c70a58e93aa2dd714e465742656a4e79d10ae7db52e9947be2e6b0704d52aac8ce5e11a1f31659f5c16bf8e4b9f0f4165a503d193f5289 |
C:\Users\Admin\AppData\Local\Temp\gQQy.exe
| MD5 | 8d0db356bc338bca13705012a4917b41 |
| SHA1 | 763442ccb4651999af447084f383d2967fbbab21 |
| SHA256 | 696211246f460c2458bce97c3896218b5bfb1f2ad241059a6e5f5972b98a00a5 |
| SHA512 | fc98ba6794d2394dcfbb44b5ae6a189a134d77c42e001c8944332e5d8fb106ef9521fe9ba9a51c8dde215d3a69622ac62a45dc6286d20e0c2dd054f96de6a0c1 |
C:\Users\Admin\AppData\Local\Temp\mYAE.exe
| MD5 | 866495ce5461ecff855ad917c34bb666 |
| SHA1 | 18bc4eb6fe3fbb4ec5fb91cae1660e89ee374ea2 |
| SHA256 | dfd2e33c8838e5b7d8f4cc38d04b4f62c26d0a09069c6eeb2595d7bd6a10ea2a |
| SHA512 | 3a4104cea735ac10eacdcf77479caab818402ef224ac92acf36819e12da4cda0507ade9ba7a354da8a2d07175153c96859cb92c74868e3dd5b420f7de91ef424 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-100.png.exe
| MD5 | cb63170ec0bbb01287b274c8e6a887d7 |
| SHA1 | 84b4929636badaedc1251637d1f4e83f6276f1f4 |
| SHA256 | c33d1195055664734f7204c9739417bb0102c6edb327eef4ca0a57ea811ead3b |
| SHA512 | 8b0c53daf524ad80a0b3740b470794822fb4b91b902710f2f23a4bc80674ee9ab991fc34d1e039d76e21e9444bb61791c08a6973d1f556e93b20fd4dbd14cb92 |
C:\Users\Admin\AppData\Local\Temp\kQAK.exe
| MD5 | 654c59dd3f7f45f8e7563e750582ff91 |
| SHA1 | 90596cf877bfedb609fa513bc6f5ca47321bd229 |
| SHA256 | 359947cd43d611011f6e999e13184203ca18ced78b94fa0373bf70aa0646b619 |
| SHA512 | 0ee237625adf165220caef48d2edfa150e2661b6aba7887eaddfd8733edeb6c1fd92021c068e637716b5844c150cd74fcb600929a0f7800df2272501c895997f |
C:\Users\Admin\AppData\Local\Temp\GQws.exe
| MD5 | 9df68a6a44bfd2393b6c789572023263 |
| SHA1 | 7ba06e98886b6f5a749ff03816e8e93c36e214a0 |
| SHA256 | e22a66c3723e5e9e13dd1bdc3441bdf476340b778c9e3391680893816d24b5a8 |
| SHA512 | 0aec27a38316307315f0f48e07aa0388e446b2de28abce414a90145a7410eb3aaff51ee9ba5ed415fa1888bbb65abbed26a546a5baf7bca12beb5252b1619f72 |
C:\Users\Admin\AppData\Local\Temp\qIEw.exe
| MD5 | 953c978beee935c30ba67317ea95068e |
| SHA1 | ebaed1c6ef62b0d9651548ea10b00950ce500683 |
| SHA256 | 03c1e0c24d05bd50d08f9b7ee6705f0e287673d66d2ee3c60e881abfea414fdc |
| SHA512 | c21c4c15dfdaf80a33a92f97c120af6fb4360d0690ada30ebe90b99c828eb7e021cdeb660fd48b0543fba4c8dd7c679a936a70ae52990c7c947d3fd39dd5ede6 |
C:\Users\Admin\AppData\Local\Temp\KogE.exe
| MD5 | dfdeeea9a479df0cdd34183bf49c5400 |
| SHA1 | 6e833f7638960f86e24333c0a45ee50b569840c0 |
| SHA256 | 1439d66a664ee90743064702c2b1043901c3e9be81442c951f374a58eecb3091 |
| SHA512 | 1e5ebf8e2a2d9dc507ad47ff1ce429dd2d5bf19b574d062e39cec945804cc84a8cc48a4b25f9baf01617c504326ca1a0fb6dd8260bd06d2480809bb8043dfbd0 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-100.png.exe
| MD5 | 0a5fec02f8c5c67d9fa0b02ebe19d285 |
| SHA1 | e94dd1562ffd122a4189d3436a185498d4573212 |
| SHA256 | aafa1935a65f47a34f7307209796cb661bd8b9f50569dd5934b20dd2ef74b570 |
| SHA512 | 119166bae7d196d901571bcae70c1dd317a60fa6d7397182a26232c26ea67e5a59d83a39345aafeb02d3aa073922acd228284998732cf6d20219848c4ec32d0e |
