Analysis Overview
SHA256
19c60c87f1c3e44b76b8e4230a970f8376727f992834368a3cd152d109e90c20
Threat Level: Known bad
The file 2024-10-16_8407fc3b6183cec64939631e05806d11_virlock was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Modifies visibility of file extensions in Explorer
Renames multiple (67) files with added filename extension
Renames multiple (56) files with added filename extension
Executes dropped EXE
Reads user/profile data of web browsers
Loads dropped DLL
Checks computer location settings
Adds Run key to start application
Program crash
Enumerates physical storage devices
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Modifies registry key
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-10-16 06:27
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-16 06:27
Reported
2024-10-16 06:29
Platform
win7-20240903-en
Max time kernel
150s
Max time network
123s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (56) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\nMooIkMI\TaEoogQU.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\nMooIkMI\TaEoogQU.exe | N/A |
| N/A | N/A | C:\ProgramData\FQsYYMAU\qyMQwUko.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\qyMQwUko.exe = "C:\\ProgramData\\FQsYYMAU\\qyMQwUko.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\TaEoogQU.exe = "C:\\Users\\Admin\\nMooIkMI\\TaEoogQU.exe" | C:\Users\Admin\nMooIkMI\TaEoogQU.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\qyMQwUko.exe = "C:\\ProgramData\\FQsYYMAU\\qyMQwUko.exe" | C:\ProgramData\FQsYYMAU\qyMQwUko.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\TaEoogQU.exe = "C:\\Users\\Admin\\nMooIkMI\\TaEoogQU.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\nMooIkMI\TaEoogQU.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe"
C:\Users\Admin\nMooIkMI\TaEoogQU.exe
"C:\Users\Admin\nMooIkMI\TaEoogQU.exe"
C:\ProgramData\FQsYYMAU\qyMQwUko.exe
"C:\ProgramData\FQsYYMAU\qyMQwUko.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fCoQUYcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HmEAEkMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lAYEkEso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JkkgcQAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CkoUcAYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AQkIUEoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EoooIgkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gaYcssUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gQssEwwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HAgwYMoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DKEsIIwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TEQIIEAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FikQIgUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OMUgEIEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IQQkYooA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gsoIUEkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eMYUgYcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NisEkAYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JEEYsIQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tQEcgscw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NuYUMoEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YuocUsgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YIkUIMcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UAAAwMgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gywcscQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AmUYEEYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JOAAQgwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LqkAAoYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZmsEMAAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RiMUsIoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RaoEEcoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WcgwQwEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SosQwsAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OKEsQEAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AIckEokI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iUEAEgcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NiUAQsog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dYkkcwwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zgwIQYMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JQQwIsIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RCwcQcQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sEUUwQcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cGAoYAUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wcEYwccU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CsUMMsAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HYEUoMME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FAQYwcoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NWcccQQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nwogYwME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UasYIwoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oqsEscoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\Maccckwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oMgcssEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XgYUQYsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HAEkkQwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fygIwAMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hWAoEoEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xMAEEIoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KQYsIswM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ocUMQYEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AoIAQEcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wQggcgMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PgIQAQYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fGgMgsMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JIEMosUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TWMsMsYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cgAsogoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UcIAIUgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uiUsMkAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OeswQYIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mgUcQgYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nqkAMEsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BoAQkQYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jywkwccY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hAcgQYUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PusYswYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eIQcEQUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aGAUwMQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aUUUUoMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QSQwQYEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FMcQoocs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nMIcwUsU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rgwkMgIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tSQsMEwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UIYUAcgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\weckMMoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sEYYAQsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CKEkMoYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qWYUcIUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HGUcQMkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BQcAIcgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rqwkAkgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jagEIUog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CYooMYsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AOEYMkkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SGIMIUYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AegIssAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ViIwkkcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VwsAAwQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JEAIEAkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QaUksgsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SIYkUUEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WIkEIkcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EaMcwIIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BIsUkscQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FYoQcAEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JgsUAwkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OyYwMoYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eQkQkEkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sGokEEsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uUwAAYUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YwgQwoEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pyIQMkMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VSkoMMAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\REUkocgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DWQEcwIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kUEEogwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wSwsscoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\akAMMUMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yqAwYoQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tKcswssk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vuEcMoQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZeggocQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bYQMgwoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WIMcUgww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.169.14:80 | google.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 172.217.169.14:80 | google.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/2052-0-0x0000000000400000-0x0000000000434000-memory.dmp
\Users\Admin\nMooIkMI\TaEoogQU.exe
| MD5 | 7dc843a1cb8a31140d170b99fe69b550 |
| SHA1 | 77bc6332f18b16536bddc72e539ec8aabf6531f2 |
| SHA256 | 034dd285c895759e622355352bdefcbf75fce2ed90750f29803cb222f1149043 |
| SHA512 | 3cacaad70b19117b21ddad7c841190d72cb83edb987e1d6a42554fddd5eff0c90938bfe1eb2b0eed74383d266ad888923c62e4b0572d791506617f0ac782105a |
memory/2052-5-0x0000000000560000-0x0000000000590000-memory.dmp
memory/2236-13-0x0000000000400000-0x0000000000430000-memory.dmp
\ProgramData\FQsYYMAU\qyMQwUko.exe
| MD5 | 400df440a683f48cb698a13453725e0a |
| SHA1 | f1488b6b4dcdfe0a93f1e769d382e96f0de7dee8 |
| SHA256 | 0d47dcfbb622d4a273a1b3916ff942db384963535c3712ea9f9361bd309f262a |
| SHA512 | c8c34fcef6f2df48f0fc4a6ed44e6600a6add4f13f91e06906b7f28ef3f254d1c511d7c0004bdd62612835b125eb129963d1efa95632ca892b1121d0550ef319 |
memory/2052-21-0x0000000000560000-0x0000000000594000-memory.dmp
memory/2052-16-0x0000000000560000-0x0000000000594000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IyYoMsgc.bat
| MD5 | cd4386863db23bdb963db76315457a20 |
| SHA1 | 046b83e079a4906387453237b5251827d60082d6 |
| SHA256 | 7a8a06b24fe1195c4ed6991de5af12c2b1814297706a26cca762f44bad21826d |
| SHA512 | af849f09921b30f39d221a9cfbcac0c8ae8a546065ac071f1fd5fd8ae414b095ea94590e31d44092a64cf70d003ee2846b2d3be6c6ccab6b945686948c1f4ad2 |
memory/2616-31-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fCoQUYcc.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
memory/2052-40-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
| MD5 | bfa92771c90c7199a8b84d21ca45750a |
| SHA1 | 8c0c9053bddcb7f95423392ba7d8de7960fd99fb |
| SHA256 | 61282907692cc4761493fbca1f89d7eaf3de7ec5f00b57d7c03cef01fc3e707b |
| SHA512 | cdebc94fd6e0fc7a10ba67a06479330cf9a31ab5cfe21f1211775013c3a49fd23b15b6ff792f24d49d30032442c1eb582b8a43412deda8518fbd02deca5d6e86 |
C:\Users\Admin\AppData\Local\Temp\PuMMIwIM.bat
| MD5 | a13063f6e749911a695c3c956a69f5ad |
| SHA1 | f59d1f1730139edbcffd35775be94a8342dd9c85 |
| SHA256 | 4194e43c7a029ee9f29ef489a6dbdb1891f3722252fd94d4ec37642a3f0d76d6 |
| SHA512 | 93e72db53ac629e3d833177bacf7148cbf7713200ffe980ec91af0ee3efbf64e13b37a7c124a2db879301813c1b62343e2feba841bb27a1ebb0a7430ccf076c2 |
memory/696-55-0x0000000000120000-0x0000000000154000-memory.dmp
memory/2616-64-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vcUckAso.bat
| MD5 | 33cb6d858e76c7ae1249c19f7efc4f69 |
| SHA1 | eb061f9b44b826df0c3ced05a3b1e9d91d35c4cc |
| SHA256 | 221d030378e4875d00fdca9ff85f242ced6841106a3c898fc8be3f445515b72e |
| SHA512 | d851287127e6a3ca55018e876fa633139889d46c4456b9bdedc1aa786f113d17b72e3e273adb4801b7967512d62eaf94988295832d08408a8fc1c42ce6524f06 |
memory/2000-78-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2344-77-0x00000000001F0000-0x0000000000224000-memory.dmp
memory/440-87-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PEAkcEkU.bat
| MD5 | eb0708c6d925e8ef0cdfad1db45d47e7 |
| SHA1 | 12a1587528e1fbef084def3a87b2a4f390678c29 |
| SHA256 | 14771a7053cd6b9916d2cd07292d7b14a3da5fdb03da54b9c7e32c2a42075978 |
| SHA512 | 175a7f092d14d8788e2e6013d32bd990c648d0728f74d8904ae63d5af11a3ea53809e28a9909a208f091903a778be61568d0af2354fada7f6675819aead6dc06 |
memory/2116-100-0x0000000000160000-0x0000000000194000-memory.dmp
memory/2000-109-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WoYMMsoE.bat
| MD5 | 5995240dc1bb09d96721455ebf809f81 |
| SHA1 | 315d8a170489f0ed325fe7a34872a70d12e61f54 |
| SHA256 | 65e35fe9565e5c51fc9c865f2d5a65522b04acadf1424b881b8213b8ac42397d |
| SHA512 | f60707e9e8dd0fe08a7c78ec1775693ce75bedb6f7a726c4b3eff56be4b029fa37121afad445fc90874b48063b6b67bcf9fa8e915858c5ee56bdd0ecbf162355 |
memory/1816-122-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2124-132-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ciUcskYA.bat
| MD5 | 428c67680ef6c09dab1ba988b4d77bad |
| SHA1 | 2c31c16a7bcc2c5eba633c2a72e2e261fce0563b |
| SHA256 | 5e1481f350037bf3659949632641381f98001bfd456b926b6bf98c561bcd9678 |
| SHA512 | 48558d67472b9dd87c94dbbc5ed249870c32b3eae45e4a67c783f3c6d80a797a79e96dec010d378fe461c0713e3c05880de32fd4b5924f37b34a3ec252ce16a1 |
memory/2260-147-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2464-146-0x00000000001B0000-0x00000000001E4000-memory.dmp
memory/1816-156-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\esgAMYAE.bat
| MD5 | 2132a1efaf880167c93ec0b7d55ee352 |
| SHA1 | 14a882bd0c005040e24fac8fbdd3f7d86ea4b3e4 |
| SHA256 | 3eb5d0ebe84eecb79385a8e957920634d4932378e68ad7a08f1d4bc645c4d97f |
| SHA512 | aa032d98860f9c10aba478cb34c385dd200dfcf1426b415ffabc713d2ee0849b84aa85996cb7f80808077525e87a289447f3a5c3bf92270827f3693c2e2e8a37 |
memory/2672-170-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2104-169-0x0000000002280000-0x00000000022B4000-memory.dmp
memory/2260-179-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EkswMssM.bat
| MD5 | f2e483cff17656053d27e912950f561b |
| SHA1 | ea33d19d37d01412dfda85468b24e4ebd041cdfc |
| SHA256 | cbb45bd89844b40503157a4f3a660b4d66ce3bb9ed4a94c14a2b25ca1258369d |
| SHA512 | 906a09e85b7ee56e292fda0f9eff3266cae519ca5fe3f93d21435616c90e02856bafd3de3ea5ab6cfaa88f13eb9e64d253531ba8cfef28a091362ae0b512d922 |
memory/2832-192-0x0000000000120000-0x0000000000154000-memory.dmp
memory/2816-193-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2672-202-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\sCUogoQc.bat
| MD5 | f4505fe67bbf6109a95912be4011c891 |
| SHA1 | 2a2b6bbe501179ebff38299b5bfa183bc1b262d5 |
| SHA256 | 7bf7e14e527b3e98f16c4d1ca4ec19e977ebb3f1813f713be193697c3452c47e |
| SHA512 | ddef01d4727d28417d7f61cfba17e85ccd7fff4ce2db1b9d703f0feb09ff6985c92940d933e3da335d8c82f41da10891818811f3778dffaa4fdefdf6cd876e8b |
memory/520-217-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1820-216-0x0000000000420000-0x0000000000454000-memory.dmp
memory/1820-215-0x0000000000420000-0x0000000000454000-memory.dmp
memory/2816-226-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\xYIIcUME.bat
| MD5 | 9eba0fb0c3864703d0f8ace2a998b0e2 |
| SHA1 | 6fbf3d0c55d4abdde5ac1b911d909ba6d92ac073 |
| SHA256 | 623207f762e6e1e26b61cdb32489ca86b660233c005d105b66d66216e782e2e0 |
| SHA512 | fc0217b551259fa3fe77f25c0a0580633ce77728752ca393de80f86006807296b90eabb96f4a8714679e7f48cee11e780279b9bd6e532210a517686c9dd96b56 |
memory/1860-240-0x0000000000400000-0x0000000000434000-memory.dmp
memory/520-249-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TMcIgIEA.bat
| MD5 | 27cded5ae72962c65fa728032ae45c03 |
| SHA1 | fffa9d60655729e2351b57f806ed09873117e4d9 |
| SHA256 | 893b3f9b91ba524be8b5cac522c0b747e365e5d2499a68d866457df56f16f4b5 |
| SHA512 | 0466ad3d88e99d0c02096b9bceb1fb10bb74f699a052db3fe3d634ffc0bd3f2ae19e8138b94b4dfe2eeb154321770fdb7484c8498bc7f12061e5c5ef372a90f2 |
memory/1776-264-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1552-263-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1860-273-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BmYAQocc.bat
| MD5 | 30c6ed05a529704f2ddebb5857ac2247 |
| SHA1 | 9c394ce112008f739118321413d70f443be71d57 |
| SHA256 | e0cc7f3550c2ed2f687ef6c86e24a87ab148b4b1cf3fc7b8699e6f183f03e901 |
| SHA512 | e941221d86be20389581dbb11e78fca55868307d4412e5540f981ba6296d2b97873f16b48d461ae9345ef88bf694f3dcc8938526139eeb6c9e7a8204dd703eb3 |
memory/1720-286-0x0000000000120000-0x0000000000154000-memory.dmp
memory/900-287-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1776-296-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1228-299-0x0000000077430000-0x000000007752A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\JiwIQMQk.bat
| MD5 | 8e5abd46acf2dc2773f4db8122da53f4 |
| SHA1 | dc18398c5b4ba7404196a7bcb9850a565e753d1d |
| SHA256 | 9e8bc50bdc81cbaf16ebdcdb04c82a8f0a042f3fb15e5d2620ce7e92d0022a58 |
| SHA512 | 264a3261ed3c837a16aee0fcd9535071a3ca1d6958d7285db5027ecda86610acbd671e9bfaedccf866eb013a7f3f709ba287f9b2b9a1368322a63ad2612d4857 |
memory/900-319-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\iYAkYwcA.bat
| MD5 | fcbdac84b891f9f761811e12205f423b |
| SHA1 | fe2580d9f5dffec879f707d63eaf64295308e510 |
| SHA256 | 307bae07b178e8d60c7631434e543b24ac158d4bc70fb3bb6a0825f18d738103 |
| SHA512 | 339ee459f8cb28b2e1b4e8de4c789bc6dd7087c673986e56d8f7efaf6ee6de4b8da91c675207c9fcc6db8955c8e1f7f2690e0adac5362cb3c9bbccd4fe971607 |
memory/2848-333-0x0000000000400000-0x0000000000434000-memory.dmp
memory/876-332-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2792-343-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\UEQggEwU.bat
| MD5 | 0e2fb98a0feb972a027ad44039769e94 |
| SHA1 | 45b766b5a4ad0633e276e5565a78bfb3c845acfd |
| SHA256 | 08b159e834918fbcfee0ae7afc7dbf43f7b06d24e41edac6f4e6d77956f2bc1e |
| SHA512 | 939cf025ce1ba7cf752de0264239f9dad45aac7e9eaea15498063603436750c142e834d3429cd89df40d727f5837a099b90a9960332dfb1096dd3b9b4f359dbb |
memory/2764-357-0x0000000000160000-0x0000000000194000-memory.dmp
memory/2848-366-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kSUIEQYc.bat
| MD5 | 3bf29512c5fac989bc5dc9894af3e8b0 |
| SHA1 | 92485b5eb85911e6feae1d6c6d4441a773ab80e6 |
| SHA256 | b992b815912a4d0a9ac9b2230c38ee8403c21b114564cef4359013000783881f |
| SHA512 | 3457a6af559dffc06b07d1ed098f5e880a43fc18a15270faa67d6aa30bf143fa76902704397e3a5b0a042682a15c608de46eca9cf2c81b53a7d189afb7727ab8 |
memory/2924-379-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2096-388-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\iUEMMYgY.bat
| MD5 | 8ffcae5f04b2c7755090fd7025c4c872 |
| SHA1 | 1dc3db5f8ffc000092579e08077dbc553004293f |
| SHA256 | 1e885ebc99887f54ced587b57d21d3614462612e2296ea6a90c84e9bb94773f3 |
| SHA512 | 7a71f9018ea2241bd0b28139896c1ccb24c10fcdcf20b417b95f55f1de99dd394289bbfe51ce758f913f6e29f8e2f3500c4b06972c2e300854f116a457f8080f |
memory/2072-403-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2348-402-0x0000000000120000-0x0000000000154000-memory.dmp
memory/2348-401-0x0000000000120000-0x0000000000154000-memory.dmp
memory/1356-412-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rkQwEwgI.bat
| MD5 | 567b81db53137896b641ec117df97588 |
| SHA1 | 079b55afcd2bc8c013808aecd9ee7769c3d62cde |
| SHA256 | 0a9b8c65e7786191239954a36eb1b61c73daa1d7dbbf600bc1bc9ee09766d9e8 |
| SHA512 | 062b91d1dc2afd59e190fae0292bcaf28a301bd0c96555fb4180895be72781b8cbfd58b4048e269f1de2ade8b7b505d7e1b09f7e6f5fa6fa4afefe384c22cd22 |
memory/3044-425-0x0000000000130000-0x0000000000164000-memory.dmp
memory/2584-426-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2072-436-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zUUkwYEI.bat
