Analysis Overview
SHA256
d3ec9fec4f73dcd82270934c04376a288db43763d4b142f0bf0b0a7cbad08900
Threat Level: Known bad
The file 2024-10-16_e0a8441493e12806acc53cce247292e8_virlock was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Modifies visibility of file extensions in Explorer
Renames multiple (55) files with added filename extension
Renames multiple (84) files with added filename extension
Checks computer location settings
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Adds Run key to start application
Drops file in System32 directory
Unsigned PE
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Modifies registry key
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-10-16 08:08
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-16 08:08
Reported
2024-10-16 08:11
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
99s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (84) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\RcoIokoY\MEAoEMQM.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\RcoIokoY\MEAoEMQM.exe | N/A |
| N/A | N/A | C:\ProgramData\iGEQQkcA\jQIssMIo.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MEAoEMQM.exe = "C:\\Users\\Admin\\RcoIokoY\\MEAoEMQM.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\jQIssMIo.exe = "C:\\ProgramData\\iGEQQkcA\\jQIssMIo.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MEAoEMQM.exe = "C:\\Users\\Admin\\RcoIokoY\\MEAoEMQM.exe" | C:\Users\Admin\RcoIokoY\MEAoEMQM.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\jQIssMIo.exe = "C:\\ProgramData\\iGEQQkcA\\jQIssMIo.exe" | C:\ProgramData\iGEQQkcA\jQIssMIo.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\RcoIokoY\MEAoEMQM.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\RcoIokoY\MEAoEMQM.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\RcoIokoY\MEAoEMQM.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe"
C:\Users\Admin\RcoIokoY\MEAoEMQM.exe
"C:\Users\Admin\RcoIokoY\MEAoEMQM.exe"
C:\ProgramData\iGEQQkcA\jQIssMIo.exe
"C:\ProgramData\iGEQQkcA\jQIssMIo.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QaAUwsAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PAkgQEQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\juUYIYks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VgEgAMos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\POsoAIUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cgAEIAUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qEoAwckQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gkEwUwMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uKwEIwIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RWgkEkkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NMIowcws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VokgokEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dqscIEsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\weMcEgAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mkgwwwMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wsQQcUcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ICUkMUkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\riQUgQcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DYQgcUcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zkUsoEgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RyAUsQoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oUMcMUIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EOIYAMUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UEcoAYwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yyQgkwYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZuMYQksM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DSgwEIAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jUgAUIgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\luAYsQww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MOAYIwgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UigksQUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kaYQAYwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LCUIEUkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vqEEcQIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fKgkcAMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WgEYsokg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WyYgAYUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aKYoAsQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sOswsEcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FGAMckgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XEUQEwsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XAwckYYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wSowoogA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\geIQYAMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WkYQsEEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VcQUIQUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fmAIIwsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lAwoogwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xkYcAkYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mmAIkoAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MEoEwwQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wogMAUIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yQgAIsMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VCUMQIog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hsAQUsgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fkwEgkME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MsogcAAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wsYUwoIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AOsgUAEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HcoIsgYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nOEokIos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zMsAAkcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fCkgEAAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SGUMEkcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kmkoQEQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wSAEwEoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UKccsUYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\diIogQAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tkogQwQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PkAsQowI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sWgwYIkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SeYIcgAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ieoUcUco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gakoAgMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FokogsUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zigQIkQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zoswsIoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mWwYYkkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qYYoYskQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iIwgwAQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UeokEAsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RSgEYsIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HwEkEYIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HoEwMsUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pSEwQggU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\egMsQMUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UiwsYgIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wWoAAAYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nQUQIQYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vyEcwcgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XOYQowsU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jwUYkwwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\okogkAwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aIcEEkYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KYogswQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YkQsMYcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pgMIcYww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HAoskMcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ngowwQAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qowMcYgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qaEoIcUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OiYUsYIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KiAkwAsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DmcIUAgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZskUgwQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PSsccAwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wSAoEcoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WGsUEwIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\augEwMgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rkQkMIQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hYUEEUQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BEAYokIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bugYsIgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XcgoUEck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yuYQwsIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kcQwYswY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yqMEIcsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iKoUkkYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BgsAIkMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VkMcgYgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rmEgYAsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mUMQoccY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GyAAUcIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SyEEgksk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ymwYowcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JCQQUIcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tSswQEIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bcMMcEAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SAwEUwIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yUYcwsEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cmMAcYog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VGIYQkwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PYoYQQwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FeEkkQww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jYAcIUYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GsgkEUUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KoIAMEoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\imUMAswM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eaAQAIsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pQkIQEUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 172.217.169.14:80 | google.com | tcp |