C:\Users\Admin\AppData\Local\Temp\kYEI.exe
| MD5 | 1beb0d7445ab5b20d93e5c09192252e4 |
| SHA1 | af3f9941003964d0906d3fa561b03cbcc6a6320e |
| SHA256 | 82c86c2d2739a77ec5087df05c65b834e0bb2d505e700ce4fffd9624238d974c |
| SHA512 | 5dec2fac56c3135e06b595ed333c1f8a242570c5b95515023bd9df566ba9ba53d5a1b9b3310af4a5a27fee9c5d4bdd012ab022aab2c6557320eb0ff5d66f5fd7 |
C:\Users\Admin\AppData\Local\Temp\EUsk.exe
| MD5 | 223d5f31f460e470954d2b84b96bf391 |
| SHA1 | e1e59502c88b6d2359754bc6bbdbb286464b9e20 |
| SHA256 | 453e9e0b0ef05517d4484bfec90873b9c4f8e19899628be975627494b4d7e515 |
| SHA512 | a8e77d12e5d63142738070f7ba6cd5c1e6845467a96d0afbcd9a2f984fc05f058e3c32a9c65ceacd27b7b645ef456fcdb973fdf913e2471ecaac46c28a94657f |
C:\Users\Admin\AppData\Local\Temp\iwoq.exe
| MD5 | 84311f2f8a634cff02f6bd966b510882 |
| SHA1 | b2979d224eda9808713b5ad7e9fcff953e4e6cb0 |
| SHA256 | d9460401dce887288d6bd02f7ba8822edf57e018fc50e54a61f9ea3dc197a313 |
| SHA512 | 0aed8626747660a3f3cc667768e2d4a2844441ec820a7e0d36f0f6e9f7c03806cf0d60522e5bbae8b74962f04e91473a779a4d36b7c33f3980ad707abc78b523 |
C:\Users\Admin\AppData\Local\Temp\yEcK.exe
| MD5 | 5be03cd9e5ad4d16c00da3753c263237 |
| SHA1 | 6f785b93c24d2d2890cba63341e706e8c9b44543 |
| SHA256 | bba46851c6d72928531296727357ce035b1c2ab7bef8c0b3fd803591be43b636 |
| SHA512 | 4204876f2ee301c18de38aece12b6a87ec7d0df86eb589c51818d7147d86a8794058808994d39670a93c20fb5c165fa5c3df1f29746ea0bf64d8152f6fc53b71 |
C:\Users\Admin\AppData\Local\Temp\yQwU.exe
| MD5 | cdf839b633ac6ff7dfe8916fbe0cd730 |
| SHA1 | d6843e6034f8e0cef797229373978995cf17d64e |
| SHA256 | 9be131be26cfdbc585f136e0a6ea10f07acfe4d96abe1d899b04c199213f33ec |
| SHA512 | 08243b5ef9312b5a45ebf62489e8117473b9706bbf5d33abafd5c13f28a714c8bcc761096ec4469d986be616af6f61fb06ee7de3db3791506b637c01bc9f7f6a |
C:\Users\Admin\AppData\Local\Temp\gIoM.exe
| MD5 | a53589d85bcc4830752187fe77255897 |
| SHA1 | fe9c24eb71a6a60377da147233ed21ad72ee2b4f |
| SHA256 | 4f24ef484b6c6339d38dcf6b802c4aa95e1db045a0a8ce6713eb3fae16bf191e |
| SHA512 | 743b6cd7e3b2ff99eddb12862721357b6d968652f8ce68fe0777a430b869027582296642836eeea79f254f7189aea5761aa5699b2455a2db2fb2c064e9b7cec9 |
C:\Users\Admin\AppData\Local\Temp\mocE.exe
| MD5 | 801763a700f992298d5d08c20f1618ca |
| SHA1 | 2ea5ca7a38db4267baae77676fd8fe96303858ad |
| SHA256 | 576ae07ffdc85ddeddd6ef17e8c1496e43d99807bc3ec64d9b0844437949b875 |
| SHA512 | 67d6916702507682d3d052dd9109fd76c6807b220596d8f8bf065cad903c38d160951411423c62fc1d7dbd8172170e7f2a0931ce54ed28c32ca2f8e22af602bb |
C:\Users\Admin\AppData\Local\Temp\KIcs.exe
| MD5 | dd4e3d18f6f84db51142d8cc1e1a83ca |
| SHA1 | 469f02ca27222344ef0105318ad501412a8e8d27 |
| SHA256 | 49e81127da7b18c77e71903c6e2e7b567f182989199980886f6eeb67bd96678c |
| SHA512 | 18bbdd31bc6a410a9ebc628fe34cc9cff8503b4bc3a9a9259acd03b9558f9afaca77201e184dcfca428cc369e7651548be257ffa680b379faa7c0912c13147f2 |
C:\Users\Admin\AppData\Local\Temp\csQw.exe
| MD5 | aead16176fa311a7049df26445791b39 |
| SHA1 | 20b2cf168ab3c2acf60e0a4ee860137746c18264 |
| SHA256 | fb5e8ef8f6c6f39444b276d0750d876b94eaa7ac186b0e99ed886b671019891e |