| MD5 | fd6ab515d11bf2a659a352dc96a4ad54 |
| SHA1 | 8072a3d6f8bce82a3e0c62b5cc8e47e50c650315 |
| SHA256 | ed772f7a9e2c82465dce7e8fd2dd2834d85aa2fe5c2950aa9923a658bbb81a58 |
| SHA512 | f790299cd7d792850a9dc59e8a31e40497ac3a53e4ff1ec28c4b7ca5321de627fc679f7c7d511de22ae04ec7861251fce7fc9e4a8cb16864b6cfcf1d5eb63c48 |
memory/2616-451-0x0000000000400000-0x0000000000434000-memory.dmp
memory/900-450-0x0000000000190000-0x00000000001C4000-memory.dmp
memory/2584-460-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lUowgUIo.bat
| MD5 | 9116c6dda967d5c2c3013ee0c115278d |
| SHA1 | 1ce53157ff06a46eb0c848efdfcadc9ba0dccf01 |
| SHA256 | de8e49f900d79ec4ace450ac8dc6f7e2641c211de2639a189d7e9ea71feb9dad |
| SHA512 | b395becb59a3f8a8c04b96c0fa1eb0b5b44476e576c653f3519507d6ab70f998b8a4e0a591891ab5549de4a9d1f6c8c1caef8c2cf8dbd9711de0d90863a98a1c |
memory/2616-481-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lWwcUoMo.bat
| MD5 | 9f476898b237bdd8e6069387ff49a6bc |
| SHA1 | 645e83b2dae157e2758304d705e7c231d118179a |
| SHA256 | b5c6ed4b784879e1f25847ce74072d48a5be1ebe77c8582af65d7f10be9a2684 |
| SHA512 | 280619c48d3c6d5f44ed62ad64172c7cae0d13470802c1662cc72672aee7913430e5c09b41727b153414bea0b8e21769f6bba8550662dbd39d6924005e97a10e |
memory/1304-492-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1244-501-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ZcYEUoAY.bat
| MD5 | 06e3f29474b81ddba830817f80bc83e3 |
| SHA1 | cea5292fc3a2aabcb8251f120f69fff751b5965b |
| SHA256 | 74d2e4e7c6c13331c9ba52b19c55ce6dd64d957dec3729628c027c6d93a6a25e |
| SHA512 | 66ff4f5f0025d9153aee6883cbff4912a90ba12716cebbf667f7c493666aa2a6206da83345ef6047a30f8d179e68cb7d7663677fa05b72e138a9e5e3ddcee9c0 |
memory/2124-511-0x0000000000230000-0x0000000000264000-memory.dmp
memory/1304-520-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\iAUQIkso.bat
| MD5 | 1173ee366fd987ef33d91342daf54a14 |
| SHA1 | 9c277b6198461be9f18012aca10895a00ee8a774 |
| SHA256 | 92f54f8be969b32e4d86f19ed7488e18f3c8b6b09b1eb019603e2fc7b43dce01 |
| SHA512 | 378f34c7854004bf0ab0b1f077dc437e59f2c95b80b0d8f9e2cae7ce4108e2daec014a430e79ef04a7730bec44dfb02212684f93c5c9da58c25fab9492de0d97 |
memory/2924-534-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1516-533-0x00000000022D0000-0x0000000002304000-memory.dmp
memory/1516-532-0x00000000022D0000-0x0000000002304000-memory.dmp
memory/2468-543-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MsIYIUsM.bat
| MD5 | 716825d10d4f7690ad8837afef174352 |
| SHA1 | c56a5c122b201298e094791f9808a7b6cd4fbf7b |
| SHA256 | 52b6beb0880109af2c29a142c7d49412a3537db17ee5829417a904c6100672cb |
| SHA512 | 1a036a02605b0b121cafe2427c388edfab263a81fc4575d5ad7cdac3c2536630c999457b614bd629a1559d4258dbea353a4cd405edb19fc65b44fcc6ab139ae8 |
memory/2060-553-0x0000000000200000-0x0000000000234000-memory.dmp
memory/612-554-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2924-563-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IoMwQoMM.bat
| MD5 | aa200e99b5ce334b7370f3b168534072 |
| SHA1 | c9ef731a0ed02d4aa37b1e075dd3e7f544ec76ea |
| SHA256 | 53426d2b52f6350f7e10a5312a85b00444712f31eb85e428f8dcb917dbbfac07 |
| SHA512 | 81cc3eb69e874ce82fd3704cb195c52a7db7ba433c8ab8f109c008651b3aef49e29d79b4dfeafe50d4b7765f9209aa731b6546ad1ea92d2dd7cef10693490729 |
memory/2952-573-0x0000000000420000-0x0000000000454000-memory.dmp
memory/2564-574-0x0000000000400000-0x0000000000434000-memory.dmp
memory/612-583-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IGQYQcgU.bat
| MD5 | 2c7a37a8d86afc3f2902acba21c54e76 |
| SHA1 | cc2d610a6a52eb6f4627e28ab36831fc9c3a5e59 |
| SHA256 | 58a9a4d0c238dfb5bcaf2538bbb787e336db9b11148a0b912e49770683b87934 |
| SHA512 | f3b6ba5799a73af64d877b4709ddc8844b9f9d02b6544091c8a7aa3035b434c4d5d76df8e853504268b10a07705c2ee77fab410d48470d16b63a6cff6be1d76a |
memory/2564-601-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BMMgUwEA.bat
| MD5 | f75c005bb4aa61a486605d245ef2ad16 |
| SHA1 | 667f7c95c39a13a91efad113a80c5a68a1de1a0d |
| SHA256 | a428bb91981cfa68173df9d1a30e86b52e6ed1707d6f2642a0099dcc39014bbd |
| SHA512 | 6146aa587594528688b01c2e71debdcc996ac1729a7ff9bdee0156d0027f7256d5125e449b2c29333d2d86c0bd3b445af27c73ac2c1aac5c935ade4bed947fd0 |
memory/2732-612-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1948-613-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2828-622-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fAIckQAw.bat
| MD5 | fc8d044a40d60ce05a216f3f04079a05 |
| SHA1 | 285f648fe431917d3e5003b7fd648edfdff21a26 |
| SHA256 | 87ea776e5e6c6f3297bae7095b0e12684114040904a7afb688f5462612e7c934 |
| SHA512 | 51d7f572c7d88d6413426bb8d96661d7f28806b021e37d985ba68edd3ef53898702cbd918e253b3e01d9e47b5a9eee62ef2bd62a5ea93a53f6529958f5e370ae |
memory/1020-634-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2928-633-0x0000000000120000-0x0000000000154000-memory.dmp
memory/1948-643-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\pYQgYwEE.bat
| MD5 | 6b483f61499e5bada6d788925e3e2191 |
| SHA1 | 516340dd4f339251381fe7e5d28a546ab6ac8a53 |
| SHA256 | 80f0c6070a6c503282bb50f764ee68bacf3330a2d9abe815b700eab827ea52b0 |
| SHA512 | 776ab4fbd4e579f7e0aee685d8bb591b277ae2eb8845fbe35b502ecc9b2c35c106697c994c59adca0617e124e71a5c3dd31518a67a3ae49ab52bffabd49864c2 |
memory/1020-661-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vkAQUwco.bat
| MD5 | 2cbfe8fbecc5b11a19a856e128140312 |
| SHA1 | 495bf6e2499aac2f3bf6089f7c6ab56728b8d56b |
| SHA256 | f8e78cf571c79a9219c7aced74a8efc01ffc7fe178d6710702ae0d61d32b56f8 |
| SHA512 | a11346bd3623898ff62f955cec276b854f00cc6bee405046f2960e7041b6632375ffc06c1eb787491319fa6c4c9cffa542aefc37af16eaa71660ff3428bbf136 |
memory/1508-672-0x0000000000410000-0x0000000000444000-memory.dmp
memory/1508-671-0x0000000000410000-0x0000000000444000-memory.dmp
memory/1624-673-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1556-682-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\HyQkcMww.bat
| MD5 | 7f7cb75ab45978c55372655b6540541f |
| SHA1 | 26350cefcdba2ecc05324d0d54e70849002059bf |
| SHA256 | 1f94ab05fb3585726305c371bdb15c219d3a482ebcbf0cddd70cc68ef2978a68 |
| SHA512 | c8fe255217347cd3afb9509fb3e474505d1a1ddb4c81fe1c669bf1e3615768f7cf6caa7622adc4eaf45680ff5854bdfec22733f48c40900fed9522334602a244 |
memory/2992-695-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2596-694-0x0000000000180000-0x00000000001B4000-memory.dmp
memory/2596-693-0x0000000000180000-0x00000000001B4000-memory.dmp
memory/2236-692-0x0000000000400000-0x0000000000430000-memory.dmp
memory/1624-704-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GKcUEgkE.bat
| MD5 | d8b216fae50e715ea37ce8295261d626 |
| SHA1 | 583f03e4ac5c1f1184ad5ff0565ee6cac151fafe |
| SHA256 | 6254f283156fb87953a48e5f8dde1669029929ffc76067ac3303a216c11e5a80 |
| SHA512 | e898ea5e2817c70c96c854c98ad1a6d49c3a8fa9bbb0cf79fcbf935599fd177cad166e6209cf0c8d12e1f32f2e544d5feb01d2eee8dc3ebdfa7a4a50a77ac5ab |
memory/2188-715-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MQAW.exe
| MD5 | 55aa26295de01afb09782541350e43c3 |
| SHA1 | a1883d96165f2e2b1301f22e995d05e74b88df01 |
| SHA256 | 12527c713582b2f097f2276748dfcc79ee2335bd6336d858d073d58c19d005df |
| SHA512 | 0397947950448634e9c8c3692b3bf26bae926d65bcd10f47b720e90be907493e6a3661271d1dfd35e2ccb2945216ede6151976599c0c7b12df416232c987c737 |
memory/2992-729-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\YgAIgIsA.bat
| MD5 | c3908b8a73c8726a530edbd01bcb9c32 |
| SHA1 | 635ac5c5e120a45be540797d3ff08c1c219e0ea5 |
| SHA256 | 280111dacc83706c638610dae9464a1f899c644052501c94e472980784f23710 |
| SHA512 | 26ccaa95d0d7a90b1dd35c7e5ad5d7c0afaf489e178ccf21259ff7f275a1c116f589521f6e5b3178c7a938f69c91144432e4118e392b01a940012d49e6754f75 |
memory/1244-749-0x0000000000260000-0x0000000000294000-memory.dmp
memory/1512-750-0x0000000000400000-0x0000000000434000-memory.dmp
memory/440-759-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CmQEsccM.bat
| MD5 | fd7094fc0bfe91034e14f11060a75713 |
| SHA1 | 2e7cc26f7fa7d39aa6c4f422b7dd64a678aa9ad3 |
| SHA256 | 50b32a7050c3709077d7ea2b107dad59b371d2eb5ada620541eb8594baedfb50 |
| SHA512 | 6b41d9f145127fe4280a3901421685c26f2efb713d3c6a6e59bdae950c282d56e6b393e395ab1830cfcff1acfc24a01707253cad66c27077eb09c046c6016b41 |
memory/2848-771-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1360-770-0x0000000000190000-0x00000000001C4000-memory.dmp
memory/1360-769-0x0000000000190000-0x00000000001C4000-memory.dmp
memory/1512-780-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AUYUMUgY.bat
| MD5 | 4b6b868eb27be1a9fd55d3e6fe96c3d5 |
| SHA1 | 4278519df74f3c6921848ba73d8b4db92e620be9 |
| SHA256 | 3d90c7de618e63daf8d22c436b791e91a51555496dca76255dc07fb60f772faa |
| SHA512 | 8cfa93a0b1b54c057593ebfccad3005c3038253559e2738e969c8d9578c823874be6e4244832f6840d774ce854360c7749610533e0bc0b830227a0ddbe0b9a21 |
C:\Users\Admin\AppData\Local\Temp\wqEssYUc.bat
| MD5 | dffb817800d345d6640a92b9e84df3d6 |
| SHA1 | 856118f44d84a5d411c73327408fb6cde5a3e2ec |
| SHA256 | 5dc9e3f6f640770438182f45225ded76c3caa6b06ce8e8a134ed0a161b163994 |
| SHA512 | 4f243f8a1ee8a89604fbf0ec14535e0c0f381057d23c569188bf771485da9cfeb681decdbb583dfa42a5afacb0bfc2f00af5ca933964e2e7c80e9f37e8ede3d0 |
C:\Users\Admin\AppData\Local\Temp\FMIwcIYs.bat
| MD5 | f17cebbd3dde3f0d6c1131b2bb381962 |
| SHA1 | 46d633b3e45cfa417d4c4b014336b6abb44fe7a8 |
| SHA256 | 2beb77ac9527d233091da64172b96ffcba145bf556c6eee6791025d071171ee7 |
| SHA512 | 6278e3f2515976c73e99e0d7dd7a2d7b11b3c8959964a631ba1e705e2dcb55f02a01d33600b0f07cc07e6e039a0282bcbb522eac16a4e56c730e7556b4d09b94 |
C:\Users\Admin\AppData\Local\Temp\BQwEIUQY.bat
| MD5 | b2ef3c9822712a8a7cb741bc9f17e1e6 |
| SHA1 | 14695ce5a69aae6cc6f69c126da16359bbe74bc3 |
| SHA256 | d2a8d125be993fe0909c7474c8c3f4b5c2f2c4f026d961b502e8d2cd99bb4cf5 |
| SHA512 | d2456155a0096d49776f8f62f47f528e9c9f51462a114cdd05d9d7129071364caac035312099fe16b83d69c03eb03eed8d510c1b60b765c095f0f849fd04cd5c |
C:\Users\Admin\AppData\Local\Temp\dAwQQMcA.bat
| MD5 | e124b267ee578f25fc43e7c87538c486 |
| SHA1 | 4fc9ce7aff5a5c589df6b95b4cc2d4ef90af7d3d |
| SHA256 | 0094e711b6c466380a82065479213c6d9c71816a9375fad2c17803b032f1ae48 |
| SHA512 | bd4dd723e90fca0d36625a6565941a8ef494925d3e482658d102d07565d9299bf8899eda654da0152f0d7ffc9251eb337c5cf13832d578f73517d68719743ae1 |
C:\Users\Admin\AppData\Local\Temp\xoUUsgMc.bat
| MD5 | 7380ad9e8c1f6066162ba6f426addff1 |
| SHA1 | 253cfd08aa4bb4d760419bbfea17fe863d070a7c |
| SHA256 | 254a808e3130ff335bf4b546fe5d6d08a3b0fc426970badf1fb9691e5417e1c7 |
| SHA512 | e6c519dc89c9ae917f423621425824617c7038fd2e9d1eddee33dba7a8c0609c9d8d24ab433a12c779449ac66ad773b692926d362e2ecb4403af955f8a40cb2c |
C:\Users\Admin\AppData\Local\Temp\PiMYUMcE.bat
| MD5 | 4b4464791a6a680d023f01468782ebfa |
| SHA1 | 920fd7882f2eff271afac0fafaafbed5fe7126ab |
| SHA256 | 183080aad8e9eb003354f5cc964264cd487e8de0d38b8a54cd66e030f86af406 |
| SHA512 | cc2c929bf77a8e9a7a1c089de9a04373235c4f1e00af302c94635f3a64c887743da7aa51a1bccab1969bd9bce635f690aa525cedecdc54a6b49e59394d299e94 |
C:\Users\Admin\AppData\Local\Temp\uAkwUYgw.bat
| MD5 | 9ddf36d2dd22bdacb24c2481e35c5c84 |
| SHA1 | 821b666a7589782663a2f5e3fa557434798ef2e0 |
| SHA256 | ea3d3f94b97df9128845555e4450141b37511e7038842b7f151e55f785ed342e |
| SHA512 | 832c7a89bbad6d1343913a7eaa31d6a40fb761f55947e4b4b88e5e21fd60fbc1af3ef390c78203503d087ee97c2827cdb9490f025fc47f34ec1aa819f593e973 |
C:\Users\Admin\AppData\Local\Temp\wMAscwkM.bat
| MD5 | c8814f77d9e5bf1d449f7833f6475433 |
| SHA1 | f78043b63b7be58e068359bcc5ca5a3d0d759109 |
| SHA256 | a1d353fa71a54f7509845cfd3062d3d0680d387ba060c12349fe90b52e881357 |
| SHA512 | c3fc9ed5000ced66d11b88d413594d652e66d027b7e2d697b0f9e19158f557a324c7d52b41d800b44009579ab1091d69f336184d42deee4e76b1508a905a9745 |
C:\Users\Admin\AppData\Local\Temp\cgQcoYsI.bat
| MD5 | ae62242ef71d080c7a89c5cc94699c15 |
| SHA1 | 9c74d0070deb843a95c46b0c9e3d31e2ad5b3a0f |
| SHA256 | d818903f623418244d31d9883a6c13ba7d791c106e84faa6c3e2777aa5e9ee15 |
| SHA512 | 0c8ea98c5e04f2bc93ed4f88d2731f0b44e91e522b05627404eb81e5808e5ae3540d559202229c2bea24d7f3351dc78b181901b82c3b7edd316c111bd568f0ad |
C:\Users\Admin\AppData\Local\Temp\IMEMQcgE.bat
| MD5 | 031611fbdbd89a1be1955617cc0033c5 |
| SHA1 | c146ce0c1c0566f5857bae133b63bda1420e91ae |
| SHA256 | d0dbde32d678cb3423228067e778b1db4d4e7902e1b474a96520c74c641b1bdb |
| SHA512 | 93890525db073f0d5cf7a4fc899abb9c6e8095fa0b2299c33eefe543b33c363e7a7e8cc5e867ef9d7798ab144bfbf603d84dd34fe59d1fb63fd20905f027ad57 |
C:\Users\Admin\AppData\Local\Temp\zSYIcAkA.bat
| MD5 | 5a6e8ad11fd7c605ed8168c02076bef9 |
| SHA1 | a28e271193e3ff09ec58003fb5eee9aff9fced4b |
| SHA256 | 3b18047392953ce49ac801e7822a51f6d199c8fc455bd1ec09d030aa80842b22 |
| SHA512 | 8878ebb4c67705e031e5aa5b2d3668ee5d370da0e2f85633883946afd61d0441d259e4908d9a7c92ebd78bf24747b9821a897ec58f058fe9fa60e5dc7d426982 |
C:\Users\Admin\AppData\Local\Temp\hCUwowcM.bat
| MD5 | 87bfa94c82048611b618dfcc865f09a9 |
| SHA1 | d8240aaa34331e9f79228cf3c5edbaab6e2e14d4 |
| SHA256 | fb1ec4fa5464fa54cdd4434e1ad3fdb1c3f051e180fbf5e822c7ad0ff9bb5812 |
| SHA512 | e20432f30e9c9cf08e3ff5c34dc91dad28d96e58ce493a15b0192a02a130439ec85c928f8306351bf72e8144aea39b064da4dfe016287d8bd57deb15ef256fab |
C:\Users\Admin\AppData\Local\Temp\zaskkEwc.bat
| MD5 | 2d65e9412a36c571dfa31d0cce0c0b88 |
| SHA1 | 3daca4cc0f38b5f8b47c42a86c2eb38359fbbc6e |
| SHA256 | efab749755d9f30410b94d71be86aef878acd816b29a01d63704c6d850c14a05 |
| SHA512 | 489494aba7e3d81531135a8a2decaeed459be0f44b5d4f8374279723ab65fe95a65c86e9c1ddc9db1d63cb7d703606dfc9899c124e01d3b357bfaceb92b0514c |
C:\Users\Admin\AppData\Local\Temp\PgEUEEsU.bat
| MD5 | bd3718b19cc758a85c3270912fd1533f |
| SHA1 | 0dfd2d6e7dbfc75b66153701d8b9e02854668103 |
| SHA256 | 105a2145fa588f3a0e5e576e1c389ed4c1d653a40ff9ebacc0702f1b6cc12b1d |
| SHA512 | e6c94c74f2d77429374f23d954176d1803ab0e909c180bcc3d6e6d7854301e7c3cdb6c11780925b23bae5e04064d9c611d83c9e4be76849e7aed53c8f11b5f25 |
C:\Users\Admin\AppData\Local\Temp\BGsMsEYo.bat
| MD5 | 2fbb965dc272270154c7e97ee8ab9dc1 |
| SHA1 | 3715a9d74d287b767609fcc8cb770dc74095e178 |
| SHA256 | 9947851a841407033014d0162e6da9b49efaf6f29fbd9989b252b9a40446ff65 |
| SHA512 | 62abb16285b7288a21b4b02a1a5e0c92cdf65c8498d8178d659b17167488f14441bee5fca663f8d4c3a7970aa8618df97a8bfcf25a91eface2ec06eea345f258 |
memory/1228-1106-0x0000000077430000-0x000000007752A000-memory.dmp
memory/1228-1105-0x0000000077310000-0x000000007742F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\wAYAsMss.bat
| MD5 | 13a64973c165d29a4d0cbf1376e4a5e8 |
| SHA1 | 9052de8caf618f382c1b4a25e08740e68afd5f74 |
| SHA256 | 229272ecf2b0bad0a9f3640147e04b15b8dfbf879faa832663ed7eb3a805c7a9 |
| SHA512 | f7c4e5e50424cf283af8969ae671606d4efb0554d36b498dc50ffcb860a705010ad5eb272588ec1f2716688b1cee7c472dfdabcb151195d26e8c912400e4928e |
C:\Users\Admin\AppData\Local\Temp\ESogcEgY.bat
| MD5 | 8ffd6a06cc49750f84e26484be0a1984 |
| SHA1 | 54cf31c2414f8fa61898103731676f8824aab4eb |
| SHA256 | b9bc09bb67de34d59517ea95d8b23b5bd4b076d26b420f8e310a5224a37962ef |
| SHA512 | 9fb9975cb2c65f07f30cf2c5c9e03622e133bde490707dc405ddb4dbf4afb0934007cbfe7ac0c4c30dedd5801d5c80bc8953d60502fafeb7937352db42341347 |
C:\Users\Admin\AppData\Local\Temp\ecgcYMgI.bat
| MD5 | 31ef85f27ddf17fe43619ea737e7e70a |
| SHA1 | 338884ec40b454d9fed4c6a92352a29cd34ad611 |
| SHA256 | c83e54e536bb186732d08dcd29e80ca0de6a994f47c7327048f45bc205c8e31a |
| SHA512 | 346af79bb14dd2bb1c2c5287baf3272e1865edd704fd2b07ec103c1e80e031c1fd60f816fdaceaa72742d056363b249c84316290c9b9436dbf36cf2d5016f99a |
C:\Users\Admin\AppData\Local\Temp\MGkogAAw.bat
| MD5 | cf002b5970d7f32025894cb4d0a6aa54 |
| SHA1 | 0b34a605c63ede6bfdfde623efc82144732d8965 |
| SHA256 | 3c94e01787ccf48fa40b07849cc6177fba752f329dc9bff157976e1b7f38a46a |
| SHA512 | 01773513f46d722b29f48bcea28ac5e5eb08afc5beb274f5f7822badbb2afeb067db4606cb4c559811deb0f6090b11a3a31fb3bb8e2521ec48e5919d23810dab |
C:\Users\Admin\AppData\Local\Temp\EQAk.exe
| MD5 | 86c5f6c8c5103c7665adab561fe7fd85 |
| SHA1 | e68848df3966fa4843594cf3239e33c94b811d8a |
| SHA256 | 78ea82091a2ac70c75fc989fe2cb5adc43350a01525300d4bf60427b5eb883f3 |
| SHA512 | fa3f13a5b8eaf72442d424768d6c8b1b5ac94e99b1696539765081f418c4061f4a7c2772eef634d94aac476284c600aa3f20ad39aa61db6b04a7b68291637595 |
C:\Users\Admin\AppData\Local\Temp\lGUEMIUE.bat
| MD5 | 5d3c7198a0deda15aa85c0f97227bd1c |
| SHA1 | 1c9238cd047c29e71e78063d2a20f31caee54e3e |
| SHA256 | 0c1fba73639d80ddcd31c7cc4e556cdb942d6c97d66b57cd6506d2c75a9c04fb |
| SHA512 | 61555a762772448f6f79d7bbbf5f4679fc092ff74f7c0bf3ea95dcf9a865d8a7646abb44e44f5650f22e7416e7880ed66f814fac964473f59378c10cb08fcffa |
C:\Users\Admin\AppData\Local\Temp\YckA.exe
| MD5 | d54639fee208cd1eac052e907f2f5014 |
| SHA1 | 36e510fd69ccd3b4c3e4b0cf7bf98059df485eef |
| SHA256 | 7817a7b3bd4e07b68efe2fd492c38a0783b7235cf8b6789f750f866831aa8db4 |
| SHA512 | e58ba237ae358af0e3f16d588b79913bcdd582643494c896ec37a9dd4d2aea674d06174fa6221567da3ec3893776a35075d5cd991fb56b0ee932f3a79535ab2f |
C:\Users\Admin\AppData\Local\Temp\OkYE.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
C:\Users\Admin\AppData\Local\Temp\KsAS.exe
| MD5 | 1c0d5a40ae50e4c808e8bc09f8e2cbd1 |
| SHA1 | e1996b6d8ea533b25c205cc272e8a6162135ae46 |
| SHA256 | 531b1760d0eeb3495b99fbe1e3a445cf5ea190665e498d86e499dc3d74bad2a8 |
| SHA512 | 01544e392760882a2802cd94285457056628ce5e6ed657125522bbf992c45b28fd08f62cb8a08474c10cabe9e839b1fdf6c4051518c43cd2436cd858db0aed3f |
C:\Users\Admin\AppData\Local\Temp\CsIE.exe
| MD5 | 12e3a35cef1a8a05fac0d1bd432b1797 |
| SHA1 | 5060b903ec32f6d61416131b28d8dcd927636644 |
| SHA256 | 5d768a1a36558b52d2ecef0c74e461e376478810753e12c84a97956d9106e040 |
| SHA512 | 671b737944c5e86ea1df85411656179b34840fd19168d94e29acb0b8fd138fcadd443600155b35020b8a8334ebe072ebce46fd9fc3e89470032485bb0ee2a8a4 |
C:\Users\Admin\AppData\Local\Temp\WUca.exe
| MD5 | 5b7ca1321e3981de4cfba96463a049d9 |
| SHA1 | 248f980655c540af39021ba59ba1e8ea5cccc7d2 |
| SHA256 | 01405f927aed55d543607172bd2258862b6acd5f1401410051eee8dfed06d72b |
| SHA512 | bce1d23792e18fbc31d62d46f6312c1598e37f04db3a9b21c5e826887c72b695dc0ba82bd40b3abeec4c4e2aa3ec41f1761184d078df5e3ddaf1857ab49ef289 |
C:\Users\Admin\AppData\Local\Temp\KQMK.exe
| MD5 | 7bbbc535310a3a834637c7b42a9cd7de |
| SHA1 | a31c78a5bf09f89c7049fc45ffe8738ee685d55d |
| SHA256 | bf975f165710999881740d655b293dad2c89988f793c477063db7a6494c368a6 |
| SHA512 | 8017831d014badfe64146eb89085d1bd003f074295149e078d2d46bc011803e2099718c4fc19fe6f91320385d68ce957807fc1784af7b7a761810445486c0fec |
C:\Users\Admin\AppData\Local\Temp\jeMEwUkg.bat
| MD5 | 8cef587d555b3570db61a5ec584ac3d0 |
| SHA1 | db774e064c2a4bb16f466aba298987b57fa87608 |
| SHA256 | e6b00787d1b2f7ccaffee2920a0aefa6f2295241c0fa002939c73e6b197166ba |
| SHA512 | 3dcedd10b279e9b294ffe38076bdd247191351f16ba2bc9b5ea1392bb4b573471fc5f76895f2a09732f50d478891df31cc94eaf26cbc13a6cacce699067ed682 |
C:\Users\Admin\AppData\Local\Temp\wkMo.exe
| MD5 | e08f72e04f961a984d3d8278d34de98d |
| SHA1 | 18c8ad62447a7f5952ace5a658834fb72703b15e |
| SHA256 | 27213d5c9e882ea1e6ef2a7ae306670bf953dcfc08b9d39fd60fbfbd3463c637 |
| SHA512 | c17e29cd7d8aa4ae5ae7e883ad94905c901fab6730c5b904d148e4c7c7dea2df9769652f9b47e0cae332762fb7cc40b8f001ce3490bc5bfc5cbde30fd0247635 |
C:\Users\Admin\AppData\Local\Temp\QYIC.exe
| MD5 | 2bb44c1d45f39f5e17771dd65cecf861 |
| SHA1 | 22a156b247a6d35f9d79f1d27988da1325d59d5b |
| SHA256 | d170b4efe8105b925ea6541d86aa2182aa75cdc7921534147c7c64dcfe587c33 |
| SHA512 | c2257b8aa908e02fdf0bdf35863d772fac0505c84a4d6c33bb0ec227c944bc40ba88eddc1f56027d458fbbad19c7143571cb6d75d5701e7aa602159d38ccc164 |
C:\Users\Admin\AppData\Local\Temp\kYkK.exe
| MD5 | 72804bc9187af58e82b2d8d2cb28b40c |
| SHA1 | 611364cae5f979ede746e3f5bd9a443056efd4ff |
| SHA256 | 4f1e75044a3b7aefd9230cdf4e5cf41fb37ac1a69e13306def083f2e664956ee |
| SHA512 | abbd83d97a4227751b1e005db8691fa5739beb2214088d18cc840b6a28615538c977bd1ba85cc165daead189e395a6164f8ef2266fc01318b61d99549555adf7 |
C:\Users\Admin\AppData\Local\Temp\yIcY.exe
| MD5 | f158fe52910854a5fbbe855747230d6a |
| SHA1 | 793331934336c57d833461e50ec028619b4e51e2 |
| SHA256 | 01a5a8ae654b7759f6f67a0b2c8eda39d64a8976094bbac7a255bb85c0b71d91 |
| SHA512 | c696624bfd3d36463dbd9f6364c9eb5d5e3ddf0a60569f3b7640c9a192540a75dcc15c652526b70e8065d53d769dbae08fe8a48e0648fc45ece6e3275e074e3c |
C:\Users\Admin\AppData\Local\Temp\ccwk.exe