| SHA512 | 737749edc83d052deb8000942ba49c2acc37544ef118632c59b7fadb6e2cf0c2bdcc4517e342b18e204f69fb67493039bc49e209fb6c53f8ba594e5afd9825bf |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-100.png.exe
| MD5 | f457d30f63cb03e0941120bb1d09674f |
| SHA1 | 0b641d202f69a805baa5d749d0b98abb183f72e5 |
| SHA256 | cc3da10cca3fe5d7d336be11844dce93ac5305bb6d622c864e13150c31eb2baf |
| SHA512 | eb0527d88888645880291f34c0011c1af9e8e832daf5d78148e75aa774c553880195d544ae59ab865a9af8cf73a949e2f49f9ad905cc7c87d897b54bc3aebd79 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-125.png.exe
| MD5 | 1e5c68331625baaf183b7b4bc1922eb3 |
| SHA1 | e4cfe5c34c93a135c9472bd6bcdd4bd63cea8aa1 |
| SHA256 | b9562c107e17f8cef50a1906b0bbcc7f71693136a9e0a9867fd0cd120c67e8f4 |
| SHA512 | 1e14bb7573eea27b5d7c9164faf26479f6f6b09ec0724d78678e2e73a92b8374a9d78103dbd2804eaa900557df465722d185d4bb8d618d2dd247af0a149e22bd |
C:\Users\Admin\AppData\Local\Temp\eokC.exe
| MD5 | b363270cf669f6b41ff237b3614752ec |
| SHA1 | 8c26b460085f2a7be403920f187752c6be2f50a2 |
| SHA256 | 8331fff756acf483e368c04b6dabdfee6d8ccbd4cc31d943c19a60c09acd30b0 |
| SHA512 | 7239ccb355ad1fcb7e8d6357a5068fc1190415b73667099171d769a6469028d775c8ab17c5b9c28aebc6f74facf0860e5b8c20cd48537859e66588ac63d2bc25 |
C:\Users\Admin\AppData\Local\Temp\CIwC.exe
| MD5 | dee70c34a1de30f7cd36678bb0ffce08 |
| SHA1 | 4d4a860646230182363b7a5102d620b70f70b334 |
| SHA256 | c0d7d94c6ad014abfaea797da2d45f4007a228c01525984c3b7df06c27f3f9cc |
| SHA512 | 017c46c523165894cb44c00b0a92efaf83d2eb02d55d82c2e4e541361244a8be5aede03e4565fff2d0b4750f7c40253b43b6a5d2aa3c62bc0fec67ddea7e8394 |
C:\Users\Admin\AppData\Local\Temp\yAAK.exe
| MD5 | 4aca465bfe9f521ba40e373969a0fd15 |
| SHA1 | 1589344420e1d3b7b1c624eceb9ae156d4b53461 |
| SHA256 | 9c749d0ba8bcb23ba640585b23cc0396921488c9cc0470a75589999d5d978e47 |
| SHA512 | e07dab6e61eb1245dcc96ccd11dad30daa9ad00333300e15a4450452aab507d4ba0840d4158c1816fdb54ee164af2b12e98c4af94f2f0a915e2ee7d8e147b839 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-100.png.exe
| MD5 | 8975ccef480f3579eec4a05125587285 |
| SHA1 | a6a3f4c6b3ef90553dbc1cf55e0f309310b5dd1b |
| SHA256 | 51c072e234a0d0700b13869d66ac82d7e4d4da6055c6477bfe6c473817438d21 |
| SHA512 | 34032d4ca287de076217783e9d6220d3ae6f78f3ef7a20574f101a8f91b879cd6950bf05c7820e138411205bc33cddb0ac5cd41c6fad36d4010edd55fe048be0 |
C:\Users\Admin\AppData\Local\Temp\OwYQ.exe
| MD5 | 1d360b896f1c399c7a1f58318b23cde6 |
| SHA1 | a255fc20c8534668076e49bdb0c6e8f9b5af1694 |
| SHA256 | d4a7a52063c0fbaaeb4a8af3dc2988213e3cef6f3b900693aa67a9c3e4780fd0 |
| SHA512 | 462abade23cffde16a4e3b6b9bf8c92b5abf3c917b1947b44af70a8e68c0986441773e35a3e1d55df614942dd7151fb935ace5a1aad3591a08457b90113b91b1 |
C:\Users\Admin\AppData\Local\Temp\aowk.exe
| MD5 | 85c73f58f173d8dfa2004d2d4427f4eb |
| SHA1 | e78ade482e94558b175eb99b900f45f9f8472c7e |
| SHA256 | ee146849cb93db2ebac9048b631f6473750c7c5ea808fcdc7b442a90fe3fec7a |
| SHA512 | 285e8d84dafa078f4a350675ad3110cda73db313a2f5c5317b6222688e4e1f8333b52d4bae8ee86c50ca923304acf88efb1ed9d762147e115f3925e4be49388a |
C:\Users\Admin\AppData\Local\Temp\cEYq.exe
| MD5 | fc3c039cd4dc2b0f3730246a88d144d5 |
| SHA1 | 3bd13fdec4b6c50d7d69b3bec8e48ee81d60c290 |
| SHA256 | 2b56e2512f8d2659f09a46da4cab1a13205926fb930272ff075f138804e04038 |
| SHA512 | 0f82c2d3a21837787c2cdf0cfeb6944e30098bd302fd688e725772e9f4233f9b3401b2da581d0e8acb0c1eb0c49891c2c000f76e7ac174ce61798f62f048e5c9 |
C:\Users\Admin\AppData\Local\Temp\EcIo.exe
| MD5 | ce49999b6d87b8210da0d35349fa3be5 |
| SHA1 | 47acb495cc8e7c95679437099116ff31ca519634 |
| SHA256 | a8e1a4478d4d391e55f83ca02e2cfae838f57cf4d34e1c0714435bda73461efc |
| SHA512 | a767144ff8c1994d82d146653bffb8944ba4abf3532af598a9e60979b6483b5c0148df089c9cd3f75009a4db2d7396b0aa03370299a164149cc1381492e49113 |
C:\Users\Admin\AppData\Local\Temp\GUcW.exe
| MD5 | a9c7cfb784668b328c0f881f10690dde |
| SHA1 | b089eb1100a09862fbe4a69bd68dc2b01216c5c0 |
| SHA256 | 7bb8897a1541d33bed64bf9bff81c126a66650812190ff7050304734ce1b064d |
| SHA512 | c4f7b930dfd1ba4326be5cd4b157a59bc0f12e3034d6741a8a1eae9ae6a33a2ae98cb09505043b9e5f8bc1ca75edf3f7386e980df3bab45118fd749b85ac085d |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-125.png.exe
| MD5 | ebc7572bc7ee4f2cffb75444f2605523 |
| SHA1 | bf565a250fac8450473d6ab86824a7b76037a15a |
| SHA256 | 6382157280f9dbaff8ea9f9c6647d8c1aae73f0c0c5d2a72623bd986342555bc |
| SHA512 | 246ead31c008089ac91ec3afb0257e1962211025912d378e160177370a44b80600906526b972c83b29cd08709e1e5f12f5af2e832c41becec1f173367fce60e1 |
C:\Users\Admin\AppData\Local\Temp\csAM.exe
| MD5 | e559883f29461e806dd37b80524a486f |
| SHA1 | 848a8b9a96e1d4e8e6f810302a1d179837e906bf |
| SHA256 | f9287196add73772a40c2c801959b94d93d82e3fef614d544e2a3120c34dab5e |
| SHA512 | a8f1692e1b4a97f038b0b52fe5d0f3ceadea809fec3b73fab9969433bb141771ff2865a395037ff16aacd6005d0adc4652c269bf3b5ce4dab89aa29c40171671 |
C:\Users\Admin\AppData\Local\Temp\WMgo.exe
| MD5 | b46c49c32aae99cc0a8ae3619298b198 |
| SHA1 | 3ce222a80c1297612f0ca72209b2705283c40264 |
| SHA256 | 20df29ff69bb2f5b431dda0dea9496abb487883de91c3ddb42dbb6725e6bfcd4 |
| SHA512 | fdaa3ab3d0923ca9827a810623aff2cbcb966f9400702c18600e61f5bb323e03eb0388c23993cc3ce0e2100a2b12d0f91dab3ce189b508b0ce8f522483eabeb4 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-400.png.exe
| MD5 | 386ab52268282489ecb73177bcfd43fe |
| SHA1 | 040be325dfa1fcef76a021fb491ef364a4829270 |
| SHA256 | 150982eca85fa373460b1302a3b9cef217ae52c9f432427a45bcaf02c92a755d |
| SHA512 | 608a244735fe41b9dbe5c7a42b1e92f8340b7a1dfd501a034888a5baee306f06ba53a8b99ea05dd4697cbab3b2f8f2a39100e92a166637b483278ecb5a57f1ce |
C:\Users\Admin\AppData\Local\Temp\cUIO.exe
| MD5 | d16856cdd68da719dd29e638e4d047e1 |
| SHA1 | 6f329bc6721cfa490dc9e7f1ba212562d294fcf6 |
| SHA256 | c87d509428b362349c2f8863c8cca621386c19f260d2fd7ffb6f15c50bc2aea2 |
| SHA512 | e7f1ee3c97dead2b3119243cd354ee044cfe9a8b107ec7c6e8776dd2511ad897bd28d90dd3a89394f0928b5a30dfbe4cd6ce7f472e9550f956bc172a07799bd7 |
C:\Users\Admin\AppData\Local\Temp\gAgy.exe
| MD5 | edd75d736f99bfadbcfb5ea8315887e5 |