| MD5 | d91314f9788a5233d935b6dab5db924f |
| SHA1 | 1f14a2b77596cb9677ca2f6484577a029e024087 |
| SHA256 | 32d6f9293c79382f42a92826c6cd1cf3f003a047421a0d3d7ebd4e39e0557751 |
| SHA512 | 14aaecade9056ee39017b13806d750947b8c5c34557bc7e1e58212d6bd5385882e177078f8b3120e5f6b4f03a118a4d817ca975989500b9b4a8f1e1804cf828b |
C:\Users\Admin\AppData\Local\Temp\QMIA.exe
| MD5 | 2abe08bf7579a55fe3a0ba40a0e27fd8 |
| SHA1 | 4832f904b4e89090030299e89be18aecaaebe4d9 |
| SHA256 | b13845f4cb591de1bc6eb800df00e93d9d5645824647904c0317be40e376fd82 |
| SHA512 | 29bf644edb519b58bbf95152d18316e60606c1ad2cdc314908e42de92acc0cb3aa5dda0d42036de77d65b06ab6ba44eb5d673ae3f969e59688f7a262b3f8970e |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp.exe
| MD5 | a01d5d1aa17963db9f0ef3e97513a643 |
| SHA1 | 813ed617638eff24421fb9d0bd40a1122516b45f |
| SHA256 | 4281c9661b36b86c82a39e62eb2ed3a663cb9ff575ef7fe48a397898cfebb982 |
| SHA512 | 7358ad8918d85dd8161cf1fec379cdc4b9f3c83e6741dd5125ade674a424f273c183f5986323926fe59e1de65729c9ea2b7921ae3fbdee92adae0be03e92d71e |
C:\Users\Admin\AppData\Local\Temp\DgYkoQgM.bat
| MD5 | 3088bd84880870b3f55144694ab78feb |
| SHA1 | 574a06cdd80b356354a54698378f84756737a470 |
| SHA256 | a1407859c6b9ef49c7e18a3594ff6969fc9b82773807859ca152fdf2e8d4ffad |
| SHA512 | 1eeea96929302bb8b770a378259ab7c37a7d1f158abe276cbaa2c2509d2aa1a0dd4ef2096c48d322a582636b802ca31ee79d0f255c27192310ad3152bba69b06 |
C:\Users\Admin\AppData\Local\Temp\aYkc.exe
| MD5 | b398f58585f8f36d902b0b6206522e81 |
| SHA1 | d30002790e82328aeabc369f3220c4fbb89913b9 |
| SHA256 | 7fca76afaf0f1163c1075a76fe4de78acbe61a571e78e0d31e6927e5246ff9a2 |
| SHA512 | c62f7b1b6c5362fb089d55f89b20633b8c54139614335170ad5d0ddc25d805dad48f159fb462d5595bd0c0bdf127ea34f7f19f8d23e74642ea9b72ede8e6d091 |
C:\Users\Admin\AppData\Local\Temp\gAAC.exe
| MD5 | 6a8ca5019864734afc3afd45b0a780d0 |
| SHA1 | ef7019d1d59b53a61bcbbd743a9d09a53c779959 |
| SHA256 | 21cacae536998c9d1957f82bc0339ce4da3030ce0d71a96dc701d41ddd7c2209 |
| SHA512 | db35b2fa5b3eeb1e42ce0e21079b5a1e7a18ec8c8411deef1b15c49f2917e381eb96e81fcdf35a3a77a05a12b3be1f436e6747ab460c506e1e8ee72bca24e2e8 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile19.bmp.exe
| MD5 | 130920af100fea28aedee660ef7c807e |
| SHA1 | 221491d9003707e3f7c1f5b48e09471449c9d07b |
| SHA256 | 8172ea08de818ffcaf880e724ad41ab707aa32953faa363f3bb0f60932732f34 |
| SHA512 | bc5cf08f7d90f21995949015df452f0c80c6c59984972f77265f75ad428318a05505cfd9689f64748374fb7c176cc105239ea7697b4382a476270ba8bbb5fdfe |
C:\Users\Admin\AppData\Local\Temp\UcgU.exe
| MD5 | c09ca03d63c67d20d17e16c1d8e8ebe3 |
| SHA1 | 26408a9912df6510322dd4add26fade10b9c01e8 |
| SHA256 | f1f557d2d7db75ab5846afa6cf3e66ea1989df03626aac8760406475c64a75e6 |
| SHA512 | 4e399bd3bb875252165970720dcabd0b8e16c46570b1a41a07d6b646af1c865966142634246a9806e3bf34738fdb04c3c97ecdb7d4032a2b562a0c273d52cc95 |
C:\Users\Admin\AppData\Local\Temp\ZOQEQYYc.bat
| MD5 | 18d89449bb43af9c93940be2e3c4bd15 |
| SHA1 | fe1d696f87da223285d47e3853808ea8de17c005 |
| SHA256 | 2c954f908b1905e16069d21359d06afc837886c1d7495a821859f366de197eaf |
| SHA512 | fe851a299758167935a85d963f6ce67c61684f8b76f37c2dd87bfba531c3feca346f7072bdde03d050bc8fb91855046736b0d39ae22de01e000b24ea8de59736 |
C:\Users\Admin\AppData\Local\Temp\IkQS.exe
| MD5 | ec45226d4f0537d92bd650463e8656ca |
| SHA1 | 370acfef08c4903495ac3d19d1ff58ad4dbeb461 |
| SHA256 | 2900991abd05d06f248acc37560dec6840e4f8c455268a0fe1e62e89682ba895 |
| SHA512 | 473e23de5c2a79d3be3190ae77a7f6f2c561b507316c5e88e7b51b3e820438602fc6e695cba0ef04f768a2c9ad1048f61568ebe497a6e4c69abd976a1a61037c |
C:\Users\Admin\AppData\Local\Temp\wwkU.exe
| MD5 | d2d1b47b24fa10bf7c379f577e4063f0 |
| SHA1 | f372723bee058f8b11e05989fd76a0652bc85670 |
| SHA256 | 2bd6d1cd4339c5dab34d000ce012ae7533a8cb28ef41ff9171c0fbb5a28a727f |
| SHA512 | c0822a42879a06790c6307d873941ad9e32832773233594abdd70e58e665dabf6eafa6229508f2f7e11441a7a4659b3fd047d51e59c0632b42d71e94a79482ef |
C:\Users\Admin\AppData\Local\Temp\yUcc.exe
| MD5 | 3604a5805ece969d1ec04c8697b8bc78 |
| SHA1 | de20cd3c77361b3b8b215ccfcec019b681d431b5 |
| SHA256 | ad8b84f826f78c9c04524e8014996a29e9560114bceb669e9f611ab2b244c2a7 |
| SHA512 | 72e4c0d880f038a81f4f111136b5bb8bee2e1cef231663d2d0efef332e18c55edd42bb081ecfc40e562a24d8c795958acf3e05c1c387b8a9935ee16729eeaa3a |
C:\Users\Admin\AppData\Local\Temp\esEQ.exe
| MD5 | 4d8434a999bdd169eebbd7bba7656863 |
| SHA1 | 8ebde0dec5b10069c39386ddd197f0c4b2baa700 |
| SHA256 | d84a4836556c3917ae87fe6110d5e992c58717eb97d5ea7c66425d6f6df7b339 |
| SHA512 | 7522618eaad6de361a35c27bcbd695ba5aa680f0708189bdc713143c96c1f76ada64c7b24169e343ba195b6e1b83bb72ea945c2f5377af0696cb96b6adf5324b |
C:\Users\Admin\AppData\Local\Temp\qgwm.exe
| MD5 | 8c264a2d328bb940f4fcc599ec85cd3a |
| SHA1 | 466b822a0f119e2a24fed831adb8afc9cb8eda33 |
| SHA256 | 17bbee5f31e874df8c36e3aa8b1df4d421a748b315fe08dd15d9822bba440075 |
| SHA512 | bc7024cb5b795df3831d45a0e37ac127e9a04bfff9f1e438c41d9817227e0d93f8baee85a596f117c84afca002bae2e663b77c0993226a3b2eabff053c03d284 |
C:\Users\Admin\AppData\Local\Temp\CsIQ.exe
| MD5 | d3932c261bedaea5dcef99fd4bfecdea |
| SHA1 | b8122c982d525653c36cf7726efc6b2225878beb |
| SHA256 | b42a0933b141bd00605bbccfc71c88f49231bbdf641a5da49f8acdc09be572f6 |
| SHA512 | 215610dce9f7e3d9513dd6876193802f8e8999a02276a01be3980064ca7d07c96ac8689dd9a93c99321f5f6c33b51369b3aae900c183910f2362c5ce53b4f6e7 |
C:\Users\Admin\AppData\Local\Temp\aKUoUwYQ.bat
| MD5 | ecda530d1436628eb7a300e8478c8ff3 |
| SHA1 | 103695555ba101edc498c04544e795f2d6e66f95 |
| SHA256 | 0f02e3738636425e33484fbb8c3bb07781179e6f6e381dbac1751a18f0ebbf56 |
| SHA512 | 53587fa1d71075450526d04ce939965894031d7aa331f32640514164c488d098472f6bda65e8fccf719ea5834b20002c672258f571ac3727caeb17605fe51c41 |
C:\Users\Admin\AppData\Local\Temp\qMUu.exe
| MD5 | b65571c2c22f0cef6b31dc2b180b6dfd |
| SHA1 | e54029e2687f9001166774d66c8fffd0fa9ca9ac |
| SHA256 | 5ee750962be3739654930f364874a4f19061f082bce019ac8df51db4c3e0168c |
| SHA512 | 56ff3dc244e22a0eca853a0e2d165047f3ad3b6e8d273c81df3802e0b29044a54436e57e3ab7794511797ef5e17ab2a0d57ab8fb403e542a1da1414687138311 |
C:\Users\Admin\AppData\Local\Temp\skUW.exe
| MD5 | 5f064186aeef984a2c203a51a3fb5d18 |
| SHA1 | 4f7318682f7bf191f858ca785abad7516b53b802 |
| SHA256 | 68cfa631e9f9d1941e1a0e48f8c8a93fcc3398b3727467d001c567058634cf79 |
| SHA512 | d927fe93ab4e98fdcee815006f516cddbb3a9728ec145a8e0247b3091b5610811cbe7cac81f014649e7b1ae4cdbcf5c3bf626b136420d1b8cc30fef85e79da29 |
C:\Users\Admin\AppData\Local\Temp\GMwk.exe
| MD5 | 9e9b7ff3572e6814cca39ff98d5ae730 |
| SHA1 | af03f43eed5d5414949c7da0ef74a1637ac15576 |
| SHA256 | cbaaea58f882782fb6cf3c15e6db9bc2660524c629e65bdc90846d3e5bddfd30 |
| SHA512 | b1aa37a5abae549aba621fd163bb49cadad9fafc9da752a9643ddbb3f3bce8eecff4f1dca136f666ca49eb641241645ab0871202dfa89e33647b05b0c016a294 |
C:\Users\Admin\AppData\Local\Temp\SQIq.exe
| MD5 | 1c2f1df65475cc9fdae29b72f6878a69 |
| SHA1 | 65a642c8b59eb4f8c7019108988ff5e6290da84b |
| SHA256 | 233d795b220e5e99dfe4f127b775842774887bae2a8de707a1c3f91889fba69f |
| SHA512 | 587e45889d3058dedd27b3c33310405aa3619c9a9d09ba5522a47105d11c3d275d556727c92d717c4ed87e565b9f1daedfa0ac97209d3096b7f9cf9cf288adce |
C:\Users\Admin\AppData\Local\Temp\cwsw.exe
| MD5 | 46da7dc884f9dea62c0331fd85f1d230 |
| SHA1 | 7b722f75fb2b9e8020790445396e6afd5801582e |
| SHA256 | ad9e264193b88e1962f2656662c525200227b006d3ef303605433c41557a0828 |
| SHA512 | 3b659bfac8e74687217ae3f5498e4269d606e1590311da33b925b9d958ecddb35576f1a0b95ad951c6a293f5e789577fb0ab3fb3d4c2a32ea8382b3488d1d819 |
C:\Users\Admin\AppData\Local\Temp\iUEM.exe
| MD5 | d4d62646172ea8d5367dfc8eaec35284 |
| SHA1 | 66387506eb3393c89cc6bab9f80bf5f51f164876 |
| SHA256 | 6b3c47efd89b1aff276ba78fabf058e7d24d321a6948f20bf7982c51e282dd02 |
| SHA512 | 4ce26a085461a0a08155907c643f1b77c7c041ea067255681757ced0e1787bf1e92a47504ed125197a42b467cf5e9d0490288629ff157d290dfd71817d336218 |
C:\Users\Admin\AppData\Local\Temp\ywQq.exe
| MD5 | 07ca156fceb16f6d1dd427c1dbab42f3 |
| SHA1 | 8201434874d911649919e282397ded7c0675145c |
| SHA256 | 9e56f45fd5ce3e31dba6fc15f49f3e1d9ca7f71a6b4fe31ea752cbb86fd0a459 |
| SHA512 | 4ea33b6313e752116b9b54f400a3b50fec886cb60615e3cbf950ee11f980c72a5e38cf09e0aefd78ef0575c95e6b922fb80747095908e5e48f92568d391c1463 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp.exe
| MD5 | 8e3db8a532bc1eb589c191ccacfa70c9 |
| SHA1 | 040e89ce21502371443556cfc772ab9d6c8403cb |
| SHA256 | 25f02f558acf5e886e1d48554f68f22c91e2ae086f0f2a4cd5d5a148e6522aaa |
| SHA512 | 7225ee66e2561e9c6015f0cd457abf587bf1b04a7e59660c2b6c8e832ec3b8fb44f3a3eef3932caa31b9d6f8b220e7f19447ee154a82453074b13c5617312388 |
C:\Users\Admin\AppData\Local\Temp\KGIkYUgk.bat
| MD5 | 1b8cf02dabee3fa16cfa07284710b44f |
| SHA1 | 085c8533d0d3d52586e1d4dd5fa6ead68a6b04c8 |
| SHA256 | 2ab4820e2509e5de1f44bd7a967bf723ac95dc6115063a8a71f5714b92c36fcb |
| SHA512 | cf49c7069a2a3bb84c1c2ed1cd195c581053f9cc4588623d4d3e085f29426009a0b9f145827f95c4fba513d57214edbf8977f1e22b4ee5aa3d0952c49eab3991 |
C:\Users\Admin\AppData\Local\Temp\sUYK.exe
| MD5 | 6f7edb2ba6a315f06aeee92e350606ab |
| SHA1 | 09544eba81e036fb8545334b4599ce75de235068 |
| SHA256 | 571eb69798fa1933ab5c646e1ae6470ee09ab56d71735e15af537ff8fb3dfebe |
| SHA512 | 720601bd6e8e2a706c377e505d93af36d2d105cde90db1442a5c08755e46526392cee4c3ea7c5e72fec6e8a264c0f6174967bde4d5cbce0d235087b93a5bc2ff |
C:\Users\Admin\AppData\Local\Temp\qEAm.exe
| MD5 | 16a83eaf4cbc33d364a81a88dab4a572 |
| SHA1 | 24d253d6c57b9b6b8ccf4323c879e2aea6ecaa93 |
| SHA256 | 2650d4b48ca3f5e99aba607c27c45c915bf7c91b63b6121b03fba0a08177b449 |
| SHA512 | 7ed08faab461a8c04f07ef84596a7577f7bd59656bc5c2e6d06296afd4a535e6b614cc397318291b45ae2422d6e29bf50e63406b40b0902862b21dfe661f90bb |
C:\Users\Admin\AppData\Local\Temp\OskS.exe
| MD5 | d6c299aa00f85d319789ba236ab09df8 |
| SHA1 | da2867be08bc324fa2985fc2082da9db673ea762 |
| SHA256 | e30d101a19230070d1154f9fa3f6ea09bfeca46f5d4bba96600b3decb06650fb |
| SHA512 | 148feb4595b13d1da1c14eab97110cf6b962e47fbd01aea1303fa77cbb472d06896d3a2cd2caf6243f1a4434b3668cd1a4ab672ab037435fe8d6993c2385f86f |
C:\Users\Admin\AppData\Local\Temp\kAIu.exe
| MD5 | fed9417deaa41d230307a5958c05e700 |
| SHA1 | 02ec7b7deaa3002fd500de24637634072927ee24 |
| SHA256 | 8e4483e02c1dde0035f9ac8ae051c5a46317e9a7a11d4b83f6785f7ac9ed6475 |
| SHA512 | 1ce666864e0adeb9e1e4509f39a9775c84b7d419b614ff55abf926e740fcba1b166ac52b19d004083fbe4470b021fde2f0ab7a969f6658a8a94ca26705e734a4 |
C:\Users\Admin\AppData\Local\Temp\Ikgg.exe
| MD5 | d7f1790af21e8b8dc3b81e623be19eae |
| SHA1 | ac5d580de2f537fdca5c5495c637e5993517ddd9 |
| SHA256 | 5a19d5d495bedc95964817efcf4171ef9f5229cd7434bf1bd1d57dcb0a247db5 |
| SHA512 | c2aaee6dc3e60476daebd568a71988d8fa32f4cacaff5db0e31937862a8c6bad27b5f2ee93e33e32fa35343c8c2aa618c9eb7432ba25bf0e7ac9b6fdf156fe8c |
C:\Users\Admin\AppData\Local\Temp\ygMIEkYk.bat
| MD5 | 890a999b2da56f0f4241e578d9e2cc33 |
| SHA1 | 33aba649df38315e517334e4e5e5b5329e783cbb |
| SHA256 | 9962699245e51d9afedd45248dde0f216e1542f742fb97bfc557a9ba391b8d0a |
| SHA512 | 23e07046b6888e5c881cd99a3d75e46985d1d5befc90ee261672cd3527e2907c7a5e0d04f81e592cb93da3f44a8120ce4b6af4ee41e2451425b0c3afec060313 |
C:\Users\Admin\AppData\Local\Temp\GsgY.exe
| MD5 | a39a0d8d02032901ee32e6fc7f7cb935 |
| SHA1 | c823e547800b83f60ff7f3d7007a43c5a2483323 |
| SHA256 | 0045487fd48621864b6e30319772e892e4ebf4d73880513d5756b09b09a1b75f |
| SHA512 | 138f31ea9818e801bec1cd110b669af727dfb86530e1567af4f3eb9db8d8b272e4bef9dca44e4283febb789c70df84294b0465bfcdb2148b732d65509c2dc3ab |
C:\Users\Admin\AppData\Local\Temp\qQoC.exe
| MD5 | 8e61c70874c5e97802af6faa4b3b3445 |
| SHA1 | ad28445d6ca6ad0dd8f35e4182a636f01291fc8c |
| SHA256 | 222477daf852db4dfb790e9ea4937bfcccbbe6a752b5a7107c7ed20dcdf55d80 |
| SHA512 | 9d821a37c31e14df70f26922adf83448a200dfffabbc39aae3348703d697ae75f3695d5c5512b497c2ea3a7d26699e6f30e89b621d796161a0e28e5ff50a20da |
C:\Users\Admin\AppData\Local\Temp\kcgY.exe
| MD5 | 76d744357076a416b0452264d4298d01 |
| SHA1 | 9acf9e9dc4eb747fbbd096f90cb4b30344b9d06d |
| SHA256 | f34a97eafab7009d02d5f3ba72e1fd8b17d25fed9fba0606bafe682989c993e5 |
| SHA512 | c064a41a6b4b04effc995b320f5126772a82ad361ece2a28d842cec14a2bcb18eab0d918c229b1403ee39338f97097ba8ce00f057abb3d16367624a1d57dd7a2 |
C:\Users\Admin\AppData\Local\Temp\iokY.exe
| MD5 | 3331973e78ef9fab44b6a018586672e6 |
| SHA1 | 11a0f4fb9b72a037a3d2552a0dd2462032f5a8a2 |
| SHA256 | 6a6c369255313097736481a895440bd1557fe5d63b0cab20892a74654fa1f735 |
| SHA512 | 77f425e6ba1ab145c70b31b4fd1e80204dc50c8d82821ce8e0430fad32739790a54646eddfcd368e15264982695d38235d5beb7ea7cb2b8e1e0012484370cef2 |
C:\Users\Admin\AppData\Local\Temp\qcQq.exe
| MD5 | 4e96fef11ed836d387ce06e2b02b4d0b |
| SHA1 | f9132445b95fb020840d4ec5c7ecce018f2e263c |
| SHA256 | 5d47e92f316526e438bcc1c0cde5e47471489e4d83cb0defbfb2480b59ab8fb2 |
| SHA512 | 2a495ad3c1c03a41a2fc5537ff58433b5cd007cc076fbcabe019b3a968eb9de9bbbe151a880146cb0c27300e03c2bb7f92c0cc09102f2a3819e66622ee770759 |
C:\Users\Admin\AppData\Local\Temp\UkYk.exe
| MD5 | 170ed9a4928ec439f6868969df5fbae6 |
| SHA1 | 4864137e5e0b977a6fe0d134fa9f2d314e3f55dd |
| SHA256 | 8ab1a01c69f4aeb6a76d05d4b69de2e1fdf3697de48f9dbae7b7e54cd68e9206 |
| SHA512 | c5d5840a1081446bac1aefcd646a80b8b10b13469865864754604e7ae1bc7814fa15a1008edc9069dc9e79ff27eaeb46709e5da944f3335d3209b2306d0bd115 |
C:\Users\Admin\AppData\Local\Temp\wigAMgkw.bat
| MD5 | d4111691cf0ccc946c8d9b2c3f3571bd |
| SHA1 | 3c8509bc14ad0b8c21b17a7d109258e1e22f320e |
| SHA256 | 39b56f333d7d3cdde305367ebf4a02e5f5b74acf0dba7a616c10eb9bfebe5c56 |
| SHA512 | 16e1a425875e6a81527339f3b76e2c9ca33f657b855a447aa0492dc2082fdfec054e5a7af3dc661bf0c46698afaeed0025689669accab6c084801ce0ddebf5ac |
C:\Users\Admin\AppData\Local\Temp\YcUE.exe
| MD5 | 269b0a1759d04019a8e1b109b022c72f |
| SHA1 | f01343d40990d4017370fae47fcf1f40856198e0 |
| SHA256 | 9819d2b0c58e1c2620d08db83446efcf2944ce1428570e63d6d15fafaa456e69 |
| SHA512 | 1f3e5cc072429f06ca3302c0c6612390c288d85d511e329a911485f74bfadec2a22ce5ab5f0d08c8bf8f5d56b09606d8e8a2666ad455c9cdc5aea27588060e41 |
C:\Users\Admin\AppData\Local\Temp\uAsC.exe
| MD5 | c453b6301374a74f10d7b1e506f166be |
| SHA1 | 1b046ce71597c54578aafc9e3536b340e40c0710 |
| SHA256 | d0e14d08da381f9f642fb4b88ddc678c5b296ae8520f71e0111805d34463d955 |
| SHA512 | 551b1a8a05b11a8e0f618ef03cc83c3fbd594f5e48654dec4cae1fbef2878b05b25d4e6518a7a328fb6bdebe29df09a06ee35aae7a75cd7f1926a3409964bb5d |
C:\Users\Admin\AppData\Local\Temp\aQkw.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\mMwS.exe
| MD5 | 8882d4ae892c121fd262116d0f1bfc0a |
| SHA1 | 16d94cb623a2a091395656816581c4c668925cc4 |
| SHA256 | a07ea8019238d77f3b7b357cfa3e3bbc979bbf262b5f94ba306f7c8ac664fcdf |
| SHA512 | f84509ee68851b2bbde50a8162840f457581723841ed28fabab45613ba1488b8516e8aa212d3c950314601ec22ad58dc4545d3334486e5b97822b74d4581f6c0 |
C:\Users\Admin\AppData\Local\Temp\AQYu.exe
| MD5 | 21e61b29032bd0dfe03c18954c5470b9 |
| SHA1 | d4918af47b217b57cf6a97a449d0318a8a039c46 |
| SHA256 | 4f42e8a5d5ece4cd11ff17bc8c7ed6728ef7ce542eb037f80dde4a807123af15 |
| SHA512 | c578ffd1d672fc4308ffb9b72fd1a29f8ef5393ab6235295c200c8d269dc237634e4801bb0c25fe5073423bd340a7867e4917cc17f0f8d8fd10a2ad302ae2ec9 |
C:\Users\Admin\AppData\Local\Temp\iUUG.exe
| MD5 | 9d31c8cbf2ab8dbf4ef8466733ce8a8b |
| SHA1 | b32b501546afe7fdae91688918a1a4f8209469f5 |
| SHA256 | 4735c0d12150e7b9f82b9b8a8e5604c9d488859f29fdc41245f4ee5e73bba92f |
| SHA512 | ba915b22c87e089044185a9babb86e5a593c35c4cf17a82e1c2ff19950fba30bebb1da631e203eb853616173b9d31660958745886c05a205fa6eb940f0dca2f1 |
C:\Users\Admin\AppData\Local\Temp\JskMIcAk.bat
| MD5 | 69bc27b584b353144c742478b5f1ff7e |
| SHA1 | f37557c15b0f971a0032828f700ad9ab1e0163d8 |
| SHA256 | aa278e076a9b7a37f3be2354ddd0914ef73b91531bb078234c4e4e2943c1855c |
| SHA512 | abb2e65d82d4af3c54f1ab718263569dbe9ae07423cf98f126a7df5221b904288887077711be69ecbc71f17e0c525a42e93877d9dc45af38b84e4b504a2dbdbf |
C:\Users\Admin\AppData\Local\Temp\fMMoQsEg.bat
| MD5 | c6a38a8be1ae39ef270f8087623b0b6e |
| SHA1 | 46eeaea548071a31f18fe4bb780b8a55f26275ce |
| SHA256 | 14d41ddef4677f6aa8b5d51b36ca658d2ad5b95a9fb012b3c784082fe0653b04 |
| SHA512 | b781ae9ba84c6bb22f57bd5f6ee767f0ddbc2d12dc056f1bd7bcf61b90ab93ede56a956475e7aad527e8945a8649f4463c57d90fc01c19642a4f18e976abaf9e |
C:\Users\Admin\AppData\Local\Temp\fIEwcsgU.bat
| MD5 | 1b5b550b287cdb2756eb41becb6deab9 |
| SHA1 | 2f82c24e0b4f97888c6c2aaa35c1d06bd3edddcb |
| SHA256 | 76e1d9deeab9f26dcb31cd6d623c640c03d8fb3c217b4900f5424acae3e244fd |
| SHA512 | e50eb90f884cf8e27c5d1afb92c2c7c7da851ed95a853340568fdb2a8f84b82d4555ad032a4629d62fa4eed5b73af0b60c860dd43a61a61595ec354742dbd278 |
C:\Users\Admin\AppData\Local\Temp\fsMcsAMg.bat
| MD5 | 1dc5e2409fd87ed8147f5240223cfc3b |
| SHA1 | 2e0cb4ffaf38737f0432db962d07159598e4d8bf |
| SHA256 | d9982f22e0632114890d5f12c0e4504cb6847f4b22a7620d7263d470b88b188e |
| SHA512 | c86393d9b08ead93ba99118caf2eead4611f4acc338179b58c04100cc857305e6f99f4857eaedb4ea246f81dae52dda1bd82baf01b32f08257a0ec001e36a1e4 |
C:\Users\Admin\AppData\Local\Temp\buwEkwME.bat
| MD5 | 969e746a91c281016491f5569646a4f4 |
| SHA1 | 29c013cc0956c60e021220ccf15c5605cced1c9e |
| SHA256 | f4c671472c46ddded8d239c8d8890dbd7c14d6bba87401593282a49b3cf160d6 |
| SHA512 | cc9be7276f26b357a25c59fda93b018cb26300f49961b3143a36e1b70bcf58c171261c57c822de5026deba2ece3948289e6ddd6da37cd2e3c83111faf644a263 |
C:\Users\Admin\AppData\Local\Temp\IqMYoIwg.bat
| MD5 | 5c91d434c2f57555123e797f89e0ddca |
| SHA1 | 387ca16104884accedf0ddadb21f2dea11f83a42 |
| SHA256 | d1c26184387e8c084ed888254ce7491425c2d09aeed1773cda05a2c9b7fc896f |
| SHA512 | bc0a251ec8d5320569b8453839cd46b076a2610b13bad653dc9c5460e365f1ea8b6f19d8f59792ff9f88415e34e007eceaa3c13d37af17c29495e9f5b5ef8ffc |
C:\Users\Admin\AppData\Local\Temp\WKwcAQUg.bat
| MD5 | 93a5a5a19536217826daf1171de1cac2 |
| SHA1 | 3cbc8ddc217e1117769ca6950d1eda3cfb97c1dd |
| SHA256 | 0003f3340d4383ef5813e11824b1b428849d421d8c283471c55bc59c83525783 |
| SHA512 | eb5ac97c90fc206465bc586fd83eee06aa7e73223be06a38f04fac67ccbc4d23976ccbf14728ff38f41b549e19992176b9ac5c6c759b5b9c989bcf2f7afa53e2 |
C:\Users\Admin\AppData\Local\Temp\QsAAMYsE.bat
| MD5 | ca9271f233fb7975ecd4422ba57227d0 |
| SHA1 | 6798575732b783a602718bccb99ecd4d99771184 |
| SHA256 | 27d3e22a9d4ebad52ad469394eeec28b3aefe9ffa6f3305367900ef12901c772 |
| SHA512 | 8a97407a0225ada0056d18821f0f11f785c50ccc8206a1ef4a51aad1e331ba065f723aab136425975e277b23c37ec1cce5da53fddb29a2a9b587d06cf2454b99 |
C:\Users\Admin\AppData\Local\Temp\IugsAwEE.bat
| MD5 | fcbdf7e1dc478eb1f15f0e7f2677062e |
| SHA1 | d44cf4409980c5bfd18c56aa6c5877db6c6106bc |
| SHA256 | cb5a1f1748da09f30dcad7bc938bd71dc86ea501159068febf791a7233bc685f |
| SHA512 | dca577ba1b8cfb8b4846d9de4be65ffa4fae42f80827711cb7ba3ba04bcdebb3585ddb49e6797ff720538044a660138c1d4e54934e6cee62c69920e25a8dfb4c |
C:\Users\Admin\AppData\Local\Temp\tQYUMwIM.bat
| MD5 | 14b585a4210544c833e0f4a5234ee9ef |
| SHA1 | ee458692a5c342c6ad193f177543626b9236194f |
| SHA256 | c691adabf84eb560acff4c0df445fd2ca47e10d613122539b60075a968af47a5 |
| SHA512 | ef3f63806ab53b3bf86657e68fe980f0f7e929334347f6daf24995eece730e8317c78cb6a88e7e84f03227c2e9275670a7556f584331490e3980b80dbd1acffb |
C:\Users\Admin\AppData\Local\Temp\uMgK.exe
| MD5 | 8ebe10a57adc8d32f3940fb971ae6ae9 |
| SHA1 | 1eedfad4ac9c3e67888209072bfab32c9beefee9 |
| SHA256 | 8704c955e6fef90d9e659f979a2076dbc7e486a14beb346306a26fded2484655 |
| SHA512 | 02498a7cdc0c5afd0ea3a531a634bf81cdc5c6252d59befd645211906deb26a835cc5d0b9b4cfe77112e251409899b18a29497c43d34654543a8c869a23476dd |
C:\Users\Admin\AppData\Local\Temp\SMoC.exe
| MD5 | bac5b05193adceb24f8566e108af90c5 |
| SHA1 | 7ec9848c792a0dec16d076e898a5ec10393e850f |
| SHA256 | 0e1a373c4d9eabc34a37b175051461b6e5e136c3a1eba8d9de5f31df49d4373e |
| SHA512 | db5e4a1d8380967e6f89a442f749e57820725883ddfebf4fbb98cc0d792e102c22bbce4d1c0f8af8137f1c58eedb3aa684cc895a7ffa6069b937a77dd2632481 |
C:\Users\Admin\AppData\Local\Temp\tkIAsgoM.bat
| MD5 | de52cd01a8ae691df923f6581dfb3b97 |
| SHA1 | 63556d7628937fc6d319ccf1864bce5b8b0e5345 |
| SHA256 | f20e68c59eae91b5e0a1f3d22418303c7290b58b458f2b27f267cb5f4b799c83 |
| SHA512 | 0c00e729f063d9e702d57129e33ca6112120b1db399cb737d18b9b261797eebe908ac02e25cc9e7e583ff7706d5f559c41942d93a1e59a0d27635be6332ddd49 |
C:\Users\Admin\AppData\Local\Temp\iAQW.exe