| SHA1 | 57d1e68402d80380df6ce9ec4d41b4828ab27c62 |
| SHA256 | a38de6517e116d9411f518d5b7bca38f1abdd66da3254c54ecfb74193def359b |
| SHA512 | 227635ecf993285495d7e74d77b090a0397ed15733acc58337bfeb2d9769a7b654643be40d708af8c68dffc578e76d6f62caa9c4ab392d35efe441b7b25957fc |
C:\Users\Admin\AppData\Local\Temp\uwoi.exe
| MD5 | e32a9916435090fcb3a49d56c0c8ef7a |
| SHA1 | 4c61246f769234639be5d90bd0d5637007f5f64c |
| SHA256 | a0bdbe29ba3a430dcba14fd14a204c0f49119315cff1fcc15912d98cb918a4bc |
| SHA512 | b0d28836fafe57b064e13a182153cf8e15d5b3913a01277f3525afd5250000412fa064309a01ff1fb6a590fae049aa5495aae70c4890b534179b2f29bdbf6030 |
C:\Users\Admin\AppData\Local\Temp\IsIw.exe
| MD5 | d38c3e41d9aeb98b1f095d4d7569436a |
| SHA1 | 09390345e10f08445edda62857959676a12d4478 |
| SHA256 | 58a919035500a05ff305764cb6557033ead005614dda42dde79e794a4b3da24c |
| SHA512 | 8665f155d3b6de8b8862729b7939058f61eb1dfd348374d189f398450367abaaa00f73e324089c05ff4004aa6a2d9599c285c8674d14c03a091875ee7ec10682 |
C:\Users\Admin\AppData\Local\Temp\ekoa.exe
| MD5 | b4b5b2053ce85bbb0ecfeb65e16fa77b |
| SHA1 | 13d4ee7d94b2c35154ddb66dac47aa2fefee9215 |
| SHA256 | d5427d879a3b1b033c7c0499d5bb2594b4e3585ba8c3de0b83a03405272f639c |
| SHA512 | 9682e4585ee57db8c50ffb3be4a0330ee9171a6e7059221f0aa1123486ccaf161d4a8556a6baad7f43370acd75d9373e1d6176454670b52c9692495c2a16292c |
C:\Users\Admin\AppData\Local\Temp\gYgW.exe
| MD5 | c4aa9b37df1283a329229894298c7783 |
| SHA1 | 09efc3da663843c292534354b40af4d2f4682f00 |
| SHA256 | 794e5c99ef903126edd2720500f3f0c1f324ba8f31fe0ae6e019dbf34f8b968b |
| SHA512 | 8fdf6bffa4cfd32303defb6dfbffe95ecedcfa71f8f57ad36bbe8f43325a8f27994daf1bec6eaf7c1c402fc2338563ad8db6be54464c0f51e8a87b58356f7ddb |
C:\Users\Admin\AppData\Local\Temp\OgYQ.exe
| MD5 | fff9e3b07a381083b02f52f8be5355e1 |
| SHA1 | cf8e5375e01c4a2182d2d9e2501d3b800790fd1d |
| SHA256 | 80e2b4b3e86bc51c5200f56cb3d12b51c8246610cbdc3175f768e7d7b7a47385 |
| SHA512 | 877a65d1bec2f118b701f1ad8145c373f491915b709e05e7a2c7f441e9fab792227c49d6bd0375f00e9f0c4bba7359d6b9dccb5150004f575a8f177fb05f4a32 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\7603651830\squaretile.png.exe
| MD5 | 77e50549c768ced972c3eb5c6f6f9a1b |
| SHA1 | baf4022d97c10d3133c97f1be0edfe54fe10e74c |
| SHA256 | bc57defcbc2a408c25a87ebcfc6c1f91a143b3b84a3bdb9fddd9f6c7b79cf7ce |
| SHA512 | 7aacab67100c441e29c1643574018b2467e2256a5d5bdb6cbe4aed9ff101955a1c36a56c73cb5efa93d626872c4c2700c566a57c0ea7a09f56d630434cd7fd8c |
C:\Users\Admin\AppData\Local\Temp\EAAm.exe
| MD5 | 1099b25d1d418da8d655f2e455aab7ea |
| SHA1 | 6712529813e7a9580ca915ac9723897b8e1836b6 |
| SHA256 | 715cb8f920a0a5b247232c2c449a5904d696c95860279e46c7e15389f716db62 |
| SHA512 | 977b572b6555ee5828b113c7b268d392eb5b051973a038f6255a1e093139fd35047fc3d95c2d75ca0265bebe841c29abb933f994803f0d95830af040a0aaab0e |
C:\Users\Admin\AppData\Local\Temp\IUIM.exe
| MD5 | 43916eb776df346d7e06c59e89c424e3 |
| SHA1 | 3aac50ba1ab85564b3f3237b9cfd780d5f1424c1 |
| SHA256 | 0e53ac3ce106ed7f20e04778221aebde6a3c0a51190d2d13c84e7d450abe753a |
| SHA512 | 6e7eca237aeff419e9f328925e8e084c7d15b676bae13bd42ccdbeab96b53701747d29b17ae7d2ee1db9f94ffd86cc348d4a4b27b190d51d3fea03f778da5d48 |
C:\Users\Admin\AppData\Local\Temp\sYcG.exe
| MD5 | b72f040f25399f415bc05a4fc35e201e |
| SHA1 | bd436d18a7b47ab4b974d1d969fe6ffd905384a8 |
| SHA256 | e08144e0be7eb28ca0951e7ab0b51df2e2eea4cfc510faf9eee9b169ec3128d6 |
| SHA512 | 18e2b830d111cdf5b990a02ad2e1d0de7c3ed6fb945e5ff6f1807de0d340c21770303c1aee069c72e41b30bfef4194d92c603252f23217b60de11a82e2ecc99c |
C:\Users\Admin\AppData\Roaming\UnprotectConvertTo.ppt.exe
| MD5 | 0cb3772866ec3a32818f5aa454844f98 |
| SHA1 | 12d6ec4d6cee3cb750d11ef9589d4b0bc9d74726 |
| SHA256 | 74486e09fcc786416a776ac29da0498914c9d1b9e6bf8865c397f6734a185c91 |
| SHA512 | acd1d93cfc5e2387585dbc629e14bd6abc9d1763fac2e147370d8ef45d660e11f44cc1af4716215dae607f8fa2eed6b23213e10d4414ec8109b1d78cc2426ad6 |
C:\Users\Admin\AppData\Local\Temp\QoMO.exe
| MD5 | d2556a0719bf37fa4029cbd146fce695 |
| SHA1 | 924be97367a4e1cae03c8ba280819ff9ced4e67d |
| SHA256 | a148c125769ccd239a86be52b4697afa6e812a57aefc0cfcb258da1acfc4850f |
| SHA512 | d2d3396f1f8bfa65f97a8874911ff38160669c1bd88468bb3191f8ba5b40e311af0f5be6c913a80344299eb0338c0310046952215ceedf43f4254eefe0e78e6c |
C:\Users\Admin\AppData\Local\Temp\qMAc.exe
| MD5 | 38e4c063316e9367f75e762405a14d01 |
| SHA1 | 1ce5e3f30510cedef6f47467f2a73658c69fd375 |
| SHA256 | 31c23889f6dd0dbcbc98967bbb26df544c63a18542785ab15ddde963d7a8db1b |
| SHA512 | f09a8a2b5126817c9a9c796495f4938d432fc95cf4a4e6a48bf88ef71e793b9568630818656a9930163bf35c870e8cdeef7ac677ba5551a52e53585b79e99622 |
C:\Users\Admin\AppData\Local\Temp\AcAA.exe
| MD5 | 8134a625712376eab6d675555e861df9 |
| SHA1 | ae7e3f9515b112059102a796d554bcdb147a45f8 |
| SHA256 | d1889e5cb7f0a07471dd726e08629c61fd55807f294b1efab4be130959c2d604 |
| SHA512 | d529f47147bbedf186049a7892f491418705f1ee09cf133401da94d1cfbc0f2dd6f74ab9de6bc39faaa012392ac56dcd5a896e1c539151ee749bf07964245676 |
C:\Users\Admin\AppData\Local\Temp\mgkS.ico
| MD5 | d07076334c046eb9c4fdf5ec067b2f99 |
| SHA1 | 5d411403fed6aec47f892c4eaa1bafcde56c4ea9 |
| SHA256 | a3bab202df49acbe84fbe663b6403ed3a44f5fc963fd99081e3f769db6cecc86 |
| SHA512 | 2315de6a3b973fdf0c4b4e88217cc5df6efac0c672525ea96d64abf1e6ea22d7f27a89828863c1546eec999e04c80c4177b440ad0505b218092c40cee0e2f2bd |
C:\Users\Admin\AppData\Local\Temp\CQgg.exe
| MD5 | d3e386053b51b718a073390b560802d9 |
| SHA1 | 9c7f72d92ab4564a775aadc94dda9b5c7bddf9fb |
| SHA256 | 0a27b69c78170ce752d6c4ecb704f6bfc6e02196ab4b0373ea2442bb1bb841be |
| SHA512 | cab6187df90c5ee81969c9018f0843ec6243c614163874b15e57c8d39dff68ad34bc01236ef96fe60b241258e2b39ddd3c4ac2b6001a3ae3df80bf66253380c2 |
C:\Users\Admin\AppData\Local\Temp\Qgkm.exe
| MD5 | db0f7e48a7d13583dfd0a8787a3247db |
| SHA1 | d8cb9a7d9400c4a3a8915eb524c3a92a2e6016e1 |
| SHA256 | 58b664f641de40e5bcd932e6c317fad4738f138fdb83a078e80982c0c109e350 |
| SHA512 | 4dd48b7d12ce6d37118d0f638bb8923e646714e28c49410149be7e299d57c9c9b05e5b21ceda496e2af2c29444ab1cb95e1822151e9b91b919b5bb5f628044a2 |