| MD5 | d299e7de6e90353f719dce05ffda0bb4 |
| SHA1 | 3b3cbe1dbae98e72126f0ad266d9ca2338620428 |
| SHA256 | 37235f94b329f9306e1630450b9eaf8f0eb7547186614e795ca109a10c36e692 |
| SHA512 | 91b65c3970e52a3b0f78d882a09b48766c2d21ab92f9ec6e8393a94f92fb7b5109821c15def48329c487789361ee11334531b9b3023dd2bf23df742552782d03 |
C:\Users\Admin\AppData\Local\Temp\KgMe.exe
| MD5 | f9abb040594d3aaaac91a8790d562263 |
| SHA1 | 79cbc5fa91ecc8380b4ec0fdc34801d7ede9eb17 |
| SHA256 | 99751a0b655375e1721abd5982c12962284d45693d0f0a426c26ef26a9867b2f |
| SHA512 | 1b95c85c0fcd9b77b7784d63ef46ab929ed11c4e7b3826bf3fc94ffa874371748dc3bad8b39da9ca056d27992f610d818479897da81a3195bc59bb14491beeb3 |
C:\Users\Admin\AppData\Local\Temp\SUwU.exe
| MD5 | fb11a83af17760083359fd96855da899 |
| SHA1 | 7835aa8f309307ceaa41059e75b5bf01e8ba30fe |
| SHA256 | d61a0cd774834b43ee1d305682a90e167740eab2fd4677fdd2da27087700fbab |
| SHA512 | 05f5a92bf5b0de7efa488c98a9ba930f4ff4b65dbf7d31c24fb0a20ce28e53f490b72a7b696ae0244be26e509b4ca45f80ca116739df22e2b1389e37a915a12e |
C:\Users\Admin\AppData\Local\Temp\iYAm.exe
| MD5 | 35f9a93b292a854365bd974405f206c8 |
| SHA1 | a0929e7084db8d5b656482ad64180d234133b544 |
| SHA256 | 7c2cde3c8964d1cf5815f7ce46f2344b736d06f76c553e98975f35ea7964e0fe |
| SHA512 | 1526616b19f83c5411e2f1b77ec29c7f3ae7fa080086eba1f6f9ad517c244cb3bc91d585aada3f39f65b70bd45562d47ae6ffa34c52367a3a96e95f0b7452ac1 |
C:\Users\Admin\AppData\Local\Temp\yEgE.exe
| MD5 | a508c1fb83ae1f538ced95a89494cec9 |
| SHA1 | 3b3b5830af04c1c5d4183e15ad8147ae5b0ccc2c |
| SHA256 | f4007125b1e12b62788271f53588a16ca601f6e4fb7bfdf7b56c5c4c8753bdc5 |
| SHA512 | f1f274657b526ad6d92b388d1dfe5d17e8ade3d45dd2dae2f2294fde922c9e8f52531f01c085594d5f46b41bd2e38cc79e1f27d96361b0648ffdea7bf9c32b75 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\128.png.exe
| MD5 | 27f36514344f9847a9e643f3b7d45592 |
| SHA1 | 8c3d1f5d4271f189c1f2625800a8a3f0a4f9b278 |
| SHA256 | 5d6ae6b37777628f6f65db555c4027e349fe4d48a0d5c6b8f5c6a84105c7cbca |
| SHA512 | 50b0ac44695a61a40f0bb0347f1a08755f3148bbc8b4235fd0e3bef002fe371df327047a7bacb2a14445426245f8b205f241c8302e56b365ff4fdc3a1ed06d3f |
C:\Users\Admin\AppData\Local\Temp\aYcA.exe
| MD5 | 4199eeb649503c562728c401ce1ea432 |
| SHA1 | 6e53eb07272ac188afbc83272eac510eaea761c3 |
| SHA256 | 07ea570155d6b3475c51a7f57810ffe540b7c88431774964142a650a7fa70fb0 |
| SHA512 | 1327fea8b3f0c6808b43182eb51b7e55bea90d51f80ee329dc4266af244f24c391d6c5d0cc3b556128d8e047a928b761d635482b775885cd6a32e7ed200ada0a |
C:\Users\Admin\AppData\Local\Temp\XGsUAcAk.bat
| MD5 | 61dd221fafa019ff8d9f60fea8326a11 |
| SHA1 | 5aa7dc838d8c12a0aca55dc05394005a3a936c16 |
| SHA256 | fffda3fdd70e399b83f03c056bf722606d43ed0a74ef2da767d19c5fee7bd942 |
| SHA512 | 8447229b0c5425d598d0a886738c86f7e38ece656b8abf0783dfdc6a5d6dda61657edc4572ef15bb34c88b03b2c0f8eafe708b41056d8a9d5e32a0eb68c764a3 |
C:\Users\Admin\AppData\Local\Temp\qMwG.exe
| MD5 | 6e92faed451af976bbcc3d8df16e319d |
| SHA1 | 85673e57c1f35116e7c1967d938001af61702b43 |
| SHA256 | 9d92b80c9bd962f9b033b83b1b017b69e76ef3b0226bc87f219498ec2deccbaa |
| SHA512 | d7806001fa42f4b212ea5259ca70c80340f51188a112a692574455ae08b7deb89a6e8acffcad3eabe2912156482b542b21c57999661164240329ae708479da54 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\48.png.exe
| MD5 | d70e8e847c82db122be0952fb5b736e7 |
| SHA1 | 9ce11e53cddbb58cd68a7d4a36bc8d032750dcf5 |
| SHA256 | 737696cf07870ff6339593d40741943571ddcbfe19e8128a70a9c0a0e3c32009 |
| SHA512 | 002a1d2f19fc5334f030fd9498399c707f5de31e2011027c76477078a45a7e87dd3d1f3687d11dd9d683a00e554fe81a86a335450822de015330a76b030d7fe3 |
C:\Users\Admin\AppData\Local\Temp\ggEy.exe
| MD5 | 3825f767f2f37949e348fe06969ee104 |
| SHA1 | 933371d3f0e816e0ca1211c9375743c55a063485 |
| SHA256 | 3952fbc8a0c7afa40e3ae2593a36ee3e4497b44d716502bfd9cf6aaf844637df |
| SHA512 | 1f5feab3e23bce686ed82fd7ebaa0aa00b7b20f98467e31e33bc31d302a01da81a7dcc520e1606e96745a2ff931922d23a3d370b6f688474b26dda62c4e80b80 |
C:\Users\Admin\AppData\Local\Temp\cEoE.exe
| MD5 | cb6f7d0a995819b782b2220989136cee |
| SHA1 | 8a9919e770632f0bf6d134368cdcafe9dd51bb38 |
| SHA256 | 2fbf49338c33080662e4318242f5fea506a8859c03906d6466b80bee77e59297 |
| SHA512 | f9e96ca9107b3e23470cf43d0faea614d59b160446d4be109af98d3ba693f696348f98ea1b7813674ca463b6c672387eccaba62003283df89d89eca22435a303 |
C:\Users\Admin\AppData\Local\Temp\EswO.exe
| MD5 | c826d13eb1d283379954f2254707ef4f |
| SHA1 | 3d9b584a7858ed5e30837de236413d72ffafacff |
| SHA256 | 7d94b6b6388eb9ed53e63d20cc35f556e1866020a390519eba8fe13e15f59844 |
| SHA512 | 30b6e7391369500b28dd3566585e0a4cf1fa6aa26e8d21d8035b54ab9dded1aa097ed1905de748aa731c676fc3d3b0c6499526a62154764d308dfea89486246b |
C:\Users\Admin\AppData\Local\Temp\TEEgAYgE.bat
| MD5 | ccdf3fb9ed72358454195f6b8404d5f0 |
| SHA1 | e2e63dda42c902755124c875a2463a94ef808802 |
| SHA256 | 65a81d44805cadd01d861515e590951159a4ea4d70211e1b631a01073a258ee2 |
| SHA512 | f8c1a962e22688ef9de71f0d5d10bf89a4eda59db019cdb17e150924c44f3c3af44483499ace1d068d9e2b222f6604b6d60d3e40c49f2e09074996173f41b9ce |
C:\Users\Admin\AppData\Local\Temp\yYwI.exe
| MD5 | 418d951310df12c2fa4ff44f639d05d5 |
| SHA1 | ef0e133c7ba3def181a56bce170c863af153f700 |
| SHA256 | 79208c95d0dd61e2c7e8a15ec1610b5649e5aefbcc3406436006f8c052db5896 |
| SHA512 | 7bdfd208473e5426f2e54bbe2f967306fc9edf12b813f9166e54a5c33cd71dfb03801ec5f591ed9b09807f95f4f9f6f5602719e7e9ea0d69626c402799fd20a5 |
C:\Users\Admin\AppData\Local\Temp\rEgsoUsA.bat
| MD5 | b7f5b7a0237d758e92873d68cda416bf |
| SHA1 | 420a96c1c52fcdf99cc4d374db49bd47432ccf50 |
| SHA256 | 32178b862598acd1b37d416ee47e046b5099e8ea7134426a6ffcdeea8f090056 |
| SHA512 | b93bb34e1579ce37a7756934ea19752cdf45aa1938349231fe03adba4d4fd26a81bf203e9d57a6777bbc913df6d458366f650d7c1312de28373193835dc8bf09 |
C:\Users\Admin\AppData\Local\Temp\AMoo.exe
| MD5 | 559f9d574258c4d86e1cc6d40ab9d389 |
| SHA1 | 88657216499b58d56fbbdba58d8c844792ce218c |
| SHA256 | 7233376c6fb3ce8bbed5f180181d3cabb504e1b2a75723ff2600cda7fb4aa3fb |
| SHA512 | 0f96635dffab105a99f46b79f73ea07f32cc729c19b499abd5593543448f714e00c0f44cb68d2abefceef6d78687eecded711f52417738a7194a4efa00237c8b |
C:\Users\Admin\AppData\Local\Temp\oMgC.exe
| MD5 | 79e3c55a8b227ae3b9355f88815dd5e6 |
| SHA1 | 36542397330f78786b3f00c6d46e8cf43e4333cf |
| SHA256 | 911dbcf50ed130a8e9664e428cc2f15a29d9d7bfcc0a003136e1fdb782bcc622 |
| SHA512 | f6d348b201e86d65677b1a920db6f1cc6e391bc52273cabb7cf68bf3ba440c6d125a777680d6e0862e1f00b50cd5da6c533be44e19e052075e4a2a6f4f7652f7 |
C:\Users\Admin\AppData\Local\Temp\kAYa.exe
| MD5 | c22b0057626822f9a8dcf04d34251ad0 |
| SHA1 | b6111977a3029e2fe6c9ce6ff2cc90e24dc6ac7f |
| SHA256 | 67802ba264250b5b68c53f6bc675e5235d1741d184b3cb3948b0acc23c9ac41d |
| SHA512 | c398aa7f140ce1b43c8535d4f98e132d58521fb535c097853541350186bc6483dc862aa7409ecf34a699c7815b72948f4047d1eb217a9147a916bc4192e493ce |
C:\Users\Admin\AppData\Local\Temp\KMMO.exe
| MD5 | c364d2d3e07666fa4dedce0a508d2ed7 |
| SHA1 | 3443421a42fa8e6772cd9cdc69aa591ab0845bc6 |
| SHA256 | 647e81d51459e0a2a8b594e4b8106898943909f893a1b8c26c0a45e7df527901 |
| SHA512 | 087b13e40491d23fdfe0b584efc78f28c0de7d8b21f361cdc1f8c821b0911c69c074f07de057d348c215efb1bac896b9888e1d71ec1a5cc8a7117200cdec1942 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\32.png.exe
| MD5 | 146ccb94774d8f9eeee5374918102c12 |
| SHA1 | fcff78c4009907d1700d86d70be6737052165190 |
| SHA256 | 33cc0f0b58de1e00d51fb6df0c5479bf52383519db28e47e7cd342d1cbdd1589 |
| SHA512 | 73fa3f04855e60d3c6ad1a91b45e9e84c33bcba1879c2b716976b72de55a37ba76e5caa3567d7bd2f8d61962724650e37ad62b181d546ebe9a6d29e68ae4cafe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\48.png.exe
| MD5 | 9acc6940c959173611d98d6f62ac50b7 |
| SHA1 | 8b51e4e8927ba63b34b2e97ea2a192ca6d6ea5db |
| SHA256 | a3e309b6f2104bec960e0a6ba80d6c877d998248d173345389493bb0b3a8aee5 |
| SHA512 | d07a1e8dac84a26ad0d30e03e45eced27a609441ed318d64c53c9e71c36d5e2ba115fc88e2aac2961606cb1fccb2a1694e675aa2ab80ba41b18890d3be6f275a |
C:\Users\Admin\AppData\Local\Temp\oKMQcMkU.bat
| MD5 | 80816e7265c7c795728f63e7a98b694e |
| SHA1 | 1c98902ead5a5eaa040534bbb7c6467c39695920 |
| SHA256 | 8560a7bc2572b987bda97797389cd69061f6d5e3f90a4998448bd495d2dfceb6 |
| SHA512 | eeb27af3e2b16ebb2b9a7b17f6a2b81d8003878fc590fb1958293f858bb3d2437f176d3a5193e1cc3e043d5a5bbf22412ac238f6a9cff2251e7072566a051847 |
C:\Users\Admin\AppData\Local\Temp\OskK.exe
| MD5 | ac73e448c01965945b397f2b878e14db |
| SHA1 | 9167e50758e0899b6a9a30c667b8001ff52fc935 |
| SHA256 | 653a84d377152a0078aef9603963950047505dbf590057a3f34f08e9a2c276ee |
| SHA512 | a0fa03b9efccc0471dadb43eaf291802eed5ecb2b427cee2e02685d0793d09f29fe914e4153db4678bf7208ed7ed3c8c8909a74ef1bd878a322915b7d7d7ce5c |
C:\Users\Admin\AppData\Local\Temp\wsUa.exe
| MD5 | 5a90b563a30f7914265da40cd15d71c0 |
| SHA1 | 7dd2a88942b3dfd13a6e91933b3a6ad432afdc10 |
| SHA256 | ecdee5e22a1b03787c462ee5b6a8636cb440f3a3db518b1ef3cd460948a7f99c |
| SHA512 | 26a89dac645b39bd556d5525d01ca11096435e79844919d075cc70e50b46cd0e8f8a18e9e16d097099d8b75556a78ff4c51ddeea3133965b299ce7f10706f472 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons\128.png.exe
| MD5 | 9c3c0cb038e3b31f07b1fd250a2a53d9 |
| SHA1 | cdc62fcbb2b98614c5dfb0766d2abd9032d5bea2 |
| SHA256 | 4fc9e2776bdc142b0c0e4a7b8adac0f0c531efe829eadfce25027b7d9f24182d |
| SHA512 | b47cb0767d3de51154dbf796c68fff3cf7fd6e349420e0c7cb131b90f15565c5f582f9db54cb0d63244bc625f529595d62469e36bbf02096ca94eef70de505af |
C:\Users\Admin\AppData\Local\Temp\egoG.exe
| MD5 | 9fc94dd68572043603539326c09ac41e |
| SHA1 | aa6434a809f6de70e41885a2bfcfc4f0e4ea9bf8 |
| SHA256 | 0a4768ab1402d76227723445150308c9af921fd72eea6546c99a2722107b2d99 |
| SHA512 | 0df3feb6eaa474c5c64af2b716d2947963fc327f04f05175497a3f499f343873120b6ffd339ffcf656eac5af89ec9597820e64e8185376c871d9a323a272689e |
C:\Users\Admin\AppData\Local\Temp\kAoUMkEw.bat
| MD5 | fac68bc9c503935b701143f05de3076a |
| SHA1 | 567df78f7d595d3dd1c97a570d8d7f7581e0f12a |
| SHA256 | 0d20616e4026cc322e2cf381f23d7bfba97978846e1bf025b6c47826e0366efa |
| SHA512 | b93e928c0df98de04b2d823cdc934b843c9553eea3342e6a9a3e998fe44dd2240c1cd5bfd1f617b5f66a063b871858505aa6aa1cf3fc05cd611703b0b9822a89 |
C:\Users\Admin\AppData\Local\Temp\YcAa.exe
| MD5 | e291b8051220cfd604e431921d6dd129 |
| SHA1 | c248881ca3e2a9a67e5cb0111740956a7673296a |
| SHA256 | e73f4bf39db90d6603d6104691b840602093582e0a4e7e7264a8f774f4185d00 |
| SHA512 | adbc15cbb1272072490e7b772d148f15bc5d0d8e887658c543e226d6e934d7deea9af91aaa0e0f5919e5b9e7e05a58c81834152c7dcd7f86624340d2e182b82a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\256.png.exe
| MD5 | 9a14b755b51f8590a04c23f3e548ba75 |
| SHA1 | 1d01b42bfd1760b5c0556e148a5af61a325a264b |
| SHA256 | ea3cc59c9521d2d770d46f38f97fa6487e175fb664dd04f8ef43b0f9e9823646 |
| SHA512 | 38fe4119d128677017cb40e4d4a194f78b50dc7679b70857c4a7714d63a1c0046f692a7aab4a38827df688a96dfea7207e1bfd7bc044d4ddfc4eaa318878545f |
C:\Users\Admin\AppData\Local\Temp\ckEQokUI.bat
| MD5 | 9a97134200498eb03831968df314e676 |
| SHA1 | e45699b34ccb43741472d4e95c8e6a677df32afa |
| SHA256 | ca3fa201d86a9625449b8d05a3de05eac66386de458061e633b69899e305b53e |
| SHA512 | 5eae79a0471d5c538d47169b9d2f9ebd2bec6aa63feec410bde89ca213d0646e14af9a9cc568317e7aa73d464a4ba2a50299bfa885c4d9467947388f988dcef8 |
C:\Users\Admin\AppData\Local\Temp\YUEc.exe
| MD5 | 827e502b46f475428bcb38f89fde20f5 |
| SHA1 | d3cc151bfdab6974f9f8b401449b4c207ea779db |
| SHA256 | af9002c22fe4f78836fdb7598004f17c6abfdb0d24cc276f53af42935d54f2d7 |
| SHA512 | ee1cfdbdc47510a9288e3188bb3078dc7886d2584e5859418824139d94ff20c46a109c02d799a6998719dbe7a07dc31d8c905efc7407d0d4df7749e2d0722e61 |
C:\Users\Admin\AppData\Local\Temp\iaAgkosM.bat
| MD5 | f201549204cef8f266de613f8dc16cfe |
| SHA1 | 57f94f7f6231382963c0b45a7982b1291602981a |
| SHA256 | c142373754838b9391bb3d9732f01887d250b0113ca54cd1a993a224e89ea740 |
| SHA512 | e74e9d626693879130ada7e232b10404db8a8a609b058fd82d8bfe19d8f4e464e9778607ec22ee229bf6fb5b36b46ca8bad1dd2eb082a144ccff33265e91785b |
C:\Users\Admin\AppData\Local\Temp\KEUa.exe
| MD5 | e501c423349e972d2cc8c839c769959f |
| SHA1 | cc234c5143a241306951e20c87f5a1911579d4de |
| SHA256 | 44d1549642631d47e69d0acddfaffa263ed25028da336d11847d1af4117779c1 |
| SHA512 | 5d0c54802b589c42fb2170ad4f28b19c865cff6190dd4a5261a026237c18a9b79ce5cdc7c218c5a6f90aa486b8428f9a1453336ad23e77bed265a77b4c6e7666 |
C:\Users\Admin\AppData\Local\Temp\QkcC.exe
| MD5 | f5e70d7b50e7d6e0db14ec57b7108a08 |
| SHA1 | eb4436b61a274bff76c16a958a00266246d823cb |
| SHA256 | 4e0e28644d48a50617a79375f179910d19fe0575b09a26b7a26a02fa03f30118 |
| SHA512 | da4ba823a6abf22e3e4654b2c1b02536c0831edc41c30d6f97f731492c034e53c1899eeaf12eaafa9c95f7060f26ba470247274dd6419e6624da988c9dac2999 |
C:\Users\Admin\AppData\Local\Temp\CUQA.exe
| MD5 | ef766c336c86e456d925af7bec96bbf3 |
| SHA1 | 0dabd8412befebf7d41e2436972c234d90ccef94 |
| SHA256 | b5f6ed573c2d250ac30826916467ebd6975a8e2cd632cd4ce3aff7f771f2b23b |
| SHA512 | b540d9ed0fbdee742935dc95d0462be38f95b51138cfe0d705042a2ed2fc041a9fa7d2a8a1b94a6ca683afe91854cd8600b27d48bd7e7d4d117ebb4719bbaf86 |
C:\Users\Admin\Documents\CopyRepair.doc.exe
| MD5 | baeb78776c6a67c65dcdfd1b31733c00 |
| SHA1 | 598c31d253c42f99607b5e855294dcb5c3f0e121 |
| SHA256 | 2c88587ce1412b6aab60cb01d1bfc9de4d925b34451c59f0ca898470b8897944 |
| SHA512 | ef55bb2029a8d4f4f88c520a429dd726aa53c961c87f97355a3519ce591799aea81e1a5901fd3b6b62194ef78a1913aa73a010da6da94636a20dbdecc6389461 |
C:\Users\Admin\AppData\Local\Temp\KUwW.exe
| MD5 | 681c55ade9ba4717204d83a13723ee8a |
| SHA1 | 1b4ee593e2b7f5268ebb671e39d23e6dabd00b62 |
| SHA256 | 3095ca74d89c19ed76c09fd328e8907a122b12c57cdff89008ff8cfa4e49c22f |
| SHA512 | 4d8208018cfbb93e53fdbd74ee5e83742d4214e30b97a3330705204d8b1ed84ff3ee7723d3d177760e3b90c4b9abc0f1cae45224f96a257bb0c33cba8f0138e5 |
C:\Users\Admin\AppData\Local\Temp\WccQ.exe
| MD5 | 0303aa7ab122b65f03c6cc03037ec3e0 |
| SHA1 | a3287069affca764c62d79e959ae4fd441e438d5 |
| SHA256 | 3ab25a18521a1b80adb5e9a2b8eafe8cfe9e00cd9a834d0bc683dc36338d0945 |
| SHA512 | 434bd5b9290bdb3cb4966920f5ffe27da384c61d58cd8d123ce62b8a3743b3dcacd4cfa798cddf108471592ecd5586f91c07b487bc5e563c3f043d0267f25df7 |
C:\Users\Admin\AppData\Local\Temp\vCowYUow.bat
| MD5 | b1c18a0b6a1bf266d8faf3abeee3efb6 |
| SHA1 | 04ceb33f2ab7ec3bc9e6369681fa8ac2f604ca98 |
| SHA256 | 62707e070f376edea41ea2eed30c6ad5a6ff4df69799cf0070fdb63b0e1636b6 |
| SHA512 | eb14e8367e6cc48f79e829c73fa4cf42cdf75a136db851b8c8b60d607d3816b3a5f05469701d8dcd3fd240997a7e29d9b28820b9bf7749a649e34edae3508af2 |
C:\Users\Admin\AppData\Local\Temp\YscS.exe
| MD5 | e1f91051c78c295cba922e2703ab535f |
| SHA1 | 825b99eb443563f390f62fc24ebc4e88ff0b6262 |
| SHA256 | 51c0b0e23ceedb9c8fab3a54e51d7d363f4534a363dea4cf7767061d5f0da794 |
| SHA512 | 27211aacae465afd357bfb38954c31f6a170f90200d7e06b6dda69d66e8e4742cad1375ded826a8cd03d01009797e3a2f3370ec5d2b6801c2a1347f61a48f38e |
C:\Users\Admin\AppData\Local\Temp\mwAm.exe
| MD5 | ddc06bc13ae846c04b02063647d9b655 |
| SHA1 | 3780eb3fc83b807ed5f909805c377691a56ca5df |
| SHA256 | 41b78a49b472398ae817c1a30df51118ff466731a5b15a1a9cb8b76cd2bc8757 |
| SHA512 | 0d6d4d984813d0267e5d4e7a4f418e1c70a90d83c59965ad7c8c5eabafdd6bdcdb27985f528fd27991ca51c5b88891103cef00ca2779d8ed58f345b9125f6497 |
C:\Users\Admin\AppData\Local\Temp\CYcE.exe
| MD5 | f33ff2a5069af3ef30285c5cf9d1bad4 |
| SHA1 | f862d8e34459046432109285d7a90c46ce980a84 |
| SHA256 | d374ddc616c25d94c0356a69d3bacd68f3adae6470d3e30c89d1e8512485af2f |
| SHA512 | 28a98a078bb5e5c0d662e6463383f6857d6b6c3d354c31c849bf1ac0259ce03c94b33f1ad8a020fa2f114dbd047082cabdb040faaf3c7ea0f79717f9418249aa |
C:\Users\Admin\Downloads\SwitchExport.jpg.exe
| MD5 | 26995b62fc5c701f2030bd377c88f5e0 |
| SHA1 | 1e72a3d7a169c8b80f79b1538133153d74eff788 |
| SHA256 | 88ffd2d5618ebcde097841f34b990428459625099596779c5939116ff62a053d |
| SHA512 | bfb78255659d90d654eadd7eac0f71f99d8221f0b33d174660b6ca5b69beed1ee7e9be1396278401dd0d07e31ea0cb0ace21daffe5f9be5a18329e508f871585 |
C:\Users\Admin\AppData\Local\Temp\TOQkQYcs.bat
| MD5 | a8f99a9c3df5b04990a89966d65bb854 |
| SHA1 | 27c440f69b9cc200cf3e4c88222995905e0b4183 |
| SHA256 | a45e7bb3d43579f9d6f503500aba097ec6fc4ee0ef7425cb844ec089d955937a |
| SHA512 | 2aa73174d35a3c74d999913732927fcbe8b1c8190842a1bb0137d9086a95a493152ed17737f54581387a50bc88c738331e0658f520471f62833ef61ac40773bb |
C:\Users\Admin\AppData\Local\Temp\qcww.exe
| MD5 | 0a6daca5c854332c86d5cda2776843bf |
| SHA1 | ef202dd60f29028af4484c1fc72889cbf53a2a95 |
| SHA256 | 551eba694f8eff4729c7c7ac23265f67948ca8034fd3368c9104aaebc5c30841 |
| SHA512 | 2b87d8061d0e8c337c1112d21acfa8af61654957a68a080482fd741f3aca27b32ab4643f1cd584aecadfff6018e918edd300f695b5fb1114b75477b9a89e49f5 |
C:\Users\Admin\AppData\Local\Temp\yEAq.exe
| MD5 | 5230981a756bfc1d5ede4c9e751d0d3a |
| SHA1 | ef7683fd27cd51cb80dac923b61d40d09a08d3a8 |
| SHA256 | 7d84ff1d40519052878d2bbd4b592fab7750b9f7403ce18036b5a704d82cd896 |
| SHA512 | 90d71a4fbf6ec54ff62c7ed20d2107dbfb9a7ff219a8ed067450407bb38b9b2978671bb9696407fd5c0c4bbb150f292448352982c7bbdd18448c60b3a88c96a7 |
C:\Users\Admin\AppData\Local\Temp\sgQu.exe
| MD5 | 083429c279b14f0effa01657a41ec83f |
| SHA1 | 646809248145c079c495536225cb2bbf3d04144e |
| SHA256 | cb919d2e1860faf7d8631351ed579c091d19e85f91ac21f47bb290c5b8eae348 |
| SHA512 | fbcbfd1f3c24672a3bac0d02bdb535ce54b9f7a6535df1dfe1e1dc40f67c9fcfe6c8d8d3b1efa49a5491bf3b445167a872dff689c3995741434a2aa51090d577 |
C:\Users\Admin\AppData\Local\Temp\nWQQUgkc.bat
| MD5 | a137b8fa10cf231a6fdf0fe61f2f3698 |
| SHA1 | dbe5122b96b9a79738a616b0148e70cf8579cbf4 |
| SHA256 | f087cd04e51acb8384206a0f197ebcc2f828c75ca8b83cad02617d7d8277ea98 |
| SHA512 | 5030eb940bc97458c11a6c8b40c530e1b5878422721ebbfb2b882620919d180ee5d54d6905b5a939659688578d834336e7451b36d16cd1d138ab6d0504a7b317 |
C:\Users\Admin\AppData\Local\Temp\OwAA.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\AppData\Local\Temp\owQC.ico
| MD5 | 5647ff3b5b2783a651f5b591c0405149 |
| SHA1 | 4af7969d82a8e97cf4e358fa791730892efe952b |
| SHA256 | 590a5b0123fdd03506ad4dd613caeffe4af69d9886e85e46cbde4557a3d2d3db |
| SHA512 | cb4fd29dcd552a1e56c5231e75576359ce3b06b0001debf69b142f5234074c18fd44be2258df79013d4ef4e62890d09522814b3144000f211606eb8a5aee8e5a |
C:\Users\Admin\AppData\Local\Temp\yokE.exe
| MD5 | af71fcae6bd8ccc791b781a15b8e2edb |
| SHA1 | ca249a8679f535ea33e0fe22f42fd1133de05050 |
| SHA256 | 32c86807db0367c98915bb6ea8fe31dc2d19f241fbf6861ec326237066704806 |
| SHA512 | 9ac73f48f4bd5d4fbd3a7feeaee261766ddeab9efdccaaef8fe7617e799ad78826453e239c35e4c00933b475739c848d732d9f77608671e53ad884a2b1226b81 |
C:\Users\Admin\Pictures\UndoRestore.jpg.exe
| MD5 | 53b7a14b806ddfa864821a789c6df927 |
| SHA1 | 384a443f6605b6c2c99d377f7587eef0032021d0 |
| SHA256 | 3189a7ec04151256183c7638eac9d497b33282837a7c7952401ccedaee22c325 |
| SHA512 | a1c8bedd6b6bdf3974bf3bb7ffed373d0198d035e84d1f5201a2d02a391df3cca52231a57887aa1b19fc39bcf02e81157b12fcc609b6160b265f5427b5227094 |
C:\Users\Admin\AppData\Local\Temp\ukcG.exe
| MD5 | 92a7831707763efb4b1026ef28bd5453 |
| SHA1 | b902915d3e286433e018a116353701648795e14f |
| SHA256 | 4928a4ea3f91071bb80e557c5b138cd31d86282b5b5a8fdfba7d4f52b8771664 |
| SHA512 | cf64d0312c9a938d176f5ca42fd8a1af5747cc781f6eddfe19356596e3079da1ba909bfb6ad82bfe6a82a781ba0c24d51db5395e7e26f0df74b3ac3309e04254 |
C:\Users\Admin\AppData\Local\Temp\vWMUAMAo.bat
| MD5 | 4b7cb8a152e3be84a00a9e0eb1624107 |
| SHA1 | 541f2c1bff274728ca4d69541b551a8640cbddf5 |
| SHA256 | 335794930f3088063ba1b5e1fb966cfd86fcb54bcc576312055c52e1aa44cec7 |
| SHA512 | 606dbaacbe682478ad2112a8269bca2f58bef5797a1d7f72cf8bd28da9475d0f109c32805388f5b517e4d5fad574492df43d996eecfd993ab6c7c86c14775ad7 |
C:\Users\Admin\AppData\Local\Temp\IUkU.exe
| MD5 | 4d73bbcafc993aa5f45e5f8d526aa404 |
| SHA1 | ffb02752ea1e98873de952d6f2199ec39284741f |
| SHA256 | 4b07defafe31608887b8872c655fecdad7368fadc3229a79d84cdd3ee85a2df5 |
| SHA512 | f7eaa25a72017993b9d95fb5d86e4b84eca503db5d1b512ef955ba7c082a66973b7334e11fb677b0fb47270453a3019af2a176c68bbe80eff3be1f60bfe3cacb |
C:\Users\Admin\AppData\Local\Temp\wAAS.exe
| MD5 | c46c64d2d3d92137ac8a8e97a8bf53da |
| SHA1 | d1f530ba9eebe8c7e579358d3b10610bd76b1a66 |
| SHA256 | 8952cdfb1cf5e07eeac14a3e76b23a55020b0bd2712b5638f63b7d54500ef2d9 |
| SHA512 | 159c295732b0107b064cf2dde43a330ca9760f5077075ac3366060dc27f94dbf35d5de71276f5f5c20431dea79ee5aae385051d6b280806f0ef57ccfdcd1c09b |