C:\Users\Admin\Downloads\RepairSuspend.doc.exe
| MD5 | b681da55409ed4c5949e5377e849fc66 |
| SHA1 | 654a70a5919997394ed4524e366e50dccef53af7 |
| SHA256 | 51e6c7b04e280f2e3b07ed8b86d69ff8b4d563a7e6d71731c3684592a44ec9c5 |
| SHA512 | ecaa2c3495baffaa546c422e26973a7627648bccb1e95c6e598578826b4c8852aed1e12f1d8ecc8138f1cc2b1cabec89f02ac7992832838a181e1f9d2d44418b |
C:\Users\Admin\Downloads\SubmitConvertTo.mpg.exe
| MD5 | 4b2eee6d19cf1d40af336f1491c61cca |
| SHA1 | f792bf4620c3b80ea73631126ec496d5aaeffcd3 |
| SHA256 | 1d838c0bace7e0a362aa37a6de5f94a4a8abcf033b9c0a17bfa8fbf94a85f4be |
| SHA512 | 35debfad5f2f148623403f9a8af3ee0dd66847660bc475cf2dd70683cbab849c47cf32940c9e319506e946311c9f9df02d6715b6a0bf9c7ede2b111d7087df6e |
C:\Users\Admin\AppData\Local\Temp\qwcW.exe
| MD5 | 96cfa77c411b12ec162adffc435ab6a5 |
| SHA1 | c919dbf958273020742215c35712f6e81528e78b |
| SHA256 | 63ec52805818a7519da327241cf3afb2c9514ad0fc1d4e7ffdee47a929f41fd2 |
| SHA512 | cc3b9607a5eca6aae693d34d67b41d97e682796bca9bd8b459386753199e31c02d5dff235a309968e055733b0c5bdbf16b63a708d01933916e367885d2ce075f |
C:\Users\Admin\AppData\Local\Temp\Skga.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\SsEg.exe
| MD5 | 76e9d64b63cb4890f3138efbe11d0d11 |
| SHA1 | 497bf6702f676041adbc3cac870bedbb896c8635 |
| SHA256 | 08ba6db6c12345464c6a3122ef22420112589a62e77b1f37781c7b0835aaf9ed |
| SHA512 | e0cab36d226a7ed1d2335fc564309ef38b8f17f29bc414d1ed7b8cdb636411a045a0f334046187eac3d078f5ff90c5a63496d12cc45dfa598c3432ce4a6f9ff2 |
C:\Users\Admin\AppData\Local\Temp\KgIc.exe
| MD5 | d441db612ca62a273d170aed434e3934 |
| SHA1 | 689db552d210c3ccbf583b48101ad4cdc151b072 |
| SHA256 | f75ca91082f8a35301d7b3286045215e950a27b7e736369dae9de3a7ae7506b9 |
| SHA512 | c1e4ac67281931a579cf21a874451be4a024f69ec40518ff9bcf69ccfb6a1cb753956a725bc539bd4c909765e98dcdedbf065b2e8ea25abc66c21d365a166831 |
C:\Users\Admin\AppData\Local\Temp\mIgM.exe
| MD5 | abf4f3a2255d7d56120f40266581aa56 |
| SHA1 | 672b8a265a7e21d96623c7b60d305b2526a46a78 |
| SHA256 | 5ec3cb2f4c87458d6c97ff195a345f8fa8f8e7fd77ca11e3ba28c8eaff106be8 |
| SHA512 | 5c717d6fa7f3edd3163b80c137a389942263b36c78dbfeff1dbaf6ea7377b95fdb262c63d1a2b0e271a6462c5283ded51564eead9a52ae21a3b244a6d67d71b8 |
C:\Users\Admin\AppData\Local\Temp\mIMg.exe
| MD5 | e9510273a53e70f262bf3974c73b8784 |
| SHA1 | cc6ef519afeac54fcad9ca24b6070acb520493cd |
| SHA256 | 3d7cf5b15b3765ce97d74511d611d68d47e6c8d446c648181a03a43c5d2463f7 |
| SHA512 | 904cca494a9eb0ec227b1152e4e94c4390fb7b3b4e32baa09197a3d03c395049fbf783f0056066d01a8482360699feb21cf3ab5710c68a0d92a621177edfd5b1 |
C:\Users\Admin\AppData\Local\Temp\skcW.exe
| MD5 | 35a369c98d512958d6e765cc411cdeab |
| SHA1 | 6aa86d50ae59fead57a6ab3eb198f9808e3e8fee |
| SHA256 | 8b99d5d1740fad2a7603b201c864eef99b075efe0bd2c342085d0876e48ca855 |
| SHA512 | a9c819530bd8fdddab48920b26a0b645fe9ea4e9ecd6ae3c84f476736c00955856b7e075fd98fbe0fce474a2f170f2f3111bbcf52bc87122ccbd9f48710f7c16 |
C:\Users\Admin\AppData\Local\Temp\wQES.exe
| MD5 | 3043be250492ac8206106c873e2e7b0e |
| SHA1 | be5ddb0e2769a16f7a5b7fd8c8e8dfd4690a0cc1 |