C:\Users\Admin\AppData\Local\Temp\ficIskUg.bat
| MD5 | 56347f4a76751ce3a4d57fa181e5cb7c |
| SHA1 | 5f1d9612112ea004edde66c767efb92eccb961b5 |
| SHA256 | 261b878a66239ff9efc83f2994aed7ec767eda1fecbe3d42f54bedc7c7abdc57 |
| SHA512 | 3302861bef29c0261c19ddc9cf976a3643b2259eca0a5f3457f35cf386a08b0d9ac18ca480d01d1e475f190b53cbcb0dfab1c9dab064e2c1254c216f2777b6fc |
C:\Users\Admin\AppData\Local\Temp\SIAq.exe
| MD5 | 02b690b0a4578dd64105ee4a9db88bdc |
| SHA1 | 0c59c072e5b67e33e6222bfb86ad53e2a5e19d01 |
| SHA256 | bbefa360fb59d4401ae2d5c777ed5d07e10508d9340a15c68b2f00ab5bd97ca1 |
| SHA512 | 1ad146f33d3ebadd1f848d1b36dac3928457a4d1e72c7bdd6aa75503f8a94a6d0d35965860b51bf02da50982fde314e1707b4d00bb32c642a2d9fc044a9f50d9 |
C:\Users\Admin\AppData\Local\Temp\sEkq.exe
| MD5 | 33c54728bbf34feddc2d2c4e50a86ae5 |
| SHA1 | 57c889d4a290dc4d5847437603a33e3667284e0f |
| SHA256 | e0bba9be5db360e3372830f02f81658a3e55792a2dad0189c275b4f8950b60a3 |
| SHA512 | 45dda95569dd0e03e726f32ec8d4f246437ee8a1cd0002e922374991282e152fd162f7c963e2375647067d9ed6ce77363f9e19ba75b8f35529707a298438886d |
C:\Users\Admin\AppData\Local\Temp\QucgkMwo.bat
| MD5 | 7fc910fe8aa521864950c932c5ce41c3 |
| SHA1 | 27d3745187d02071b4b45a8eaca540175d57d494 |
| SHA256 | aa29b37ba942e04695a60d072c1f898845686425e7f6eaa6c3794e3d47003afa |
| SHA512 | 02658ec3199575406c9fd4fe5c42b17c2ce93a97e70b0b36f4ed8a9b7d576ddd2ad10725c0d7beef63a1c5927d2243ae07ae8bdb444c20ad31d3890a08c84ec4 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.exe
| MD5 | 6e3cd99fce5a4dadae338192fa73e745 |
| SHA1 | 49d87b5dc2a65998daf9e8d8fb8ae12bb791ea48 |
| SHA256 | 1cbf6c4426bb4e9647a5bfa9cfe5e4d0e6eb22b804a079c67d52c5566fa29ab9 |
| SHA512 | 4e0df90ae9c74cf686d19607551392491348d41c3317181b4054a7ee622ad3882e832e172e1c85d3739fb778592fe1a8516d9bf0c26b8c7d7a24b0ea492426e9 |
C:\Users\Admin\AppData\Local\Temp\cggo.exe
| MD5 | f741c7d4fd63c612739890c16c50dcb4 |
| SHA1 | baaeab9f6d4991a18e8af127554f21ea0f485d0f |
| SHA256 | 32dbf93110e384c5716c8a76d199928f941d4bf754f78a32c2c8b0046b271d8a |
| SHA512 | 3c65b2c8b212c7fdee00f4dc7208d55511398407ed3dae4628e9b5193a6f6fb4e28a4a414221b052eef0d262c6d764b51221d4b163a8a3884037bb2a8b3eddff |
C:\Users\Admin\AppData\Local\Temp\KQIc.exe
| MD5 | c67bbfa62b2350f8ce46e07ca600a2c3 |
| SHA1 | e6350e73e03b8580fb660617984bf6d9cfab2880 |
| SHA256 | dde07492aaed833b9309970895050ce7bd4036e2e86a63d43d2b5068a2339ac5 |
| SHA512 | 000fc2bf5539e0c0776652c7446b0b36ba36d52c2ffef082cfe0dec55cafa47b1d769b33f50812d8fdf2cab0c4c10f5ca51a6ced7985e73a2baed85ae686dd71 |
C:\Users\Admin\AppData\Local\Temp\gKwgogIU.bat
| MD5 | 71705f941050651315db1c1a08f6623e |
| SHA1 | 7a21606ef33af08b6d7ec831814d3347e6da2a0a |
| SHA256 | 41df51dcc052a561a8810c0ffd19d6b0913b6d3ba5ab4cecb90906859a8da758 |
| SHA512 | e219fb53cc4205b095502094d9af5f65b2b0b59a5069b28faa74624343075970e5f90217ac3ae513c93a680513235f06e3c49a830e013f2535c46c226c41cf5f |
C:\Users\Admin\AppData\Local\Temp\oAUA.exe
| MD5 | 9142b959e353d278c3e21dfe935429c7 |
| SHA1 | e2f20b69663717540c3c76d45c146b84cd96315b |
| SHA256 | e548fd021e9eed71e908760460f164c18973924bbe85d1f4acf9c78998849152 |
| SHA512 | b7917d961ad664785a9c145b911cc1474bb734076b67e19e91e7f191d6b5368ba3977cf2d3aa76e28ec1f53572f3950315afa85b08cb627a34148e55a13cde7d |
C:\Users\Admin\AppData\Local\Temp\kMgu.exe
| MD5 | f2257e9931637397618b035735096d98 |
| SHA1 | cd2cff01b894523fd69e9806346e10bdcf2e8018 |
| SHA256 | 88207e4d5240488d28add2cda137bbec81544b4613741e9824ae1ff37b73eed0 |
| SHA512 | b8098e4eb728551f0661f986e34b6f908440090e7cc23e01713d3a1543337bcb35478684e428cdb027c9ddc786b29d736346c0cf1f138141c3b14b755b0f01f7 |
C:\Users\Admin\AppData\Local\Temp\ecMM.exe
| MD5 | a95b18ff949217b65523c9215bc9d903 |
| SHA1 | 35268a8a9ede05954e5ab1faf06a60f273380c79 |
| SHA256 | 73e99c688a96ee9a0e1defd1cf9188cca3fcb1dd8dbecb53de15f68d71ee8a28 |
| SHA512 | 00061e6035e7c8d12db1013eb6c2644b266f69f9321e8963c492a291bf9c1545962e05b989040fd96ccf9e59698716a3286beca80d67bc08b8d22275d4e26417 |
C:\Users\Admin\AppData\Local\Temp\gwIQcwAc.bat
| MD5 | dc3223e4002e62fec930242bb68244cd |
| SHA1 | 377c82b8b144095c75db807daff5bf429e4b90ed |
| SHA256 | 48127a2ba41acc94c8788275decec77ae9df7bc6f9d6f614d1afe6ab5abd01e1 |
| SHA512 | 70eb51900ab3768878bfb8ec5f9e397c5a08ed4e4dc32687d71a59f6a6ff3afaaeab0f10b0bf4705bbb326279dd48c1f8511106a65938bdc16e6cd4f5f76bc73 |
C:\Users\Admin\AppData\Local\Temp\KsMu.exe
| MD5 | 65e23acb959bfd83c9bde4fcf80e13f4 |
| SHA1 | e95c431dd49100a5b89d3acc001ec44c999f281a |
| SHA256 | 6ac99a6c59f8900dc9a8eede4ae8217db905abe71ac046527e88ed74da73b4d4 |
| SHA512 | 82b43907745b66b9603b7b5dcfcc2f084e6438599eeca9d9bee8f77c4f595877c88d930c76d35e460f878979cb805811d4d20cc5cd70b8d60297fab21fdfd358 |
C:\Users\Admin\AppData\Local\Temp\GEYg.exe
| MD5 | 9c5678721cf41bcfa14d78687c036f3e |
| SHA1 | f7b2a38fcab55146ce5e652a4e14e94f85db8d1d |
| SHA256 | 8f4040b3b4013fee80bfd1b272e93ada683b22bec01251c554293c3c6509cb86 |
| SHA512 | 7c7639a553632c263d8fffb59b2b7a69d7bb845276112b16e23cb8ce702ef8fddc60eab203ae636bdfe47b025bc8c2991ff0b479c4187303a0ac0ad2521184eb |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp.exe
| MD5 | d9c07bfaf3a5843172041e172d1da6cd |
| SHA1 | 2d7ab0d71966581f171dd2e565f45ad3044f3c58 |
| SHA256 | 1fa499e1fb4b595136396d85538793e4d14cadcd5bf8dbed848891f792fc4a20 |
| SHA512 | bba79a058bef75ca9616204db26c2fb91e6e9d6083214b985a060e1fd97e6402c5b9f0b1d39f0d2b4ebbef17e1e23af19d14810a28abc123d083809b95714d25 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp.exe
| MD5 | 5cfc84022f1cd3770b8c53c2e48bdd6b |
| SHA1 | 79a9406ae3ec83f978438a6a860c4b598eeec49e |
| SHA256 | 4056e1897171b795485ce3218a76fb339edbedf7a3d1f2f8d292f702642cd1ab |
| SHA512 | 0e80d87e59b55c61b4425afb05126eead5c01f1f5aa1e533e89ffbef31b3e0f9101769fdb2430ba97ee62e0b5ffb953967cbe12df747056c96a1f0bcbeb1728a |
C:\Users\Admin\AppData\Local\Temp\augosAcs.bat
| MD5 | 6bd74c746372a878d838e2fe51cbc094 |
| SHA1 | d72879f81cb4caf848964fae5d286d27c27333be |
| SHA256 | 75ea04596afb846a4cd2f0417995bdb76e0175d3d809df724a58bb0e2e7e1ca6 |
| SHA512 | c7e548e4ebcf672dbad2e5eceb10a3982ad1053e9400468938a994d1b9eac6023215db40f5c16c590d8b3bc8823aaa7494e5d5cfc7aaa1b49681d1328a48ec2d |
C:\Users\Admin\AppData\Local\Temp\ioYc.exe
| MD5 | 2fe1a000dd58f6617528c7708c98b846 |
| SHA1 | 02a95c1e624677fd6c1c83bac420f618169ebe4d |
| SHA256 | 6500c93a13d6b3d3f975424765503c2523e155752bf0da2652bc1d9c618fa63b |
| SHA512 | 8125300fd0fa853ea9f140ee83286deea7d903893ddfcec82763c591311f6404a683988b1820628344965e8d3242a935ba3207de1d51184c0ca0746c2522d715 |
C:\Users\Admin\AppData\Local\Temp\cMMw.exe
| MD5 | 944b33f7b2a799cbbf358679dc28c406 |
| SHA1 | cf231d14db9810aa32eb83138abcdc1405c3119c |
| SHA256 | 581ecc25556325e3e4519f496339b877a3b1f691b553f1fbd1e731441578df6f |
| SHA512 | 2d963d19e392de28ecec01afd0b63bc7c6acc06a6995dd3930fa4ef5f32c1c14c41b47f4ce4db9f4c18cabcf5007d0e13277ff5cc7407a0e878beacc0901ce30 |
C:\Users\Admin\AppData\Local\Temp\CMsg.exe
| MD5 | 145e39679058479014d2b5c84ed7af11 |
| SHA1 | 698af5d5b88315294146cbb390b3ffb4ce4562cf |
| SHA256 | aa21fb678595e5ed14c05b44a6fc85ed6311d6640dc6c9dc9d6625a0372a21fa |
| SHA512 | 2d2aca26c1a408e0ea565832ece2db0c33861fc942a65ee72868767caddcbd2accd7546c28b7dc86d77d7a354cd4e76293868d2d43715857c3dc2d0e09cace25 |
C:\Users\Admin\AppData\Local\Temp\lqsksoQg.bat
| MD5 | a9f30d21398054d6eba54e062495fc8d |
| SHA1 | f451e164d8285578e6a98f57fad56dbf524cdefa |
| SHA256 | fa5b967ec8c9ee0b947a05b8ad8e6c2884f4f7f1e92dfb2f122ad242672625e6 |
| SHA512 | b98484406301aebf2e24c9507a4978878243e0e1eabb5af85aa07191f79cefd0e988f2019660d77f4dc2108c2b1abd2ba85485d8db0f136b6cb1a21668773486 |
C:\Users\Admin\AppData\Local\Temp\kEQq.exe
| MD5 | 5af9a15d6828df2740a793099498824c |
| SHA1 | 7db7280843b39946bcbd8002cfdbd6855798797c |
| SHA256 | bcc33e5f32fe582b698cd320aab2381cccdd0cf5691cbc56bde9bd0815f569fa |
| SHA512 | 53fe8a2a54a7b600d8a64d00ff9313393fbb1e36b934516bfb1300284822fd867bb11ef31138210342662796a38c5a8dabe37b810c9b3c5c403c924686b8081b |
C:\Users\Admin\AppData\Local\Temp\SwcE.exe
| MD5 | d57048baa8452b21e74cad2cdcb17ab6 |
| SHA1 | 467cb26432c083f1329afc85e8aa5ce2adf9756c |
| SHA256 | c5d8da42d78414c44e1689954a32e5c6ff124d8c82103ca57ba6621a1789f471 |
| SHA512 | 31b7a303fa75d845a99f3ceb0c9d06af20ed00f430b7e5c5050fd2209d46a0ed96f46901cff3346cb3ea7287a20ae8ec3f517651fba76a699bcdaabc9f61e173 |
C:\Users\Admin\AppData\Local\Temp\AQkO.exe
| MD5 | ea690bc8db6788f4a1dbd14040f297fa |
| SHA1 | 1e5224e9d4a3e617df2f5c61195b93fd04fbde93 |
| SHA256 | 52324ad63f1cf89bd09d096648cedd67caf9d02748d0163f27028cbc848bc090 |
| SHA512 | bd74241eaf7b28cf6e60f9509de14ce523e7809ad172c7f3cde357c8e81ff1cd09520e0882207119e39fa0e691abc2569d7f88f83f0a6cfd3c1f1e58ea739ee8 |
C:\Users\Admin\AppData\Local\Temp\TEowQggQ.bat
| MD5 | 49e7494a6f3705c0011bf36ab8946414 |
| SHA1 | dbbadbdec2f86461f8b433aa65f2f3e9da66b341 |
| SHA256 | 5d3d32bcdc120aeda51748cc6dd8730ffc11f4f3ef7355d0dac63df601a453a4 |
| SHA512 | 447fd0e1175cb703e1135f93428e14f6d15e1d23e6983a8189196aa86296b5cc820f3ca6dcd2907dea68255e9c3cdec385303f313a92a7a64cd64e79f1a01530 |
C:\Users\Admin\AppData\Local\Temp\ecws.exe
| MD5 | 2a608123d1fdded7ca63633e95d126b5 |
| SHA1 | 58aec2ad65e540d102fcc1dc1103e4f2adea1d84 |
| SHA256 | 98c5ba6eccb9913969111ebd64f4d7eed1129f68c8a4aa49669ff26fc567db8a |
| SHA512 | 980747779384c4c00167a056a8ce18079f9f16e4288c633acf95dfe726f133a1cd60fb53f73072643a253a08c413368d57516965178d8c4936499eff05af8100 |
C:\Users\Admin\AppData\Local\Temp\yYAA.exe
| MD5 | 5407ed04ce6e7b6f13ad45a711ca19a3 |
| SHA1 | 88e30fbfba96c3c291e4736c8cc871b90fa4e23b |
| SHA256 | f2e00b50e22c029f50cf50fb9ed0dd676ca84ef2fdfc5145167e62d49f1c302b |
| SHA512 | ff09b6a1ca7e9ae5e7b6cc82e2e7f8ea38952456eed1d878ea9191c0959ebebabf753e12099532c9d44bf9e6cf2f948563b784dbe1568d48b13b6c9ee611408b |
C:\Users\Admin\AppData\Local\Temp\OwIk.exe
| MD5 | 6c0e35a807833a88689a692d50761d4f |
| SHA1 | d0d043c2568faf201917d99124b88b36f40fae90 |
| SHA256 | 006ac98e71bac44c07b87bbf405eda7736fb21320c4d7b721f4c500d96fed940 |
| SHA512 | 9e1d60006a2caf1e05704eaeb4de9bdfd024b204e307f70fe826711e8b393776f9f6ca88e7f43f54a25ab4b5fd160d0c0df2ecf9b9f8bb6e06a80a1a886818f9 |
C:\Users\Admin\AppData\Local\Temp\WcYO.exe
| MD5 | 807fe9fd8b481607453cee21b39c013c |
| SHA1 | f99e663b92b282f4e82c6900dbf16b2044f17c72 |
| SHA256 | b3c3fec91a25edf6a266a4232d01320334fca7c31faefaf72f1a19739d453686 |
| SHA512 | bf28d1732c5f9b1759c691bedbd4bfc6f1312a4f81b25797697fd5a2ea3bbb78198827ccf9d54860d551f8bc40df865727a0b044119baa70d804de1e91218362 |
C:\Users\Admin\AppData\Local\Temp\JogUUkAg.bat
| MD5 | 2e394a402b31d9140ce64237daa5b372 |
| SHA1 | 26dbef27710471de7003f635d809ea77a61a2157 |
| SHA256 | e83e4663092a5d563fa9d36f3e7df76569c71334d430b90e88e450045f8f4165 |
| SHA512 | ef881ab2d1ae4d3c414fe5fef1182aaab021965c38843b8d69c5ad9fed658d4a62f5f9fc47bb055358f69d60b34fd3565f6ffb8e1e8c52e68f912ed7b8a02724 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile29.bmp.exe
| MD5 | dfbed6f736f47b6ce7a43174491decb4 |
| SHA1 | abea00dde4fb4c69e8247c5c72592cfbb6ccc6ae |
| SHA256 | 7f79733a6063d29d4eb7fcd6f45b8b9f4c06e61f0bac9ed464606a596c1f27cc |
| SHA512 | 2f2800196f3434ab45616d0e20414aa5cb85a33db2ae9c6310181245e110f7d5b7db77d29c4739325385e0cb5e256aa5f5ac39228bd33fdf6b97059daf3a3117 |
C:\Users\Admin\AppData\Local\Temp\cosc.exe
| MD5 | 75683dd928309ec22fc12f3df2413c1f |
| SHA1 | 7f20c32879f9468011fc9cf80ec7756c66defd54 |
| SHA256 | ef09a65b64cfa2f4c288419b43f461e80de826cea15773715d6e5b193a437c03 |
| SHA512 | ae81f6e759e0c06ad556b85914a5e0fb492861e5dc194565a5cf5103a861be127e7328619cb0e6abb7fbabb74a1ba1e9e1b110e57061268d007dd89394b95a8b |
C:\Users\Admin\AppData\Local\Temp\dakgwsgc.bat
| MD5 | d70c326a7b03a508c3bed1f7f6a1f70c |
| SHA1 | e0e09fc4f37fff733f0bf4218abb9984c535f44c |
| SHA256 | 9d0e998d8204de9f04e95170ad35e2681eb33e7438cab8dd19f27659a89b2837 |
| SHA512 | 7fb4c70cd97c3621a582df94a2fb40329d8807cb5d21c0f0ac218854c35e93826fd5695fbeedca5a3dc2c89be533c5509d8f8fd23e1fc7fe2cc5275134acd61e |
C:\Users\Admin\AppData\Local\Temp\KgMc.exe
| MD5 | a07afcc786f925476cb78d2d477eafe9 |
| SHA1 | 9626e9de0fb9ded654037f93d4589bec1d52a8cf |
| SHA256 | a9cbf5fd9ff5ec22f735e5f63067b2ce51d2258897c67ce136a1d3e7c42c1c4b |
| SHA512 | 69212de57be70365b2cfabf4d92b8b4fa9ab51138dc80fb61e3bfcd07c04ebe51f1c9569557529e7326ead6c09c427cc689b1600781152838467071a2d902b53 |
C:\Users\Admin\AppData\Local\Temp\yIcI.exe
| MD5 | cf2c44904bf9b0fcd06d5d1b919074ed |
| SHA1 | 64415238fa7775f1612cfaaaefc7ffb61fb7e769 |
| SHA256 | 55af570380b877aae82fcb626b0e2144c087b354bcdbab917ecf90f92bc730c1 |
| SHA512 | 3bb77790651de918ecb96ad7a1085fd9add8c6c4a74312fc55984b55bedc846ac772b282c959d620e39fbb62cb967a59487d7c9ad93cf3706e4fd21065dbe716 |
C:\Users\Admin\AppData\Local\Temp\wEoS.exe
| MD5 | 41868bcb95494673ebeb8012c9b77f2e |
| SHA1 | dd3eac8b05cb1d55637860ecbe8a7bdf5e71d827 |
| SHA256 | a6da2b015f6a846b563843fe2b7c2f5d421e80248ead697e36044bdfd72bf019 |
| SHA512 | 03a13327d1db0006945804b622931c8c035adc2160f0482e61831aab4d025fd2855a6664ff95a52491b8613de5cce34a3c325fdc0a654be321c9ed15d0300f97 |
C:\Users\Admin\AppData\Local\Temp\KQYkocok.bat
| MD5 | 8bba5baccfddbbe3a987341e85129df1 |
| SHA1 | 701a6e4bc787e158b3b198fdfb63d732556b00d3 |
| SHA256 | 27c363c74a298bd0f342fdbf2c7aa9a400d6ed081b5dee643bdd32321430bfdf |
| SHA512 | 9521726c6aade062ba1f9f6d70029dd11ec91abcc17d8d7a892ea67349b03ddc0935c07cf04f0935d2a6f8ec6cc1b56f70f9bd43023b9eb8ba7f020f6f7c5413 |
C:\Users\Admin\AppData\Local\Temp\sUUO.exe
| MD5 | 0dbc3ff854d15e0ee81de9a860d96d19 |
| SHA1 | 84f8cca59140e6a279003a94f148ceb0d3ae7c53 |
| SHA256 | cc42b5080901a944d6098705f7a111dd2f6118a53bc75f8e0d565a554640b17a |
| SHA512 | 4cda5a4666d01fe71108b8f0f6d5173882572091c497de8624c424e460e89d452ce655c196eeb9eaf7fdb2e75a3efcc6f189a25d7092b6645574b442162522b2 |
C:\Users\Admin\AppData\Local\Temp\UwoO.exe
| MD5 | 71036104474e07b415ef226f56fee3f6 |
| SHA1 | f4e03c3590ace8d10dcea31e61d606c6e12c7a5e |
| SHA256 | b16a82d150c40f55f68a4c61ad965dcc6c094791635e97dc235fb4540141bf51 |
| SHA512 | ada32e2628a988911d6a964aa0a891b1f6332b32a8a4a4c521a79483be87966625b0e4951d4377a03580f7f2a4d8cdf7ddb0734aa053e2e446024c202c1d88ba |
C:\Users\Admin\AppData\Local\Temp\QUUq.exe
| MD5 | e1852f81176ea5fb616c6140ff16a3f5 |
| SHA1 | 61250b897c7b3bd842a984272ed9a129d45a768b |
| SHA256 | 4efce094fb888cbf278275378a5482c2a1b1addbdd7487c2ff563536ead6e420 |
| SHA512 | bd0336e14091ee707208fa668ab730451256d8d913dc887ba94c868e66296471a6454db90ca840c4749b2d6ec6ff26aef8990332d5eae86d2a6f8b72fc819fcd |
C:\Users\Admin\AppData\Local\Temp\cgQW.exe
| MD5 | 000b3512f332d832966f8937b52e2afa |
| SHA1 | c0d685efdaae2a2bfbe0cd419221c48044fa0812 |
| SHA256 | 0f06a5692dfce6a21144d706907b488dd96b911fa139e7ab5a268bbe446b324e |
| SHA512 | d9902f9553ca6e226b2508db93a30294fdf63920a8816a4fdd4f6d62ea26c0e4cc73a8f2ca1b703382f154d931cb03cd2e49eed037af6dc52fef70558d8a6788 |
C:\Users\Admin\AppData\Local\Temp\OOEAAcUE.bat
| MD5 | a4b4221b523b5169c9467dcc400b82eb |
| SHA1 | 66aa44732ec46c29bcd2d907a7af68b014371a62 |
| SHA256 | 0011b8f81b9da18f2da7e07ceafba7efff594b7aa43833bcc9e440785f4275a6 |
| SHA512 | 020296b009492a904af9ad7e487b0976230fc17bcd8deb9ebdada3690dcf7747f0423784ffd48370a745b4df4dc76b32c29615531916f188e38cab37d27f3b28 |
C:\Users\Admin\AppData\Local\Temp\cUwE.exe
| MD5 | ad8601c3b57556dee725c10bec1f9ad7 |
| SHA1 | 90e1d351b6923acd91a0396f8edafef18bf9fb34 |
| SHA256 | af7a7679f5bf248a2f62f912cc56303327cd6ecfa0ea19c2b4532d76bbf1ea68 |
| SHA512 | f60045e85791cb34701fa323c7281d70a63827ff8593e203f0ad203df09dc408338da245a483356393227cc2f174ba14b469043ed90f1449868fa664b248f5e1 |
C:\Users\Admin\AppData\Local\Temp\yoso.exe
| MD5 | 85c16e9fc80f0f01531ec38e9738c3db |
| SHA1 | 11dd62d5b778e3853987ceecc21c6780ca831323 |
| SHA256 | 07333fb88d1c4d7091f7b668a83076362e8dfcc255fc0a94c721959195fd6028 |
| SHA512 | ef91672e52f44d69fb303752bf15e9d891c19b7aadba8af1c31ee3913a86f6adbf3a6fd6a0f185122bf224f1f1850dc06590159238aacf9b150ed485844740de |
C:\Users\Admin\AppData\Local\Temp\CMoG.exe
| MD5 | 2372ee799dabdc6344118a4679203c77 |
| SHA1 | 35391b317d355a010140293333d683e10f4ba74a |
| SHA256 | 914782be1254cdeade100523ad10c20186c582934fe9ef1e3552105462479b5a |
| SHA512 | 2032b7cfeeb70d9ad24e025eb53a08b93e09f9ffcd84e57325c09d8c01f7aa2bb9cdac842b8bd8ec7bcc9eed1888941be1dae9290fc154ccb92226f2192b2e5b |
C:\Users\Admin\AppData\Local\Temp\wIMEsEEM.bat
| MD5 | e386ac6533b16c705575acb22a436c2e |
| SHA1 | f6f3792518b38e4ca5094a77707ae7f7aa1344e2 |
| SHA256 | f1de0424e92d786933c79b146186c40b179ffc88229ebad7358e7872f41151e3 |
| SHA512 | 87b0f739c2cc4605b4c84936cc94a8d0282a09411f65976f478f31ee352285e1a73c0577b98a16f1c4274fd430afd94fab9c297d5296cda8aac972976a62211a |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp.exe
| MD5 | 805ddf367d9ab39aaecfea765469a012 |
| SHA1 | 84cb41141749669535a1cb64625f2002d215866d |
| SHA256 | bc3abaa9730578a16c2e8f63ad6793427afea2ee9a1428c7c57709efd113a96d |
| SHA512 | 0302c9c6b21fa9746ca15531aa773ee224e8cb5db9f2501eec0afeea099cf7475ec3ee1224e99d0cb6be6de3e778619a88fc816c3787f7527dc7a4c8e72f1060 |
C:\Users\Admin\AppData\Local\Temp\qQcG.exe
| MD5 | 7a5826660c1486635890cb91779d4434 |
| SHA1 | 46cd73f02e54085de9d72cea5fb3c7ee9539c5e1 |
| SHA256 | 8d6c34a6cfa59667e762f7195e197d5ca5870411e27177d2f8d8540d3d4a7d09 |
| SHA512 | 034c17717c7bab0938a20edc0fe6f05ee4c6819073cbc4881377edab6f7e4310ced14a08b5c2fe7a8721609cbb4246b50ee34b6062332cde58d3e46eff2562b3 |
memory/1228-3893-0x0000000077310000-0x000000007742F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\aacMcYgo.bat
| MD5 | cdbedb061c917e708d9478a84eec4ecb |
| SHA1 | f1e97f41ec73ff712b099eb429becb1852f3a905 |
| SHA256 | 36a0255f3ef364fbf50d3e25f01c075bfe24b0911747897b31a98212e111975e |
| SHA512 | 4904c387cdee4cb8b2bf23ecd22c531fe6a08c16e5cc8460d3f230eef1daef893a4e6cfc7afb87c3d6f7ede37c7296816d66f397b74507ab02948ea12348bbfb |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp.exe
| MD5 | 0af2dc0e1108e40c1baa6b26d7a1607c |
| SHA1 | c82865b18fa0071ca68ee7fd8093b473ed70e7d1 |
| SHA256 | 08a5f9070f3dc4cfa7667c7698f19a0ced255ce8a379f25a9a94702b5d1bff5e |
| SHA512 | 3ce8a9e8d2aa9589b25ba7267661dbbbdd3445a0a554b338d999a5db5479284c0535f283f16e6187387244dde431ab32242d1ca24f882dae03ed99fc380ca894 |
C:\Users\Admin\AppData\Local\Temp\KAkC.exe
| MD5 | dba1658b3f6a7c03cf1b756ac54c96d7 |
| SHA1 | e90b4769d393408870010a5e957ee3929ecd89d5 |
| SHA256 | 6797f3b958cf9ee677f30aa2a4f97134a528ecbc1e26d75dc13f2ceab28c160f |
| SHA512 | 9b09e20265f64f239f86898f80729dc98c38ef7cf1b73b397eedeff83909f96273be1b858cf7ae3decbe9337d99cc88d337da6218df142d845e9d7d61cd027a9 |
C:\Users\Admin\AppData\Local\Temp\beQwwcUI.bat
| MD5 | 4472428787ab7b3f5be37013b93843a7 |
| SHA1 | 62eaee3e8c540e7adc047d6cd63e28ed7270c203 |
| SHA256 | 34fce2ee97dbc39087b9b00912569c101150a3f23011ffe5300c50ab731ff1b8 |
| SHA512 | 96b3197d866f3ee27629195c476624e20bd1dcdde36e68e91b4fd30378791af35f52b5fa89b2d72c5e637f460ce1ce2a0bb5c4f6230b1f82c455145c652f8e8b |
C:\Users\Admin\AppData\Local\Temp\ckkA.exe
| MD5 | 2ebb06ee3f56f92ad82d9352ace79184 |
| SHA1 | 2d1306c5294a624c4118ee409ad978671eddf5f1 |
| SHA256 | d5c95a849903c02e393de4ae94bb321b7f28a30229b3f1572fe78f48f8a1bb73 |
| SHA512 | ca856cf2b6253674f41693a8994b87b3a9c85b01d0ade0f515e6a4e49d8874fa13fb542e8b4153c9892e3f453ce1b23e9e4110cddf0a5b213e46185cc1197a53 |
C:\Users\Admin\AppData\Local\Temp\YcMi.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\gUUs.exe
| MD5 | 86cc671c1f6a4f75fc82607ab25457fc |
| SHA1 | 1b0dbb5f73c3fe0d718d543e5e3a915697227601 |
| SHA256 | 21f5f40d6075f3555a2b5f52b0a2be6799562e6b7d447c44cc0f99af8233191b |
| SHA512 | 36c9a57d6a664811f3ed15d554d8fc74d252e73bb8ae1e2cf5361115b7eaf1051586a7f41d7666e62da312ef084a811a330a8e1ecf22688b3afc4ef4cfb84023 |
C:\Users\Admin\AppData\Local\Temp\fygkQUgY.bat
| MD5 | 008b623b8a82f9d8efa29d2fd99e5042 |
| SHA1 | 68c53f2d4d2fe6aacc2c785e6dd49ce66c05a710 |
| SHA256 | e9330cfba6b37bb2d4c0df805cc46b229cb6aa15e066a092716f2b43abbbb3e7 |
| SHA512 | 30f293ac8f9709ffc2ed280595ab54bcd81130b57405d1d8960b669a825590ea2da53365bdc3f03832abe763a0fa27df0dfe38c7cf054cedbb9bda6ecfbf1aa5 |
C:\Users\Admin\AppData\Local\Temp\oocc.exe
| MD5 | da99853cc7168d111e300b8e3d7d1eb9 |
| SHA1 | 023ddffa4da1dd30e352d7c10624d32d09c488df |
| SHA256 | 03698cb17a2f73392c7f80843eebd6f506e51e74b9697afbd661e46117533a9a |
| SHA512 | f0699b6929014bf737c1f1f09d97b7e79986ab34856a2ecf0376b582a93e292be62f6da113a351637caa19888214a5d8f9adcc7cf810c75d5c0ededf4bba03f5 |
C:\Users\Admin\AppData\Local\Temp\CAgO.exe
| MD5 | 2c45c03419127c6f055652a8979e0129 |
| SHA1 | a9e0bc328d4c7b80eb727df344a9e49ee1a1e7be |
| SHA256 | 22d86fc61047fda88ca55ac8f05eda4c18ff5e4f7fb9cc0e174ab5f249da1afa |
| SHA512 | 2312ef271c66f5e5bacdf30e610e288c8eebda3a50c40df81f076bd9a5cbc5c85be4168727a3ade97fe40010a61ae1e86603cf476d6f4982cbde48e548da1253 |
C:\Users\Admin\AppData\Local\Temp\mUUW.exe
| MD5 | c5a7be1ee417d0eb5098f737493cdb50 |
| SHA1 | 209f46029873c1b69c0ce1712f043dcc80a58ec4 |
| SHA256 | 5e27b885b3abda600cc13a23a76a35013c5ba198d8c054fa906ffb414f185f38 |
| SHA512 | e7b2fb79dc5cee312cd2bb912b1e3ee4d35ac3aaf6cbb032730595d20d72ffd0704e33025e8301e755a7a8dff387fd01359ceefbdbb8d3d25b83f2c1ea67d442 |
C:\Users\Admin\AppData\Local\Temp\SEsO.exe
| MD5 | 434acf51dacc2596fc3ae9fdff288c23 |
| SHA1 | 55ad9c1fd45b013e2605f31978327601a5718c87 |
| SHA256 | 2d7c3056af2d858572f0b6dd1c13dcef4cddc1b5f3167c11cca2a582cc81d1fc |
| SHA512 | 43cf50593e43f598cdcf6cfd63092797fadb4e04d4881291cd1651b2908c5ba1a9ec804f87be0e833d7b7c91e9b914217d1e6cebcc2510ea076a7dc283ce087e |
C:\Users\Admin\AppData\Local\Temp\hKUEAEEo.bat
| MD5 | 5b4bce12d102bf9f2743f680c56995c2 |
| SHA1 | f76de002436a8021f88a9bcdc5c25a77eb747c79 |
| SHA256 | 5865f35cd4a28e5683338676ae68a008be43eef7f61562f155ddc0b5802a3fa1 |
| SHA512 | 18f323d2e85141de9c3cc358e5c75edbc4d382195d43b7d3898dd4caa85693e2787aa672d1928ef6b68c70b674ac7e07f01bdc087a2bd06a946d69b26c2079b9 |
C:\Users\Admin\AppData\Local\Temp\OoEs.exe
| MD5 | 264e73ed3045036fbb87b2f5559d7ca4 |
| SHA1 | a2427749882d290f15cc523298effa05a29ce798 |
| SHA256 | 41683e5a852c75a5a1b11bd2c5d3defe03496742a1f583c74d91e4862a184f6f |
| SHA512 | 965247f61d3ba888b97125fea5b9de500a2eee353f4133a43c06e98ead07e559dda402ee3098e236460af81ef503328649c10b86a57618da54e4461ca558500b |
C:\Users\Admin\AppData\Local\Temp\OEEY.exe
| MD5 | dfa92bdaf043b56f28800456bcef5b23 |
| SHA1 | 97b8c849c4663ecb48fa61d1723de724ea865e94 |
| SHA256 | e6123a58e6a7959760e62fd1d74a93e9cd3db3271e5f15825afe9398312452bb |
| SHA512 | dbcae27222ecaf79683515cdc13091feebd35d8f0d006051ad121886562d3ba66017563305705938967a9d9172d40003803dccf8468eaf03af9ae4cae56093f0 |
C:\Users\Admin\AppData\Local\Temp\Qwsc.exe
| MD5 | 8677db9aa8acd6b9dedbd96ac3358ec8 |
| SHA1 | ee626f1527be7df8f37f15f3c0f05dbb39ff43ff |
| SHA256 | d568ad5fc9cb9ba325d7ead6962fe14bec08affdff4b9ea6357a30f790a47f87 |
| SHA512 | 01780b1139e4fdf58f132d3446ada0cb23202f74d86fdc8dff783b47aa62cfd06efe312ab54e5cfc6c43751db233645605be01d18129eb5c6ae270a998bfdf4d |
C:\Users\Admin\AppData\Local\Temp\IsIo.exe
| MD5 | d99d9ed041cf63fb6a3e2312e7373742 |
| SHA1 | a972b2dee340d36f5acb82272f53ea8c4739cf5f |
| SHA256 | b50f00e59179529ed3ba8fd7b614f0dd32ef500eac287d11d5fe117833cb8edc |
| SHA512 | 6e587307bec024a24fea333879e973dfaee5415c71c3bb04c63169dceaa820eafbdf4d8068b9a6b0c7613d759a01fa9824aa03a2dd3e3adc8f7bb9b765e2be22 |
C:\Users\Admin\AppData\Local\Temp\uogK.exe
| MD5 | 3c4e853108e6de056237a25611cf120a |
| SHA1 | 853f2ebd886c0c497e3a17b819441e44b1c7ef2f |
| SHA256 | ec0cc50d7d3e52f64bbec887a1873a61245149b48d067de1191699eeccafdc58 |
| SHA512 | e429207cf629e7dfedaba068cb2a98e4f952b8c837959210200ba6d219072b8f27ec0b6b2d2cfd660e4e5f53122e600ca42661103878b794b3673b4f38ec7f57 |
C:\Users\Admin\AppData\Local\Temp\OosAAAEU.bat
| MD5 | b045cd3bca571127eec191ac8f4d248a |
| SHA1 | ef5a843f8cf047f29d7cd5e2c313cc98fa7fefca |
| SHA256 | fdbc073ef44d10e9f4f996c034b45f4c0417523fa8e47f7fa14317be3adc31cd |
| SHA512 | edeb2ab68a7a78ef3063875282edbf02a2a74613dc00ef4281320f05682c3752a98f3926b20af609006b4d5f1af6a22c132296322f4e4dfa94f5336975a7159e |
C:\Users\Admin\AppData\Local\Temp\OmQsIksE.bat
| MD5 | 3ac71f55d243835f893a53c92ed94905 |
| SHA1 | a215a40ae4f07bc9d394970918edc83549c5dfcd |
| SHA256 | d649fb00f95ccd3ea8525545518b4433c7b9e667dcedfcb79e5c572273306782 |
| SHA512 | 7b9db17cbc5a3929c75c085d60bfae14aa69ce27471c2502db0f6de7d14eb2d05b9f60d86fca2b1dfd6754ea6133b627975c1a0f44db8d1ec9a123730598565b |
C:\Users\Admin\AppData\Local\Temp\qSkkksIs.bat
| MD5 | 9e5185ffa3b3935b8f02e17d2b304d4c |
| SHA1 | 1f203e578e86f9d216f96a202e5e8bc7d3c73e43 |
| SHA256 | c801911c4b8f8bf3139698fe93de9c9802afa0672b94482586d772b747767a4f |
| SHA512 | a72484b6a534b0929bf53b5496e6f189968ae7b23ce4947b43251d6831390f9fb093d78b8f68cacdfa91e869d420b464252ec2ca3365d534524657e7db0bcb1f |
C:\Users\Admin\AppData\Local\Temp\yOkYIEgU.bat
| MD5 | 71aac03e727698789f5e7ca9d9d3bd87 |
| SHA1 | 24947e4f0026baa2f5929399d7945caf1e029531 |
| SHA256 | e594091439216af348b652e9ddd5ce984431d2f1c51cd1481ded9e4748de3f64 |
| SHA512 | 256746098823c0784ed83eced28c0b9330177a5ea6185a6cd07480bf5a9b55f8c7fb59e067539f5d20e00ff4d6435849e34d0d323379b543a81402fb668404cf |
C:\Users\Admin\AppData\Local\Temp\BkcUscQs.bat
| MD5 | c7a76b60d9f52ab2f8825f0c3543ef08 |
| SHA1 | 14d4ccbd15055f4b4627f4a45068d4f7b7ee0330 |
| SHA256 | 9811cd212ae55cf3eb2bdb7f9300ed7d826db490a28c86e63d49af883367b529 |
| SHA512 | e15ef0e8baefa24911555d69006cdc61b8836fa8e80fe2091ac650399a54efdf0a2f6d592bf39046f7b3f35130d2cbc625dc927f55aecb67a31c50d17cdf8cb4 |
C:\Users\Admin\AppData\Local\Temp\zEkcYUUI.bat
| MD5 | e3681054f532a16578007740cc779759 |
| SHA1 | ee2dff5278ec01c57ff5f35a4aa915fde7a0e172 |
| SHA256 | 8bc9fa1975b7470949a12ac1ad1418524939a0ab76ec8e2ce8dd71d804db0be9 |
| SHA512 | fdecb51ab46bc9846e11af1b8a65745ee301f4ba6f29f97612dddd6752b395a4472ff66c04bf2f283e5b48a7e6ae7174d671b0590fc0cb747b315721949e03f3 |
C:\Users\Admin\AppData\Local\Temp\dqMgUsQM.bat
| MD5 | 72765b0b57ffb8f08627d8d6be9f4157 |
| SHA1 | bd24952447b16a4f9ce10025ca4c1c5de660c3f9 |
| SHA256 | 1c66a7402199dd546af3fcd77d36e3a4b915667d2f2594ac395a4f71abc997e9 |
| SHA512 | eb353f1bb653af53cd482fa22b3be41953678088a792dbee736ecf47384a831209b60b9b699344213645c65a4129d31bf7bb5a12be44abc60210b6df007484e1 |
C:\Users\Admin\AppData\Local\Temp\LEQEwkUc.bat
| MD5 | 4f98294e97f40ad6b95a6fd1a8953611 |
| SHA1 | d91c43461468afde2d36b046683b95c817047089 |
| SHA256 | b626748b6e1fbb10bac700fcf46de5b5d4a67800151c04dce63ee5537b0fdedf |
| SHA512 | 56aa3823c01a9fe5f919a04558c928bcc4c4a2f48f85d48ed7a7d4acc52d84e530756afb9195c19f25b2e52c5f328507cffae57b42abee12b5e37a25b0f22e58 |
C:\Users\Admin\AppData\Local\Temp\KcoIcIEI.bat
| MD5 | 294a463eae261ab89956507f0313f819 |
| SHA1 | 43229a47b27f6fb0af05321f82599962c5501d63 |
| SHA256 | 428b8b83f5432b4f8ecedfabb516c184d227ddfb37f5ce38eb8c7c742381f27f |
| SHA512 | ed4246f4f2ce0591ee17349239ad259eb349b4684268b05e108e88a88d3abb20cfd62010f6cc8fd1f9cb88272f7360d732c0bfc7b775dbe0593bcceefdf1c9df |
C:\Users\Admin\AppData\Local\Temp\CuMwwQEk.bat
| MD5 | 45c8b2cd4f63298655edabc41b8fe457 |
| SHA1 | 7fcbd948a3800338b197991f33a816f728ef8a0a |
| SHA256 | 96a830833cec3293edadb2c0bd91752bfbee196865f867dabbc8b621afc76038 |
| SHA512 | 098fdb2c880ce6cce1a5775405fee642eb6501b4f8b8fc2d9528c9c14071be54c9712f67b5408a71eab4e175150b5c653b6b92a1d5a37dbb1e82c713b94d7005 |
C:\Users\Admin\AppData\Local\Temp\MaUEAoAk.bat
| MD5 | 0961b4565925a31ffd3e28e325ec339b |
| SHA1 | 5572fb097194afcf2600cbe83e1618ddec701734 |
| SHA256 | 532ec904eee4dd8bf6584d5b8375e8e4957aaf2715da4b0238b611a2c8a962f0 |
| SHA512 | 31826f2e7686a9cbdb95517222949227f32edd4b42dcd462ac24c51eb61c17ff2edbe574076bd5535508593dac63061144402a51636a2174ccd4359bfde29678 |
C:\Users\Admin\AppData\Local\Temp\swgUIQIU.bat
| MD5 | da9f0ac1aee8c6f0dc9a1999f53de481 |
| SHA1 | e1b55af0693e45642411f634432aef55d596b854 |
| SHA256 | db34d1d27ee59fb6bdf758cc8268033d85ced19a390d29d6dadc996b2574f70e |
| SHA512 | b03a31e8987a06e85450b3fcfa3d931dfb8d6dc9ca59d1598097ce9d55753b0f4af01b0fb241ef3cea2c9764811035808346b88a6bae9e28e17333be547e9d07 |
C:\Users\Admin\AppData\Local\Temp\fqowoYUQ.bat
| MD5 | d0696c399af2e857203ddb6eb9c2bdd2 |
| SHA1 | 94e308039c4827d83c9baaff11edaaa070bab932 |
| SHA256 | e96b6afd2ea35a5b49a0e84237ee3e829a328f5ba0b40c84313a36df9f589e12 |
| SHA512 | 0a4f294bde04e7f06cc489f2010efb7185c01830d23c6fff919fc2135aca67e002860b988f3ccbff86d6cbeda7b48e25b992a8d6b13e0ec6b13da0a2b1c584f6 |
C:\Users\Admin\AppData\Local\Temp\VYwAUgUA.bat
| MD5 | c55de12134e46f9761a0fb3454cecb7e |
| SHA1 | 5a6db512117f2bea6bb7ba6ae203563577078c44 |
| SHA256 | 7f002cae5b672a5f6408d793e6828f809224761c662d8323fe4b5accabc73de5 |
| SHA512 | 2fe3696c610462d3501a79fa141dc6fded787760e89ed6541deb018353a5b2a78ebae417014a4d23082663d49e254346087eaa3b9be6dfb9d71d95d0f6607980 |
C:\Users\Admin\AppData\Local\Temp\NKAYswMU.bat
| MD5 | 9a8d8c432ba1f935e52c1c3ea5b5b9dd |
| SHA1 | 418a7f8af9cd8f7852d529653e5b54f5329b86fd |
| SHA256 | 21aabf39cdcf3775c30a151be0960402c73ecbcb94a6868c386fb23699fd983c |
| SHA512 | 1a81af0c8ebc6e2a6736e871690dd1915ac435a49677f9b5c7222c4922e521025c76f11b050eb786d4b00909cb2f5c370e2192ded66cc89f7a11584beb17f79e |
C:\Users\Admin\AppData\Local\Temp\TmocgcwQ.bat
| MD5 | 104ab6b3de7c6cbefff019d3883fb8a9 |
| SHA1 | a5c503edadbcbc19eddf37c82dfa21d6ffcf24ef |
| SHA256 | 22fa3641a493111efeea28d60e582e2e8c4f62a0bf3ae22a35e646cc14968180 |
| SHA512 | 8d6038e670e9b066490a038b9f3c579ab96293c6cbebb5aec07be7d1278540c9583edf730426e2a7dd95ebecb7e90cb887bbd7776e16abf60adcff7d28dbb02f |
C:\Users\Admin\AppData\Local\Temp\GmAkwwMs.bat
| MD5 | 3f82a965aaf6b585a081df8454769abd |
| SHA1 | 0ecfdd2d2589841b3f929364fa018c0db6861c22 |
| SHA256 | 774755a9e68737c6eb3fb98b22f99fbc25f0d57339646dca600181c30eb2fedd |
| SHA512 | d40327b1bd74e9b4313219127fe31864d33ce35b8131eb5c26dc1c6c61208c3e8ab4ee251c3ee841383e5132ff8f7d8e305a20354895852648d4469e665f3a21 |
C:\Users\Admin\AppData\Local\Temp\KokUIEgM.bat
| MD5 | 3cc4d449bc27a89191d8904f0b2d8e6e |
| SHA1 | c252361c3faba0832281029981a89e2c37061607 |
| SHA256 | 18318f4953a88acb8fa99793c5ead5f0a1a8ef626cbbd4b7a1ab3e23f5772d30 |
| SHA512 | 87e2bebeb740e5cff0a5de510a37dbe2d9ce3285f2cbd704559dfe671dc6eeee3287b047564268689a8dddb4969a21d62153e40e455e380a90aea8e2dc55d248 |
C:\Users\Admin\AppData\Local\Temp\iuwsoEcE.bat
| MD5 | d7d765c63225c5bfb7ce2f98864cd0e4 |
| SHA1 | 93abfbb215ea08ad102b3d9ab4a0bdda193e911b |
| SHA256 | f08c6145e64afa351101dad57dda9b6fa256178ff92b6305d9b7ed1367fb4d3d |
| SHA512 | bd9ccaaf4be7a8ee41a4b8afa175b64999a3e2df2829b7e32f3b09acee3b8b00c8e17af4c099115bcfcf857dc1f80f40c5aa90749da7415628692580433a2a3e |
C:\Users\Admin\AppData\Local\Temp\uWgEccgI.bat
| MD5 | a8b74ddb92d09539d121b858b3620dcb |
| SHA1 | 7fe01f2bd6e8a87bbd36839373d077842dbe2f61 |
| SHA256 | 9290440af71108a1761f66da5a6e7c8ef935ea91187da5bdde19cde9f06dc790 |
| SHA512 | eba438a2d8cebf3ec73efbee53ab9a378f5779ea5c34bdf2d745b0b044d87aa90c50d614430628f5b7ac2deebff01857ea8db68ffbbeca3260d125a6c6995fd7 |
C:\Users\Admin\AppData\Local\Temp\hAcAMAsY.bat
| MD5 | bffaef85a389e8ca1333ec4e0dee61a2 |
| SHA1 | 02c33e1710dce304f33bb98a72b5db56fa3aa9dc |
| SHA256 | 75e2298da989744d92c05bef376cad67df675e5668263aa743099b79da587afe |
| SHA512 | 3dd4864b01364cb80a7d669e92966d242a68b36778f29dd9701c0fb4543773646d63948cbcc93a2134a5fe957c11e39e41367df2f12a2e484a83aa34ee6ab821 |
C:\Users\Admin\AppData\Local\Temp\JIkAEcwI.bat
| MD5 | b7610ec2f93c2a19da1f960caa7d304f |
| SHA1 | a740d8b311760905b4bb1dc4daf188c2beb1884e |
| SHA256 | 5ba9643f4adb2cd8e535aca00b05482829396c21d144bffb2ce2878005963045 |
| SHA512 | 34e6c667e44a601582cf91a18b14b1fff760c1f16b8eacecd8e84f50304688161134c892d584bca3230bd53d6a0592609cad630b97767a4b9f75502ae0abf3a8 |
C:\Users\Admin\AppData\Local\Temp\VoMcoYkU.bat
| MD5 | d21447da431e4fef2f66b72cc2886d41 |
| SHA1 | 21f8c59c7bd49615836e4c7f47a50e0168cd4016 |
| SHA256 | b3cf5f26e423e9bcd8b5437367e4e32fa058b1a3153bf8efe6fe1f5d748601e4 |
| SHA512 | cd47c971eb8b83a1918a54680fc3d98da4f63c253da7298af590c4a9cd7e875914c18ef676eaf9b9cc06676b9d3e7237e98ddfc15989921abaea1ff43ddd8904 |
C:\Users\Admin\AppData\Local\Temp\LwMEsIEs.bat
| MD5 | 432121544fe9d6fa73d2e475ddbc2837 |
| SHA1 | f3376e556b7deba816eafc3be433ae3299891ea7 |
| SHA256 | 43248c4367ad59ab664d27c813b9df3b914f1037d15725944b5be75057d64bf2 |
| SHA512 | ed68e4d3217d385426fea5af5128c57def9be36d50bc49adb84e7c5f05f6d4c37c2af2d762998e697f2853821df0a222bba4219ba40463f8cdc91c8134a6b0c4 |
C:\Users\Admin\AppData\Local\Temp\SGkQAMgg.bat
| MD5 | 49c0035ce23c70c5187448b7678beff5 |
| SHA1 | ef3018d19d7c470d0ec400e20caae86154e54d44 |
| SHA256 | a9f4bbf429ce34e69e1ede703c0fa4729949f8896a62991059a986e004fa6a49 |
| SHA512 | fb42aa53de1d4f84ec1f81a9a6b84e6397011e12be2790304dc3642227157f1e50c5359ffc9a1d6dbf7013af6649abafdad69b11e340ec8d82bebe70c4922fd3 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-16 06:27
Reported
2024-10-16 06:29
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
110s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (67) files with added filename extension
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\TAIwgMQg\JuMoAAEQ.exe | N/A |
| N/A | N/A | C:\ProgramData\zqwIwEgM\nMsEIwAI.exe | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\lawQAkkM.exe = "C:\\ProgramData\\XOYIggoU\\lawQAkkM.exe" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JuMoAAEQ.exe = "C:\\Users\\Admin\\TAIwgMQg\\JuMoAAEQ.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\nMsEIwAI.exe = "C:\\ProgramData\\zqwIwEgM\\nMsEIwAI.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JuMoAAEQ.exe = "C:\\Users\\Admin\\TAIwgMQg\\JuMoAAEQ.exe" | C:\Users\Admin\TAIwgMQg\JuMoAAEQ.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\nMsEIwAI.exe = "C:\\ProgramData\\zqwIwEgM\\nMsEIwAI.exe" | C:\ProgramData\zqwIwEgM\nMsEIwAI.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\EqIcsAoM.exe = "C:\\Users\\Admin\\sGkYkgcw\\EqIcsAoM.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\lawQAkkM.exe = "C:\\ProgramData\\XOYIggoU\\lawQAkkM.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\EqIcsAoM.exe = "C:\\Users\\Admin\\sGkYkgcw\\EqIcsAoM.exe" | N/A | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\ProgramData\XOYIggoU\lawQAkkM.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\sGkYkgcw\EqIcsAoM.exe |
| N/A | N/A | N/A | |
| N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\TAIwgMQg\JuMoAAEQ.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe"
C:\Users\Admin\TAIwgMQg\JuMoAAEQ.exe
"C:\Users\Admin\TAIwgMQg\JuMoAAEQ.exe"
C:\ProgramData\zqwIwEgM\nMsEIwAI.exe
"C:\ProgramData\zqwIwEgM\nMsEIwAI.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nAgcUIUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GMAYEgAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kQcUAsgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iWoEsIYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YccUEgkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zwsIYkMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lIYscwIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hsccUMYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KGogMcsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eiUwoMEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EcQcokoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FWQEYEkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NuMkQgoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rWwEsgUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rsYgEYAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yWoUkoAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GeIYwIoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EmAcgcME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZOsoQEsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TaocYAAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pMYAIgIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MIkEAAEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QEQkoMwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kSocAgAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BMYMwEoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pqIAIUcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pgAsQwkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QCowQooM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AscEwcog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kGEsoMYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bqAcgUMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BOEosccc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RmMwMMYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QcoooUUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KOYMEIoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AYgQsksM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\sGkYkgcw\EqIcsAoM.exe
"C:\Users\Admin\sGkYkgcw\EqIcsAoM.exe"
C:\ProgramData\XOYIggoU\lawQAkkM.exe
"C:\ProgramData\XOYIggoU\lawQAkkM.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4168 -ip 4168
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2576 -ip 2576
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cwwwEoQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 224
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 228
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DEwsMccU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xgAEskIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NGUEkIso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NOogMMIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WmEYoAAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gaMQAkIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gQAEUggk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\deoosocs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HkMoUMkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vAwQAsgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BQAoIYQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wwwoYQAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ewUsMQYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\csMsMIck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IqEQMgQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lWUMwwwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rawoYwMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\REoYwgoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FyssYIwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wAIEYYMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UusgAMYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\egoogQos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UckMIYgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VgAAUAoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jcIYgYks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZmcIQQQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eEIAMsAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WykUsMgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wOMAgwwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LGMkwcME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rMocMsoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NQAMoccg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RUocEQMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\amcsQgEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KmEUYwMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ieoAQgYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iKcoUYkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ROkIsokg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dEgQcwsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xAMQMsAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\auUcMAso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CQscooUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yYkgAAQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DAkogwAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jUYUEocw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nAoYggYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZcQEgwsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ygEcQMYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UcQUAUEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UGYckMoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QmcsogUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZIQAwUgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XewUUkQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PoAcQEIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\noYEwcEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cOUMkQMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QKogMwcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mmUscIAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YCowMQgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JmQMUgwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vqYcoMQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hCIcoYAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YmYQEIYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CIgEgUYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\sihclient.exe