| SHA256 | a9ee20e6834646c00975343611ec16e6f2629b14d174032c7735718587e76107 |
| SHA512 | eb4f687d04f197397e8df0923e0a7fc6eebc32dab1c425f6571f45f87f53964d009c86646dd09c2b16bb36a3bca98c147e20f1f1ceda58d8cd03c39f4976a95e |
C:\Users\Admin\AppData\Local\Temp\csYe.ico
| MD5 | ace522945d3d0ff3b6d96abef56e1427 |
| SHA1 | d71140c9657fd1b0d6e4ab8484b6cfe544616201 |
| SHA256 | daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd |
| SHA512 | 8e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e |
C:\Users\Admin\AppData\Local\Temp\qIMO.exe
| MD5 | 70c5fce0e35080e51c42e07e116c22d3 |
| SHA1 | d252d0840f67a385bc54a4a87f5cd2220bc09965 |
| SHA256 | 92e642683bebe8793f1ec3722293837329d79d8d87ea2b6709b8d769c22a8a83 |
| SHA512 | bb4296ba32d87390a5577bc649f989580a6f1492b2512a84752854820821e062f2ab61b1cf9837e00326e049eee0fa2d954db557c92e90433407a79f6084bd05 |
C:\Users\Admin\AppData\Local\Temp\AUYK.exe
| MD5 | 621e95ccf95de241ab0161b6ddefc923 |
| SHA1 | 92a8890b1e9cf91f0534b3567962ad2f185e5ad0 |
| SHA256 | e1f50f409a0d5198e71c061c41c374608ab64d3225da7401b83c38ae22c1109f |
| SHA512 | 64c279f767aa9862d7faa3da274364d18f83f79e8753b9e09f4f3ace9dceab1a45eeee0f6783019b38d3db207362eb08df3c23577a1b307c1de003cfee0904b1 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.exe
| MD5 | ad505bb5ec1606317f2faba08a1ca519 |
| SHA1 | 086eb6006236d85531ada6256475a7ca54e817fc |
| SHA256 | 891923108877a9c1e6312e20eccfea7998e346cc9f8f857a197218f4249866f7 |
| SHA512 | d9841081aea390c4a6793ed405fc24843338da7e1d8fe6feb8e5faa80360c352866f19e35b91f301704b21cffc2f065f3f6bf7ed101a7b4693a68278f777015d |
C:\Users\Admin\AppData\Local\Temp\MAMM.exe
| MD5 | ebde16ac567bf2ec45593c71d19e8a69 |
| SHA1 | 9f3b05c9673dc58189fb4e482b39fcd45bd13c20 |
| SHA256 | 5f83ebf4bde274e6bca9fe2e5374708f08ac662978cbf6f71e9193dc210373da |
| SHA512 | 4ffc69ec468555c69c0b6c8127067eb9d9c8b866f4469419f2ca8ae663b7936dcecb449e22add280c7a2cd46b01fe071b3ea40d6855da41626edd07f7be5a6ba |
C:\Users\Admin\AppData\Local\Temp\eQcK.exe
| MD5 | 40bddfe69fce7faf9234ea1e5e3d260c |
| SHA1 | c757ca4f4cf3ea343bc55fcb57717d6890b235ce |
| SHA256 | 7ceb67c0c2d80a6d4f5db631a6b9733b5bf591f5502d9b27a06447e278af195f |
| SHA512 | b0e3e209f772f71e910e57828158e1caf142ee6568fda38bf08174d89aef74f0ee4dbe925173c79604801d39e6bacd40ae1fbd46f5dbe2e067258ff026766374 |
C:\Users\Admin\AppData\Local\Temp\gwMs.exe
| MD5 | dcf64ef259c6a26e8275ac40f2a18a4d |
| SHA1 | 6faee1e2906f6c6bda2538a53221c24f5cf36c35 |
| SHA256 | 6d3841d5dea85a37a8fdeb15e48371e9f8b61ed244ef37fdf272552f18711c47 |
| SHA512 | b358ca463b76c2077eb1004d11751904d5af7545e5ed18aba52ba00e1b5a299397b746fa6353d774faebf49933ca3ce234762869702e3537ba480c89fee7e1b2 |
C:\Users\Admin\AppData\Local\Temp\swYy.exe
| MD5 | 29e184a31629de7e519a5b9614b311ee |
| SHA1 | 1a9f74f076d444cb1653f7312d41a6b4226dfdf9 |
| SHA256 | 04ef35cfc859cb6283d8cb6faceae5890c32c42cfeee87bf37add3633433cc8c |
| SHA512 | 7326e6e9ca37bde7de15133fb7feca772a051165e2876d32809f5031b019705ac6071f2a11ee01c2cb9861ba8f45d18bdd541549dc5b255fa60f16b82f99078a |