C:\Windows\System32\sihclient.exe /cv S4TQiynNaU6CPbAkN+7B5Q.0.2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YWIAcYII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aYEkoscg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ncgsUEQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NeIcQcQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JkMwIkQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NEkUMwQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GQwEgwUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CyMswoYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yKkcMAMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NgsIYwos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RuEMEEsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lSYYIcAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yksMQcUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wwUsgUok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sacAsAQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GkQoUIAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BKwoQokM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VMUkAkYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lOwscEEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nesscUgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wUsUEIgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CQwAMEUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ouMgMokk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ksskEcoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hWIsEQEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\noMUoIQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dscAEQYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RccMMcgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ccEYEEks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock"
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.169.14:80 | google.com | tcp |
| GB | 172.217.169.14:80 | google.com | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
memory/2364-0-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\TAIwgMQg\JuMoAAEQ.exe
| MD5 | 1f9d913d630fa4b49eda73f93d480aa5 |
| SHA1 | 60206f87e1e919c9c6d19d1a5f764f6c025a2780 |
| SHA256 | 13c63b55fa7e685b967d648e9038fc61fb135b56e91fb38b1e8556a5ad655f6a |
| SHA512 | 4e0e09ec96355f70177815f9fde80e17dced23c103f5f435833ba8ff14f10b311c37decd9ee127cd408e84e0c0edf1c0190f971ebabb41c451dab4f5313b6a0f |
memory/3888-5-0x0000000000400000-0x0000000000430000-memory.dmp
memory/3420-15-0x0000000000400000-0x0000000000431000-memory.dmp
C:\ProgramData\zqwIwEgM\nMsEIwAI.exe
| MD5 | a994fe492986ead3e15f56c11037882e |
| SHA1 | a74c6d937a1878546270e78a28b21daaa4a56145 |
| SHA256 | 0df514dc795aec7bea08b95939dfc5d23321a8472d848cbf4ac45b097af242d0 |
| SHA512 | 4553af182d17078cccc7a209c791eedd9efa41d0e4daa9ab8905f98c77d401695c3d6c7f122b8747a7a7d6b0da7619d2a2b78ff7f7919f9defea0cb0f282c317 |
memory/964-16-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2364-20-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nAgcUIUA.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\2024-10-16_8407fc3b6183cec64939631e05806d11_virlock
| MD5 | bfa92771c90c7199a8b84d21ca45750a |
| SHA1 | 8c0c9053bddcb7f95423392ba7d8de7960fd99fb |
| SHA256 | 61282907692cc4761493fbca1f89d7eaf3de7ec5f00b57d7c03cef01fc3e707b |
| SHA512 | cdebc94fd6e0fc7a10ba67a06479330cf9a31ab5cfe21f1211775013c3a49fd23b15b6ff792f24d49d30032442c1eb582b8a43412deda8518fbd02deca5d6e86 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
memory/964-33-0x0000000000400000-0x0000000000434000-memory.dmp
memory/656-44-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3392-47-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3392-56-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2596-69-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4396-80-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3968-91-0x0000000000400000-0x0000000000434000-memory.dmp
memory/648-92-0x0000000000400000-0x0000000000434000-memory.dmp
memory/648-105-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2052-116-0x0000000000400000-0x0000000000434000-memory.dmp
memory/780-127-0x0000000000400000-0x0000000000434000-memory.dmp
memory/244-138-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3996-148-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1116-152-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2052-160-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3996-164-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2052-175-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1996-176-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1996-189-0x0000000000400000-0x0000000000434000-memory.dmp
memory/5088-200-0x0000000000400000-0x0000000000434000-memory.dmp
memory/5112-211-0x0000000000400000-0x0000000000434000-memory.dmp
C:\ProgramData\zqwIwEgM\nMsEIwAI.inf
| MD5 | 6a2e74d1656618ea1571a2aa3375b820 |
| SHA1 | 3d12785204fb8003d6a93cd5922384b023bdb1aa |
| SHA256 | 5d86f78115d7b652a08d02b36d8f7df995ba5d946d1b224bd0f0688072a51e82 |
| SHA512 | 7304e735f077ec7104199b439b4ea66010c953a48bfe60e909b3fd51c91e3b3ee1b1854e579b14e67ec68c8fe5645f7feaaa311ba84b60f29f77f41ac921e0fa |
memory/2656-224-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2292-229-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2292-238-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3608-239-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3608-250-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1668-251-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1668-262-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4236-270-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1816-278-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3180-286-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4904-289-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4904-297-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2596-305-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3432-315-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2128-316-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2128-324-0x0000000000400000-0x0000000000434000-memory.dmp
memory/5028-332-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4864-342-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4936-350-0x0000000000400000-0x0000000000434000-memory.dmp
memory/5004-355-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4236-359-0x0000000000400000-0x0000000000434000-memory.dmp
memory/5004-369-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1148-377-0x0000000000400000-0x0000000000434000-memory.dmp
memory/464-378-0x0000000000400000-0x0000000000434000-memory.dmp
memory/464-386-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3124-394-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2576-398-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4168-399-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1532-400-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3496-408-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4168-410-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2736-417-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2840-425-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4268-435-0x0000000000400000-0x0000000000434000-memory.dmp
memory/5088-443-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2164-451-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4696-461-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1300-469-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4932-477-0x0000000000400000-0x0000000000434000-memory.dmp
memory/708-485-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2544-495-0x0000000000400000-0x0000000000434000-memory.dmp
memory/5064-503-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4776-504-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4776-512-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2164-520-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4184-530-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1652-538-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4492-546-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4508-551-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2396-555-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4508-565-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2624-573-0x0000000000400000-0x0000000000434000-memory.dmp
memory/5064-581-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3620-589-0x0000000000400000-0x0000000000434000-memory.dmp
memory/940-590-0x0000000000400000-0x0000000000434000-memory.dmp
memory/940-600-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4932-608-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2792-616-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4256-617-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4256-627-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2436-635-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2840-643-0x0000000000400000-0x0000000000434000-memory.dmp
memory/5084-653-0x0000000000400000-0x0000000000434000-memory.dmp
memory/468-661-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3180-669-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4864-670-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4864-678-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CQwY.exe
| MD5 | 64661a12790d7fcea762a5399cc781a6 |
| SHA1 | 59ce64f13128b4a5026bb186a4790e790d7da7c5 |
| SHA256 | 78255fa513e486743806dad28d3420b79feef2f92a90607bd2d415028ee0e032 |
| SHA512 | 22da64e49fccdef16cb6384ba5e76905496d4a96c1c6186457202e6d40c00b73233c91f07b986ade72afb6a3891c28deed0583c17c4f20b82579516849830d2c |
memory/668-703-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MwcU.exe
| MD5 | aa3926e99de8a3d5cf09286dcf1f8a00 |
| SHA1 | 029faa836e331c2951258b1ff8e7712e922f5685 |
| SHA256 | 15812d3a0b9f25e2cce332ac6d6ab96cf5f9b356d3069fe735c30b9b766afbcb |
| SHA512 | 2b90607381f37ebf54d9fbac4e0ef3983cc9538bdca5625e51858aeae9dc5a819b306c4aaaaee52fc7d05a060e74ae4c42f7a01e3f823e32943d03a44cc78935 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.exe
| MD5 | 56cc0087d29113b431374b9c0a68adfb |
| SHA1 | ff6c6c4ea1e831000185d6e1a886763acc97adab |
| SHA256 | bdccf2bd53111bfe3f703ea909f8d77943c0bdfa7016bb417d2e7c0fb77e28e7 |
| SHA512 | da371d3504a7216b2889171d147f27f131cb1b29b758f5bca06cebcd34792432a72852b8a12bcd343060a3881e05a7d45357bca09d227d602f8ab80fe776d2d3 |
C:\Users\Admin\AppData\Local\Temp\GIcg.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
memory/2396-753-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Iwkc.exe
| MD5 | 1f1107dc352839a16feb81be8f1c2d19 |
| SHA1 | 84efab005ac15ea52c101930ddd00f764425fbfd |
| SHA256 | 58cc50a0e4c97f686cea0f53aa70cba0f947e832551da73f35c87a2f8876f4ac |
| SHA512 | 5a34317fe1cfef4b578c4d5d7343462f12133f974876163c796dc93a062c9e34feaf57bec5933d9f44842ebc644b0408be04ece6cda275bfa5a013f012fb4513 |
C:\Users\Admin\AppData\Local\Temp\CoMo.exe
| MD5 | 1d5270eb9857a14b67f09cfe05c22516 |
| SHA1 | c401e9e98a59c2e92fa47405cda44ff9b19cb1f5 |
| SHA256 | 7ceab88d21aaa0e39f78693f15035506ed66647fd354cf4fe6b206555fdc452c |
| SHA512 | eedb8191c72f711829c6db7b1b475a00b6e37fa5250fa8e1f1f7ffab0ac932bd0604100fb033dd8d5e91a5ba16bd052332acb1e359376bdf20ef9872e58ae6a2 |
C:\Users\Admin\AppData\Local\Temp\KUwI.exe
| MD5 | 2027253a30f0917f60fed4e12762c54a |
| SHA1 | c9bcf67a8f073b96b817017957849122eac09fa4 |
| SHA256 | 33b2d2d79b9abbaccc67078068122a03676fead98ed03e74a7e54728e108d6ff |
| SHA512 | 33c6c5a04718b92f3bdc46d75efb7822ac3db940dc16e6a776435996f81c1271525faa4e557357f0d44df9a8993197bcb626ba4c7b516677a43daf641e8481e5 |
C:\Users\Admin\AppData\Local\Temp\aQIk.exe
| MD5 | eecfd58fc8dc5f9a1ce457e07f108c7a |
| SHA1 | e19e89ebf7cff3d856f2bdd51b2c7ac8f2f1a923 |
| SHA256 | 1b865f30eb33e1cf2bf8b47e9d2182d5c50ce914e9ab3517373bd2759cb58da3 |
| SHA512 | 704acd9b2f0c270926b400687a63be5f404c5d249e86ce79f5d413c8b21df60b3b5340c0b1469ad7c69b3610191d6cb05fa98240c94a3255f546b88706f3ba81 |
memory/3528-803-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gYkk.exe
| MD5 | d0b5a69cb67f351cff0b74f9f20f2e89 |
| SHA1 | ea47c7a1f6d18b7988b6ef3f8271f05dd3b5b842 |
| SHA256 | 5ad5385fe092913a8db29f3a4fa0215480d6d9bcb45c2cbebad5934d818b2552 |
| SHA512 | 157e4c1e7c13704868aca10f94408748820d431b8e8d022ba360ab99a5a5ac7abbf6bb5072fd9a2b4dd10f17c89aa54864f399742e5265497d515972c25d3cbf |
C:\ProgramData\Microsoft\User Account Pictures\guest.png.exe
| MD5 | 21d78ac4aaf20b899c20b0e523256f84 |
| SHA1 | b2cec6a5d1ab0cb56acc0fd17d49f037dec385f7 |
| SHA256 | ba8d4781330630709d5d39db190b16858ff8a31e0523260303ecdb781615e88e |
| SHA512 | 6e01ac687e26304a739fc72982abbcfb777f7d73b50555fbc87f879ca8bc9e85040b8079d955c5920dd5170dd76458d88124be45f915e5a4fb10d769c0627fb2 |
C:\Users\Admin\AppData\Local\Temp\cEMQ.exe
| MD5 | 55d5b0daaefd3d64093e2a6488f0357f |
| SHA1 | 397ae03a75faf722495280460fe9f7bf6b24ed85 |
| SHA256 | 74b96be832787b6a2ac8a845a55183408726cdf8d8e9dd046219d68c1d693c76 |
| SHA512 | 35b088814a2f004b6524dc7e2d576ef63d70dc2d9e62a092574362f9276a9cbcf4dd02dc3c1916c14c002c81c43b2126364e72295a94769c0540602f6a7c9d56 |
C:\Users\Admin\AppData\Local\Temp\Ukcm.exe
| MD5 | 1463a26d2276832d3e0a030cd3adbb6e |
| SHA1 | e714853c4593b3a3f1b6fffd4a42088a7832f55d |
| SHA256 | 6d69f86c2182e1fc260c2dfed1cbbd97174bda51ed0d37b1541dcb0674236bd3 |
| SHA512 | 71791c35145e551d8c5b8a2acdc18ff120f1f79a2af402975ea329d50cbbd905ad76772da5047008500ff6ce79e8ac01563ab2bfff6de8c26a4e0f403076f87b |
C:\Users\Admin\AppData\Local\Temp\WkAG.exe
| MD5 | 2c720740b8b56199410207106582fffe |
| SHA1 | d864cdbf2406ceb90fc0cc03392076b390aa2088 |
| SHA256 | b0546270d373c696cf62d9c4ccd06024c7fe21f5a25890100f1932c069eb55ac |
| SHA512 | 67f9c07966164b630ede74c00399edae9082714a6ed8891af9000a150737dfc4426706278fe50c001efb839d923991729fd09e1b94ebcd7bf090a4d8386348e0 |
C:\Users\Admin\AppData\Local\Temp\ckgc.exe
| MD5 | b8bd0ffb2ead8fdfa854e3c6d76b46ae |
| SHA1 | a376f778159992916927c07130d46b3a1bad865c |
| SHA256 | 4ef1854db9f3b5a1096bc8d9254caae435147297ddc3153f320a3f978a4adfb4 |
| SHA512 | 9540135911c11042f2d22ed9ebb81ddeaced381864bebf00103214527652786b8c2e6c6b3987ea51596658fd10ca0103f56478daf9450dd46cde5e9adc15a027 |
C:\Users\Admin\AppData\Local\Temp\mAIK.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\msws.exe
| MD5 | 17df96c24bfdd417f33fbb870ddf4b81 |
| SHA1 | 488938f270e16a038a48bf3221936e7d10bd91c7 |
| SHA256 | 63138dcec9706f6a0eb41e3c0f63c9a4286a1ad95824754ecff9a109697cbdf6 |
| SHA512 | 0d54d29bde67855ff57c01334c6c6d99f1167ff7ed1d0bc683b254fa1673ac4d18fbec69116f0e34ec17cb213f667ce2baa64f40934a605bbe2362d8013af2b7 |
C:\Users\Admin\AppData\Local\Temp\EEYc.exe
| MD5 | e4be165bb5708d241770b1351d975da2 |
| SHA1 | 5cc30dd059f05d487d665eed2a083cf6913b625a |
| SHA256 | 263af1a10e3f894618b566d0f04dea2521705940381af5dd40f001de359e598f |
| SHA512 | 6c7cfbc322778242be8112fdb54a33d4285cfb01942c3959d6593cb3fd158dcd29707f882147bde7b4972a799d87ba81b0da870ac7588022583a1fdb48a89192 |
C:\Users\Admin\AppData\Local\Temp\Cgsi.exe
| MD5 | 30edbc0617c9475c6b4c237a20c2e73f |
| SHA1 | d4844e3e766f5b68cc70ce9dec57ac75be4847e9 |
| SHA256 | 1220ad91605e035730018260f3a41497588a7aa933d735d17d67352c41f86bfe |
| SHA512 | 4f8bddfa1098f0a47412ded72f5452c3ef7e29d39f43107956ce70a34eb4944de38677a6644af4d64f841c38548172a34f0c7687367b8339df25ec6a8cb39760 |
C:\Users\Admin\AppData\Local\Temp\MsUW.exe
| MD5 | 6477d87e9fd19e54f1429b121821115b |
| SHA1 | 27737bc6c3d23faea25b26bd865c6acbcbe4e95b |
| SHA256 | a4bc4d533db57d7eb52082ff560d8081d77bfbeb0f64fed1f22bc0ae313c5cea |
| SHA512 | bc1a6c2d0570d636fa82e1c818a0fa856aa397e5aca686ea5ccab28d90fddd839d4852187e2517ecea4418da0753968edf56805f8a557e804eca92c3b1f79fc1 |
C:\Users\Admin\AppData\Local\Temp\UsMe.exe
| MD5 | 578f824146cf3fee91bf9fd77593c608 |
| SHA1 | d6764e6466df03f2f97a3af5ffcb196aa2b1f773 |
| SHA256 | de59e193e05bbb30de3a389c136798a0503a2e5ba59e6b933f93417fd28c124e |
| SHA512 | dd0362410acc9e355a0ddccb4d448ba7f095fbb5d1c8739da7f60eb567c682c7145d927c0b0ea5e92772520cd6a7d0d39c1b94553b7f1da12e76dcea18c915c1 |
C:\Users\Admin\AppData\Local\Temp\GcgG.exe
| MD5 | 18ae57e80eef46030e35c34211a45081 |
| SHA1 | e7085ecf34e3dfbdf36e3e15b2bbefc506b2e6a0 |
| SHA256 | 321031ac94336efc66163af3811ff26b3119269c660831ecb8cf1041fcd2960f |
| SHA512 | dc33dceeeb91eab386c74409366f77065af7fbe04931a76ab78d653696e63f8c1479653796eee332d0b51bd181579e6bc40110cd3e62d42d66564b1b8a20742f |
C:\Users\Admin\AppData\Local\Temp\AYAm.exe
| MD5 | 4298aefd06a919691f94ff4fc91a3b27 |
| SHA1 | c10ffb234441ed14bc51e2a2ca0cd4ce4b2a1554 |
| SHA256 | 83d89170bc8ffbebf7768ffad1d67c64adf1026706dc12c6c61c5dc961efc6a8 |
| SHA512 | edd755146faebe35ca2782594ae5e62e278b47fcf9f46342a37cf96c9aa01dfa19b6da3348473c00ab5cdefc38441d73535d526277ae5fb5095a1a8ba75ebc47 |
C:\Users\Admin\AppData\Local\Temp\MYUS.exe
| MD5 | 22644903c44e9ce2e6a9e3508f586d48 |
| SHA1 | 9d52bed4ac4fa6d9fc4d39418714c820467ea23c |
| SHA256 | 64a9aec6dc9e0df91936310ceaba639676c9abf8b05fc1db97f7a3d43ed64de5 |
| SHA512 | 001059a4102831474743ec36780fb3bde92abe65802f94ac5570b6f852fa4865c71f5c4d03f6bbce65198988ea23cc4d751292d1b15c2b22a5475b90dd265748 |
C:\Users\Admin\AppData\Local\Temp\YYIG.exe
| MD5 | a8965b3133ff0605eea569d0ed561701 |
| SHA1 | 5811d63f0c52e06c7400706142f3a7fb4168a238 |
| SHA256 | 0652c52dc974c2f0e815a4aad73feaaf32e2fad129f846415aae1696ec2fe74c |
| SHA512 | 79f71ee2f80d125390465333534b5fc1528f4f74b2f6b58d53e56999349debe01f07d2c2772dd011662377bc7f3e6a65259c965665666c5873b7f2acf6a40062 |
C:\Users\Admin\AppData\Local\Temp\ygYC.exe
| MD5 | c621c3fddd84e1eaf7107e9bb014ce9a |
| SHA1 | e88b3d7102508408a1dff225ccdaf2364cbeedeb |
| SHA256 | cfb58ecd8344242061d656054962c930ac579ee62574875d269c350796b6b8af |
| SHA512 | 4ec27e7cc51123c35e195200862cdda2a4e0c03c59c1ce43c9ad35890cdf2a2157afc6bcd7834a083c9de4f99100e4d8cc7436ccbdf7a9f2a22180466023d2a7 |
C:\Users\Admin\AppData\Local\Temp\sUoe.exe
| MD5 | 60b4eebe1b7d4c499979a323bbc072dc |
| SHA1 | b7f2ad4d13f8bc003d5819903ab909651e9620e4 |
| SHA256 | dd0eafb84464f53487dfd632a75fbbcb4a38f914fb1e9f1e56ede106089aa859 |
| SHA512 | 81e48ccf6628cce72ec66017955283983c391c1aa469915a0edf387190a4faf454cac0bdfe5d0a407f49b3407a8e19ea541c2503f245b6d9de6d3d3d70ebc62d |
C:\Users\Admin\AppData\Local\Temp\iYEk.exe
| MD5 | b69d7c0fc5b67082d4f52e1ef7f472c1 |
| SHA1 | 51dd882a9907db8993f5a61a128d68ea47a5f7f2 |
| SHA256 | e88b630f19f840b94d1d994ffac1c9ed7ef3c84e2ae1ac50fa2fb3e3ea73bf16 |
| SHA512 | 91fe2801c82296b10ccfb38c4b8d2339eedb220b41c3f7cded660e676390721150bb2bf62d0c16d9a444d880f09164b9bfb20c4f5d44218fa781be6ea7fa051d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\192.png.exe
| MD5 | 332b51aa425a4a08eda0f0e38e184a9b |
| SHA1 | aff1a92a6998da72633072287287137d640afcb3 |
| SHA256 | 8c8478102cf4adf7726fee7373239f57cb3e44d90db13f2fb36c619dbdeced53 |
| SHA512 | 8351cc2a0d3847051142ac96580903b47cd161066b2c73e4bdb0a16a259f46a4bee6bac2e5fdee7a8059d3a8bf1fb280eb13e4b4b8588a0a287484fa244888a0 |
C:\Users\Admin\AppData\Local\Temp\WIwE.exe
| MD5 | 320ee38adc269e47f7b7e3a98c1e97a1 |
| SHA1 | 7dff94ea1ef227dd7a6b8ac915c3f386c63e3204 |
| SHA256 | 6f52857e9c81d872bba5682ac0ef06835e94c25f802ad42b12a82d192d6073a7 |
| SHA512 | 46f95e40be2de91367ef32cbe53ca68472a845d34d26e5a0bc01aa7ed33430287b47fff00af1ed2005a77e737c7cf2c9627eb68b112357b8a15024576d8f3678 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\32.png.exe
| MD5 | 7275bfb2ba7f882f5d7e376842797b0b |
| SHA1 | c550c2e20b13ec0ec44d7c5c2e793035f35ab608 |
| SHA256 | 26a2b3037a0907fd297ae5056f27c36a5858a57b0b87b9aa74b9b69d1f649476 |
| SHA512 | 71c7d63adc47a8bc3421fcff15a771739f4058001ddc4ab0983c5b3adf09bf910b77bad8f92f268fca13b0d5a2a8da1dfaf2ef8f13cc8de99503ce2cfd8c044d |
C:\Users\Admin\AppData\Local\Temp\aYos.exe
| MD5 | 4932af6be987852d47de9b4dcb52e768 |
| SHA1 | 46665169019845ba673a35c9281eeee39f0e7a0a |
| SHA256 | 132076bc6c924e65c678be806488cb330e01308039239dc288ce0ecc52d183a4 |
| SHA512 | 6f4fda4fa4b82026df5e98c686f7b1c259c597fa5f5950887d40c037b7a53044cbbcca0d99af49c817a5f942b044ab08281dab8150717d1c7b235e1fd4bd9469 |
C:\Users\Admin\AppData\Local\Temp\KswO.exe
| MD5 | d4830288336c32f1048c071ab13ff95b |
| SHA1 | 50b8fc3370431c65eb030399ce97f093f5946cf8 |
| SHA256 | 8c29cf616661229a75aa1bf670715971fd85f16cf313f44f88f9993910a26882 |
| SHA512 | 3e281eefb7b51b03513d91de1045599b74abb33e23edd744573d5e1120e8b2ba0f650fe968f8bb5596501714fd518a83a22ea5029589e0ea02c38eb13066109b |
C:\Users\Admin\AppData\Local\Temp\wkMk.exe
| MD5 | 0622aba7f0a474483cc0f8b326b8a642 |
| SHA1 | b5fc88f97203ba3b0b71bd25b2ae815856bfc063 |
| SHA256 | 95a69985e1c50f297dfe92d6e4ac66962c4406e3492bbe05442e2681d16a1a9f |
| SHA512 | aa7d8904b9a223f71c01633107bca0f7fb87437d5ec9ed31da241b06aca56ed990cd28a2f2735cff824598c3c3ce8df68f7e4718efc91b104a158eae7b6e52cd |
C:\Users\Admin\AppData\Local\Temp\yYog.exe
| MD5 | f0dfcb6383b62db3d9f646275206da36 |
| SHA1 | 3db0d96e920f192c392b4ad30d29a0c59d08f472 |
| SHA256 | aca74fe84d20f766978a2a17ca49423cd332acf74f0f10aac01726f0b2bdde1c |
| SHA512 | 850d90d6e6a371ceb8bb11dfa4d3208669f763d70cd60d405a0e1adb0bc4964e2f5430bd21488377a16fd2d6943fe2e0e146581c9db6d53c9046c5cef702922f |
C:\Users\Admin\AppData\Local\Temp\qsUM.exe
| MD5 | 9fa4559a1eca0228649fb65bdd37f3d3 |
| SHA1 | e8c2cf1982ac1eadf4399a3a0af82893498d52f8 |
| SHA256 | b65e00777e50532cf175aaabd97c6f873d213aa4667847e93eed8f9f56e6ebeb |
| SHA512 | 867caf9dbafa5e65c24349dc39ecd7db916f8dee8ccd15f006dc69f290c4e3d79b6b1fb020fc51ee3c92e270834bae55cf70d369ca55a7d8cfb0a027eaa87ea5 |
C:\Users\Admin\AppData\Local\Temp\UMoW.exe
| MD5 | 68bf47721bba2b8a61cde79576eb70a1 |
| SHA1 | a065bfa3748aa1916b22db3db6b54f1fa1f4e3cc |
| SHA256 | 0408073f821c6477a3591d4e8097fb1928b6c3942a3d3e9cb6c61a2319f22baa |
| SHA512 | 3e254f76305bfac89b1386aa6defa891c7af1f3fb986704c6dfed3ccc42aa69d5d436240086ebf0d32ee704bba7f7daf7270e93de337d4991ec990753698a70e |
C:\Users\Admin\AppData\Local\Temp\kAQA.exe
| MD5 | ef649b2f814c0ddcd6afe618bc2cd796 |
| SHA1 | 669d7222464dd3fbf36b08f0218ce97600d4fc42 |
| SHA256 | f8743aa63d504d679e0a128b19323b705bb6e2d56da7352c3f4e9e445830bdbb |
| SHA512 | 0c3ce1f5cb6b459581edb07afffd6b27fec16eccd1a09857745d710ac14a37db3bf91bbc3ad32ca2964a26967beaae6deec762249c020bdfff3b0bcdb60becfd |
C:\Users\Admin\AppData\Local\Temp\ksoa.exe
| MD5 | 80f9ac09f75c9b89d308c52aacddfbe9 |
| SHA1 | b328ab668ba20f87d19b71b47e1f700447ffe0f3 |
| SHA256 | ed037700d75b8b92c0fb8ad132ec3636dfb45f8d006e1738c8833695193f6f8b |
| SHA512 | 1ea577d161e5b1b9b846a012e51b08b948d86ce3cacf25da2686fd3738e4912b178f277cb885164e0d123372118e7ccbd48d3a9e7cf7661e2c9f07fd7b019067 |
C:\Users\Admin\AppData\Local\Temp\ysII.exe
| MD5 | 3b5f5958e3e944900fa4068118f9c7cc |
| SHA1 | a68600626676981f090c693844174e9afdd06df2 |
| SHA256 | 2a7c05574668180c22fa9a5b6b9981b9a96e30b3b3a9dbcd328129837589da15 |
| SHA512 | 680b4cc0c1d7fe573107b7305531e6e4a1d6c5ae9165d935bb86b01163255d958aa1bfbd5b15fde2a97403c0fb6f22510046e2dfd6103710ed90729de50fe80a |
C:\Users\Admin\AppData\Local\Temp\ewoO.exe
| MD5 | fccd9b2ab40fc08b98cc1346ac7df6db |
| SHA1 | c0c4fcbae8b6b8cf0df1e6b0dc8355388ef9cafc |
| SHA256 | e7a67adc6abd4dc0617fc999727a483f17fdcdecf40c05ba90f00719b35eda31 |
| SHA512 | 4ebfd7d5ba6ffab955ce157718e0cc1507b8098b104147bbc44d8dd048bce965eb9879b54f4e3e91d97d3632572d6eadeed1597c3f6555b91b40d98233e2b984 |
C:\Users\Admin\AppData\Local\Temp\MUQQ.exe
| MD5 | 72149d2ff8dcc2d696d971acbc77f0e4 |
| SHA1 | a976c7d2315297a8c5c7ca32be4061010ed223af |
| SHA256 | 56f9bec72ee9642712782d2876eca9cd18ce76957674a568ffc2e8b35c1e05a7 |
| SHA512 | c1ba6cf5509ea4677199986b6ad94f64b378b2938c4fabfea5bfd55aa1d0c21b2f393f16e12b28019c9d6328332076981fef511aafa160705909c19d3b745039 |
C:\Users\Admin\AppData\Local\Temp\McYg.exe
| MD5 | bd7a2bd7aa4b55f9a64c5a1d948b3151 |
| SHA1 | 218ae1d1ca8abc098d991d5054baa45d1fbef7d8 |
| SHA256 | 1b82e8dae05c22ded9050be42a35c52f52128271d03b7056b970404ac7bcda4a |
| SHA512 | 0ca627e8dbd58037d2a431abb07d8107d72b7b4b313419fcf5dffd6754b5b8fc4abab8f6e84c6c4037d23bb8f7890200df9f86d5b32f0634031630e066f39842 |
C:\Users\Admin\AppData\Local\Temp\QIsU.exe
| MD5 | 4b6d99611be7be35ad220679609f8958 |
| SHA1 | f74c7b8016fcd176c74cc181675d649fa81fbc06 |
| SHA256 | 941ed6d414cb3bfc04fff6d93431b804d98b11b0c7d748227a1b3057a2cff1db |
| SHA512 | 2cdfdccc400dadcf0cc94a22db8b85f6dcb8058fbb5c672e9fe6af5c5624661cfae3e5f009ed5e6a3af026dd10eb3a5a9383f7deb59131a06f489de939d7e6e0 |
C:\Users\Admin\AppData\Local\Temp\wUAE.exe
| MD5 | d1bcbcd91cebfaa6b12c0123674488d7 |
| SHA1 | 69106638b7c73d0e68e8377c83d07139ca6d6272 |
| SHA256 | a9b949abf206510dd750b36bfde3c1407bd27c429eed4d5cb10cca5b41eeada6 |
| SHA512 | 8e4d630909e562c1f7a037405d247738da4bac2aa29c4bb3b99437bca27b553f0059919f67a84410e68283731d49696c1cf10bcb47a64d773aebbb129d56b130 |
C:\Users\Admin\AppData\Local\Temp\EgcQ.exe
| MD5 | 79bda18618908d34ad8abc4c17fb280b |
| SHA1 | 827fbb70fc008ec08e32b27ea6279e5092f3baf0 |
| SHA256 | e45dd143ac808e451f624961d0fdeb253f1ad03d95a9938bf712b1235925cb88 |
| SHA512 | b6a19ffd2c8b9a7ef5fd4bd1ef6a2cac08a053c4ac1ad6d46331bb23e253a7ab2676989be0d1636b3f78dd1d2b9590e406111ffb8868dbad0828abdbad852a6b |
C:\Users\Admin\AppData\Local\Temp\coog.exe
| MD5 | 8af6f0c0d9265435f35d8740bca3a4aa |
| SHA1 | 3f4de5764f2e169be38c915970ad4eed19b4ad8d |
| SHA256 | b8b46f04a246d4c28df010352cb6e16e8c324a2eb08b70314322f1b02d9fed93 |
| SHA512 | 2176bdabe47c61224e0f355c0b161dc9301b6d6a66d0bb71a596d9b2138a9ce9949b09ea4d8228f8025fe40487afa0a5b561d2b03e72cf5b02e8d397c8f96baa |
C:\Users\Admin\AppData\Local\Temp\igcC.exe
| MD5 | 7b611ae39022ac89fb026f1e2b7ea953 |
| SHA1 | 4126cd9973f4e973a501e8b9bcbc5ee70dff39e5 |
| SHA256 | c6e9fe6eb36244438a68d170a24d794791b5226bb98ddec6d530315afa996200 |
| SHA512 | b9136c1c046f579fbf9a25eb64f9431e9746693f1a3b3212e3aef83077432d8afe960e8b033b8b1ebf6c93e0af97af9583981371c3d1cbdcc7a3189b8ff988d6 |
C:\Users\Admin\AppData\Local\Temp\Wsog.exe
| MD5 | 1ac080a9978e23ba87143dd85a84b3ce |
| SHA1 | b56e4cd4ce28ee0fd58ed4fc4432f2b454585b8b |
| SHA256 | 4f26c2416c033c92f36a5fad7f5600b847962b4a4e0f60179a6d1f5db000bf25 |
| SHA512 | 609c2fb18574e615b4c8637d7717c359a7f7a6e63d0a9c963f32ee099d9b32acbed4d1acb41215fb1eed147ec9d495e9fa98829ba5d929bc9a5edebd7c973130 |
C:\Users\Admin\AppData\Local\Temp\UsAG.exe
| MD5 | 863a03c8b1501f243cb0b3d661e73742 |
| SHA1 | 47ac82f1b72308e183c04e1470902b46cdf9721e |
| SHA256 | 4140057e3a65dd1e6a707c761d760e50fca1e7583a33455e7add9fedcd195d16 |
| SHA512 | c5162c993cd88560f27719edf0696453f7807676275fd31d71a56fb01dd1e99e3feb88ce4b9d3fb58a7a04b17f49c4eee46cf22122e6c47ec2f01a6d9787cfaa |
C:\Users\Admin\AppData\Local\Temp\SAwE.exe
| MD5 | bcf551e391952544611cc6791c975393 |
| SHA1 | e19c1c0553b0e7946ad8ee23c91463163f178d17 |
| SHA256 | 4fce8599408bea5ae6547dec6bdbfc7fbb3216a125ce40627372879f1e3cfc46 |
| SHA512 | b3668840ed53649af06d8c3963be87a85bda7a3c22bf65ab3d300c2ad266338ed2cf89cb2f985b6bb1b9719c5ad609e95f1b252d19d0e9a3afde1746455feca9 |
C:\Users\Admin\AppData\Local\Temp\GEAE.exe
| MD5 | 8109652d6b0fcaec7c5b0a32153d4be5 |
| SHA1 | b2e7597b67030c03d660721ca3ebf8d9581a1ea7 |
| SHA256 | 7e0eff4c3e6f3cb4cadf4617c5243273aed340e2a3381dcb47a776cb32d33eef |
| SHA512 | 9d360c905fcc8e31e85fa28194292f8c3f41bebc82c7e103c94db0266d013a72caa9bb489cdd008549e41743292fc570463c79747cd293802cd9f156fab5898d |
C:\Users\Admin\AppData\Local\Temp\Cckk.exe
| MD5 | 436d73a073d752e40e024c5e19f5db6b |
| SHA1 | bbccf530156aa574f916b78f724d5989c28f7852 |
| SHA256 | bd353dfc08a5472730dcde09470b2f365f7ec915eb6ec89853bbe59f9a5e4f57 |
| SHA512 | 2ec0ef77a6073dbad9724b70321762d8372bb7b0d24c7f68bb11b113635ae945c6422d054c31de5ebe9a99eb9eafed5334e270b66d9e39eb4f14d346217f1eef |
C:\Users\Admin\AppData\Local\Temp\IskS.exe
| MD5 | fffcf6779421949dbc55c81ad5ae20e2 |
| SHA1 | d7bf937e1d69462cec3c859f2b71a73457c3a289 |
| SHA256 | d81e7bf685c79fcf050cbc68297b517f1d9b77c314be173c0f0ee8e453497c3d |
| SHA512 | 150e5553e49f8dc9597627d9e7914e005436c33cbd579f082d99d4e7aa6bcde003275cf955e04c995c5dcd5e27dd5f814f2937c3cb2433d514e2903d2f2f100d |
C:\Users\Admin\AppData\Local\Temp\oQci.exe
| MD5 | 599f5a23c3179d47b4f30888437b66e1 |
| SHA1 | 51d235cd672a34efec3be0566875d1bd90c0c71a |
| SHA256 | 71337ec7c81b8ada3942154b832b7abdcc05fee446c628c2882431d6de8e2171 |
| SHA512 | b2564f44048dd13143f3811e244e9152aae85ffe4bc9d5829c8c2ab28aaac0c84389767b550b1c4295d37be59737933424f0fa7dc6cc20e66fe7874b3ed22509 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AppErrorBlue.png.exe
| MD5 | e41fc5a46df6393149068021bfe1fb23 |
| SHA1 | 88bdc9c618a153f6cbd835ef2f9e484fe1e7146f |
| SHA256 | 48c67d0fc182c2f175934c64b80b59070e07b22b54f80ddd5d861774a0cc963b |
| SHA512 | 8b81b9c4dc1b2096acbf3717eb40e2d9b4e4df75e547e049459d8fb42894471386e947c72fba3d5ee58910bb91f5266f806d4115e1660c1ba380aff12ee3d59d |
C:\Users\Admin\AppData\Local\Temp\Okoy.exe
| MD5 | 691f59de9631499da97af45acba2b247 |
| SHA1 | ac6677a71e39593e4828715ec73567396440b96e |
| SHA256 | 5411b2f835b9a9ead55f81ee831fd420064084e704b4e1c82eff09f6b3f42baa |
| SHA512 | 567250f21320fdee75da392f82fae9970dd948f2681df908ec38b2b119f46f1995ed966e546dbb9348780338a930f1a131696cd9263e4a579e1d63a9ba065cca |
C:\Users\Admin\AppData\Local\Temp\ckgs.exe
| MD5 | b02290cb22d32e21c00c7a032f5d01bf |
| SHA1 | afc11e236fcd800e4cd90006bc32ad6d96569580 |
| SHA256 | e1de1b1d96871581466d9d643205d23433498b8f042ea231ca9d77f17be4108a |
| SHA512 | f27dfca47dce102682e687c47a5d6290072b5c0af914f3dcdf1b614572775622d14f0d235ce4a9dd151b49b1ca964d5451ef3dd345e29a5dac00d0a6e35f071f |
C:\Users\Admin\AppData\Local\Temp\akQm.exe
| MD5 | 58c9d71c03848b31ce22749ffecb459d |
| SHA1 | 102a1077f561b6719d3466c35e1f5011d5f9f195 |
| SHA256 | feb5f81be1af053803fb229cebe8a3782d8c3a828d513f20b32c250139b34e56 |
| SHA512 | 804e9b3dca907b7cfa3afdfedd6fc697f9b73498b7a7fc41c216a7d93a3449c9725a3913ae56fe375cd8a189a65f28cb98424c952252bb51d734441f1c9ce713 |
C:\Users\Admin\AppData\Local\Temp\OgIw.exe
| MD5 | 48f562dea3e5c091ebc45dc4a5f58626 |
| SHA1 | cca8d16a4063955c576ae93d0d830d868f4ffa41 |
| SHA256 | e2eb61253cb45cb4b031dc0dbac1db802a402d57d96a6822c74abdf59501baec |
| SHA512 | 7971d799a46674227f2e1504dc79c8cf2874202419afd56c243b96ab72133939aa4646b1d0d2ec9efe3b6d521c3fad50711ab56b735e24ab90fdb12206361c12 |
C:\Users\Admin\AppData\Local\Temp\iMok.exe
| MD5 | d51a56eb03e79095f27ec32fef1d898d |
| SHA1 | c634553db03fae7fbd12b8745bcff3dcf340cd4a |
| SHA256 | a9a23915fce5aa53e487da65dc3dfbcebae6db5df8b5c0c1f3585dd40d4032e3 |
| SHA512 | 48a83677ec56e30027858f9cfcd78ad9abc654c30d9306d8d5ff26a72b821adc19905c8277d2e3225fad623515eaacedb32e29208de6f05cb1276721f53bfab6 |
C:\Users\Admin\AppData\Local\Temp\iwgG.exe
| MD5 | 4b9ecf4c214652aed0f3a8069abb8ec4 |
| SHA1 | 975165963919e5e4ba98fddd223db63d46203037 |
| SHA256 | 49f69ed8ac5051ce7b7854bb7c86c012726a47287307c49d89da53b7a344de5f |
| SHA512 | eb402c032fa086ae77d151925d8b065f9cc26262217f17865e2ccbb6f6f4763f3ed58360e08f3d384f1e8176b58692d8dd1aa1917f846f0ebfdf0c4211b715a6 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Error.png.exe
| MD5 | 12889f00f1f38d46abc30aa92b7bf226 |
| SHA1 | 8e605971128a83c432acf843e6da1dd98bb67638 |
| SHA256 | ed09cbfe965c48fd07c1a4b576622cf32956008b311371bf6442bb3ecad080dc |
| SHA512 | 13cf0fd91862e3021c9b5b4fd9bd3e920526e26e5fdb1fd7796baa26c3fb1453ccb362cd83e2a3c2c5a50d4dbb24196948216d8420a09db0372115be3802ebb1 |
C:\Users\Admin\AppData\Local\Temp\MEMo.exe
| MD5 | 018b01a2e481b3502201ce3d8008195c |
| SHA1 | d0090e140485393d53c8a3f53952144454ed215e |
| SHA256 | d90a270abf725ce0981a9f1b615254296c8c5ffc26bb3f09a0d779f34d303fed |
| SHA512 | 1793ee5dbc18463ab8d7aacdccab9283d9bd0fb931d69acbd6dc3326f989034620f5c34ef009ecc842ca738298b8cafbc6a1ade39e922511b6621d3d1ce35afb |
C:\Users\Admin\AppData\Local\Temp\sUcK.exe
| MD5 | dbd5a79e6bde68d8b565a870012a186f |
| SHA1 | 12b64eb28a13b20a0d308040c1411af23e001ca9 |
| SHA256 | 4541d79fa4dc378a046e7cc60fb788481111b968ad133b3e65c6047dae0ff747 |
| SHA512 | 317155c9dffbdd055e20d5228675658ddf02af3d19dce0f954f05292ab07a9c0737d3c0851697950a2ade820f9d8e4dad08c3829a6d7eff000233e7e13db64ce |
C:\Users\Admin\AppData\Local\Temp\aUgy.exe
| MD5 | 01e41b6635a4f81996e36e5f31ce4734 |
| SHA1 | 6d061f8e809457490afdd44d9990bbbefc162fe5 |
| SHA256 | 85aaac1c15d8666962c33e2aabfda01009e6043b6f8d48284ca9e17c2c22f4f2 |
| SHA512 | c740ffd893f984c9566f491021074c89dfe0f48965266a57dffef52ba09b42ea85fc7ae7c149172891fdc6c10f78bda78a0f98840a5c09ee7d25a0812165ea5d |
C:\Users\Admin\AppData\Local\Temp\IEAq.exe
| MD5 | afbf845eb999b376489e7640126292ae |
| SHA1 | b966f85d4c7efb0168779c37b6ce378ce8762b1d |
| SHA256 | 37b221ef957a3c61840c2244303e952addb893301bc9d913dae39bd3596564f4 |
| SHA512 | ecd33a235c56e6f4264ff20b344aa62fe94ce58d7828d2248e8d2526b693279e2948c32f6f09c57e623c3eb14120ab9160ddb5bf692403035c3852aee76f46b2 |
C:\Users\Admin\AppData\Local\Temp\MIEk.exe
| MD5 | e29c5e7d9a9da601354cdb3c4dfc7c7e |
| SHA1 | 5ecf5032b8377610d10e636e0791b2e983d00cf6 |
| SHA256 | 2c01fa606c87b375857ce02020a27c4bdbb0023e59b21b6ce35b1f185d297d6c |
| SHA512 | 4821598f503d4fa4ef1c88f11c881900cfed44f16601ababf646cf17ff32fbdfc953fc6259aa11908a45b120c2e090c32179cc7f94f227b35720bd6ab4041514 |
C:\Users\Admin\AppData\Local\Temp\QIAs.exe
| MD5 | c880e62fefc924a33397df3e44084eed |
| SHA1 | 9154d61e43523443e3925b52be92dbbe8694ec57 |
| SHA256 | 2f7dea72c1e049112009ba97bc864cf9f3934c291a697ec74f8eedc97493fed8 |
| SHA512 | 3f90546e01614ec78f51b97b7062d1c21fd8ad76dc344c86be182c59e5db7955f1513e5b1219bb208524a175bc586cfc25483ae7724a0ff4bf59b0caef03329f |
C:\Users\Admin\AppData\Local\Temp\agos.exe
| MD5 | d42b60e392a9c989a8492c9c8418875f |
| SHA1 | 297e97ee71b767b2249d315586c9c2ffc9f44009 |
| SHA256 | ba9620aa95317337ed1d1fa5780fb8372dbed0697c2ec4bd80d010a6114d5177 |
| SHA512 | d6b7cf27c51e0b885662943276c76616ac21ae701c5580445c0840b1911b1b1a849af4a2f989b5da22deee8b8efe35f3984feec6176b465d09cfeb0d6d6dea5e |
C:\Users\Admin\AppData\Local\Temp\YEcS.exe
| MD5 | 140e6a28a59f769b0054fbe2ea62883a |
| SHA1 | 83aa2cda2e57f85532dc37dbd34cfa7f7a665672 |
| SHA256 | e78cdcb4a00d207dd8975ff275ca6a92a4a42adf2d5521bf3e0d0454c46412b4 |
| SHA512 | 0bd5f83e8a398fe3a7892f4e7222f4ba76ae5c4217dacebffed060907be6d3a0242f8b3e0c4f5a272bf3f6d1379777a1ca9d786ad1b29ed614fd038f0e7099f5 |
C:\Users\Admin\AppData\Local\Temp\gQYw.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Temp\KMAq.exe
| MD5 | 847cbb6ba668d2f2c9290eca9c29c5df |
| SHA1 | a270c968effd1c97215c2429818b11df80893f04 |
| SHA256 | 53ee3ec8317835a170975a8d108cf02bd0490c61b9792b5f1f50b7e91b5bb795 |
| SHA512 | 5f281fbea7874c39d3c0ccb0f0c31a5e8eafded03ac3cc2ab402ec9375bc6dea8cbd455b3985b55c4b9a30d794176b50adb0bdc73f356c3707cc68f582908e90 |
C:\Users\Admin\AppData\Local\Temp\Ykgi.exe
| MD5 | 797b2cd547130dbf6899d7147f90a56d |
| SHA1 | 44fe2501c1c53101c4beb6cc93093653b0d5acf1 |
| SHA256 | f27de287c2aa15de759d4751436b278dafb5b3f173ad846aab5f9256f8b81767 |
| SHA512 | ece04d9b86f678ac8876015793f8b913826e92f3fb3010c33319d22496039b2b272cc10006f7c0e4c55db9e015af9f7810df981e313cf522c0fb6570711e21eb |
C:\Users\Admin\AppData\Local\Temp\IQky.exe
| MD5 | cb6112b7a70f60047778e26dad0a0854 |
| SHA1 | e7031987124ccb1c74a59f5af72b4011a0c8696c |
| SHA256 | ed005866871bd0c9a0d3832d1fd89b8b759cb2a33c63f142d640f9a864e70034 |
| SHA512 | 6a12517b4fd727d72aedad157437c697003d8712b42c63ecdd53f6623860e67869925487d7bb92934e1aede3630d2e600c296328c951e5d4745e31addfb1613f |
C:\Users\Admin\AppData\Local\Temp\ycgs.exe
| MD5 | a111f7766f4d220625e363fba6dd69ed |
| SHA1 | 76c82deb18a552a8eeb0eb94ff50e04a78205946 |
| SHA256 | 63904e8b43dd51dba9e45bf132835a113e2a41a0a7dff0264d399a05cf0a6bf3 |
| SHA512 | a639b9af3bcd667bcbfc7d69e4032d3152a341cbfd4dae871746a9a5796e23af79be754144c84c47bf594761079600c915b39de9da9ca48e819f71789a331f22 |
C:\Users\Admin\AppData\Local\Temp\wMAO.exe
| MD5 | 0b118a6bd5a81e9c5a72f9706eaf623f |
| SHA1 | f118f580ae5e2106c1b64b7058aa7e2a9f58f4f5 |
| SHA256 | 2947d652f404bc87b8f5db8b275940a0639c7bed8d4d0c9cee8be1b83cbe4b84 |
| SHA512 | 6c74497823e02f1c2702c667c972dc419208a0c482afc7981827b72261194e1852513534d64a470213c5008d44e619285c1a5527026695dd829a83746068f322 |
C:\Users\Admin\AppData\Local\Temp\OoIo.exe
| MD5 | 208f3d729ea7997ffdc99bc011e60244 |
| SHA1 | a5467eba295f59cfac431d80ca212b8d53be885d |
| SHA256 | 622774105d04ca30b46e8f552ab05767d00a995b00366b18d82dbc108cacc68f |
| SHA512 | beb89739ed2688d529c8363e166b16c6f526de2a548e3fa341e8b3bba3a8db30e04a557851529677b71a671d10491088873f05a80fcf7c2ddad7f63efb30165a |
C:\Users\Admin\AppData\Local\Temp\wAMw.exe
| MD5 | cca4918a0f51cd7a8c9b56cdbf33cd84 |
| SHA1 | 71e0e63077c3bb9d4e5d2909432675cb16a6fbab |
| SHA256 | 176f9fdc93f8b9b822ce49f30f47fd79099760e9046d610aaadb92dadf635e5c |
| SHA512 | 3342afe66299fef9b661d472b3c07e905e103d2cd885069df7770c25faa801af64e1dda730aa414783431f79ca3b63f1e0d256cb2d89885d7ff795744d26f9a1 |
C:\Users\Admin\AppData\Local\Temp\EUQG.exe
| MD5 | 54f0d01ac53f7a95b2ce7fcda65c0aac |
| SHA1 | a591355560924bf0c490d80b13f8caf9202af78e |
| SHA256 | 3a6c141788c2fbda2f27bcd988b05c9d3e9652723c9639ac5e84df86bead6bbd |
| SHA512 | cf5beb279bdb322e266d720208fda4594c71ce3c77c8b32973f9a0612d2889a794ce0bf220d0598cfa39b5e666e81a34f290a24c341ffba754325c2a2daa15aa |
C:\Users\Admin\AppData\Local\Temp\CkYi.exe
| MD5 | bfa4ba6626eca2aa3aedd259f38f4873 |
| SHA1 | 2d08a548e21ae489ef3abe99d451694bb3a070c8 |
| SHA256 | a71e32c8962e2471c6a9234b858a522d21dc5ddb45102e7e2bbc088e49323d7f |
| SHA512 | a8c177167d5681c860bd07f5b367b0a50c36290b80896a1fd9932166018fd5b959e340a51d8376da5250761e07ca87bdb354143d01fb0672f48376a6f140dff4 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\26310719480\tinytile.png.exe
| MD5 | 93fbe67bedd598e91ab9feb3e4850f7c |
| SHA1 | 82152e7d0ee2a9abfc9cf12fd3df0d1bf3264ece |
| SHA256 | bb76ee4a1b7d27405f32e8444bb7258404c875ebdcacc8dcc5416fe4a3204e44 |
| SHA512 | bcdcc1693e440a8321d166bcd0f83188acfa3a93d6b286b8e48da0ee18929c2fa859f1541ce08f48a6647df47a485d602116439211c32f2188f7d378289b6103 |
C:\Users\Admin\AppData\Local\Temp\igkg.exe
| MD5 | 6722d475c959207a279cc66988e943fc |
| SHA1 | 0f1faf3484352f2db4851f895cca633ecbd2384e |
| SHA256 | c125ebcac4e145c43af861c2061790c2663c2eaadaef8136a7eea0abced35a8e |
| SHA512 | e33591d910852efee1fc2ce23acca1b436737fe38828cff6ce772daad9ea429b93fb0e8ee3287ca47433bac00204c32bd79e6822d8797c1b3422e59ba2068571 |
C:\Users\Admin\AppData\Local\Temp\cosi.exe
| MD5 | 4b9c7649c9b18c466a706f0bc6a658aa |
| SHA1 | 072e71d7d6e12ea548e637175ac240ba188f95c0 |
| SHA256 | 6fbff5a663212086ece492d0e5a0ad595b64e2d64779af9030dec51137fe1667 |
| SHA512 | f1ae7992842f2bf5f094021b24a565838c88131cb74801b0a2f225a5359dd0653a5ce7e6ea1ee399046ac88261219d9cb9c3e38a069774528ba7819d178c9469 |
C:\Users\Admin\AppData\Local\Temp\gUkK.exe
| MD5 | e049ea4ac09ae54971eae37622fbb1ff |
| SHA1 | e77f95b4a6c23aca20cb7b64a00f360eed8a81f6 |
| SHA256 | 707d7d201abe117eb7672d402059edb149b6e7f4fdfa92053eeba98c5dc514fe |
| SHA512 | 4b01d53d5c533f994505fca5632772e86a38aaf0125842eb049bc98f6c72ddec555c44480407e69ed993fe7581931f826b80c74200b6541de11d6ecbfa544926 |
C:\Users\Admin\AppData\Roaming\ConfirmInvoke.mp3.exe
| MD5 | b0f353a31ec6e388893a9089b775cf07 |
| SHA1 | 557776423901dcd4a9e3b2ea00c95b6bd8e76375 |
| SHA256 | 0311aef67568ca2a541a04a399ec50c35ac210864c1c4cf62b4adf28eba258e6 |
| SHA512 | d11e417536e3a923c9970be59d04ed0e4c5731ea497dda51c7526fbf5c0c51699e07fc219f34efc78de3ae477f886d103443af9cc6c74895ed01476f93795183 |
C:\Users\Admin\AppData\Local\Temp\cogO.exe
| MD5 | 11c714f3a48cc5752860cd089a0c00fb |
| SHA1 | 154d587bb7bf94b3b23cb28a8d2f63cbacabde5f |
| SHA256 | 2b2a8ef93ead0d4ded53a5cb7e32b43eb2165650990b8f49face948f450d719f |
| SHA512 | 4cf7cd2cfe40a1b82f5c683112ae99413c7ff95ddffa3f641dfb8c994ae601028de9f3d77179243269cac7cb5b1e7676e2d8e3e93968174c88de8cf75bfb2730 |
C:\Users\Admin\AppData\Local\Temp\icYW.exe
| MD5 | 186673763c50cd836e75fe3720c7f203 |
| SHA1 | 9436454ecd100d49da603a5ef89b4b429530e5f5 |
| SHA256 | de6b43074ca58d00aa1a9bf28d757ea57a7abc306f2a12455127dc8aa9fedc4c |
| SHA512 | e13334caf70c08db8d021402cefcb5023ebb8a0cc494c15c03c4f4163e60cddcca4f25b8983955ffdb95479ba05c69be895b0a1db4ccb9c7b08b6e80f9d1fb94 |