| GB | 172.217.169.14:80 | google.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
Files
memory/2168-0-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\RcoIokoY\MEAoEMQM.exe
| MD5 | 4d7bd3a3c0793b903fbaa55f9b724833 |
| SHA1 | 4ac78d705e24ec4b1cb4bfa5edebd26e6923a05d |
| SHA256 | ee0e559aa587729b2907066ec0e750db3b63a2ec54f1e2fa3a59fb4852b7a399 |
| SHA512 | c3d9b7534d790356119f0d14b8f7d48f86fcce25c2ea6b4ae6fc230cdad34b30fe22543e2c524702cbeabe6bd6c74eb8f01bba5f4b9dc9fbee216272d23ed16f |
C:\ProgramData\iGEQQkcA\jQIssMIo.exe
| MD5 | 45701fe5b5bab69da06a653eac836a46 |
| SHA1 | d85e7645b079764d76f2b3dde91582271de9d194 |
| SHA256 | 4a5eb624d7d9f628223ee18d8cd1850df1f88430fb6a4454ea0943e54c262654 |
| SHA512 | 647e74e423a2144d1f8496d804bff1274935b9cf4440a99b26dd1404d950a6abdcbc9723ba0027879608149c9920f69d8d0875e39937cf9e41ca01b6cb9bdfdf |
memory/2848-9-0x0000000000400000-0x0000000000430000-memory.dmp
memory/844-14-0x0000000000400000-0x0000000000430000-memory.dmp
memory/2168-19-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QaAUwsAA.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
| MD5 | 38523dacb7a20f049d5de61fc1cf87d5 |
| SHA1 | 310f1c826385f858572a6c747688d897b851024e |
| SHA256 | 4ee4b1cd9eddbf7cdef2797a8822ddd7afc8082b9483d52abee606e8e99a2191 |
| SHA512 | 61d8bbc98b2414fa7311d1661c9ddd33edba50a5a1847a78b52429b819260d176af87068b10a0963f858e55a0ad5ed3fa2bcc0f02389334fd47894aae662bee1 |
memory/2316-32-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4876-43-0x0000000000400000-0x0000000000433000-memory.dmp
memory/912-51-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1888-55-0x0000000000400000-0x0000000000433000-memory.dmp
memory/912-66-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2928-79-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1868-90-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1852-101-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4704-112-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4576-125-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3000-136-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4844-147-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4140-155-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3032-159-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4140-172-0x0000000000400000-0x0000000000433000-memory.dmp
memory/64-173-0x0000000000400000-0x0000000000433000-memory.dmp
memory/64-184-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1880-195-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3596-206-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2900-219-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2928-230-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2344-231-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2344-242-0x0000000000400000-0x0000000000433000-memory.dmp
C:\ProgramData\iGEQQkcA\jQIssMIo.inf
| MD5 | 99ad3b2ef9875786deca85fb0a227b11 |
| SHA1 | 2464a1d3aa0b952a71273733090574d2be5e06f5 |
| SHA256 | 8a855d38900dd341bdc0637931c82482db7b1f52e27d3026e384e2064371b289 |
| SHA512 | a420fc0963eac6238183d83b96ba65a8661cb6a3546e6972785d5dc6212dd5cbf7c73562349d777def9f260b45744c82d81dd822225f44d0be4e2e5329f6b29f |
memory/1012-255-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2944-263-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4600-271-0x0000000000400000-0x0000000000433000-memory.dmp
memory/5008-279-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2124-288-0x0000000000400000-0x0000000000433000-memory.dmp
memory/800-290-0x0000000000400000-0x0000000000433000-memory.dmp
memory/800-298-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3948-306-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4412-314-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4308-324-0x0000000000400000-0x0000000000433000-memory.dmp
memory/5084-332-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3992-333-0x0000000000400000-0x0000000000433000-memory.dmp
memory/5084-341-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1632-349-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2024-351-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2024-360-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4896-362-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4896-369-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3636-370-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3636-378-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3524-388-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2876-396-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3032-404-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2092-414-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3272-422-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3688-430-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2740-438-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4472-440-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4472-449-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1892-457-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3944-465-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3380-475-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3492-483-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2304-491-0x0000000000400000-0x0000000000433000-memory.dmp
memory/452-498-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2180-502-0x0000000000400000-0x0000000000433000-memory.dmp
memory/452-510-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2092-518-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4392-519-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4392-527-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3944-537-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2288-545-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4680-547-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4680-554-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3404-556-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3404-565-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2044-566-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2044-574-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2232-582-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2716-591-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2800-600-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1396-608-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1260-616-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3744-622-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4152-627-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3744-635-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4948-643-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2352-651-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3444-659-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1116-669-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2948-670-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1116-678-0x0000000000400000-0x0000000000433000-memory.dmp
memory/5104-686-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4816-696-0x0000000000400000-0x0000000000433000-memory.dmp
memory/852-698-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4368-702-0x0000000000400000-0x0000000000433000-memory.dmp
memory/852-706-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4368-714-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WokE.exe
| MD5 | 023daa720cf6ae2510907b030287e1b7 |
| SHA1 | e3b2d5c87c5ef7c214da119efc9a17862b45f464 |
| SHA256 | 0a330495afcb49cbf98294b2592c5425a50d7d5da09cdd37a657aa75d69006d3 |
| SHA512 | 8506783b93a50a239b83a50f2c1db675055b26639109a9a52550d3048c15ae1eafe6cd602d727bfe991d1256199f8670117937db25a22bbc7a19e7714044abb0 |
memory/4496-739-0x0000000000400000-0x0000000000433000-memory.dmp
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.exe
| MD5 | 5dbd4906c0a0fbfe343051d5f36f0986 |
| SHA1 | 57b6623d6007d2e58bf6d17437c005e0eea4067a |
| SHA256 | fdef75f85721ef8f7d7173d38b2348f760b3e6605cf651f590d5fc1b9bdc64b9 |
| SHA512 | 42420afd81e05ca7d45c2bcc8bb441bd143d6947b2a95a07ae6ca00ea2c99ef8134c3262ab1e875e2bc6f888461d230614e9cd1b31b5cea319668896f2e11d4f |
C:\Users\Admin\AppData\Local\Temp\yMMS.exe
| MD5 | 0c6c3d8f49bdf7f80c1ced344b4dc7eb |
| SHA1 | bb77af21fda94c18381cb642cdb5a41cc7ca241a |
| SHA256 | 0e87738f3090a4e3338c4b37f54a4928290f63694795ede7ab17295e0eb66c8e |
| SHA512 | eb58f2feb418b69842909a03eb52f12ded5230edce643ca2e0d24f274bec8eb666b58d45a4d6dbbbaee01974903f3ca05a0c36c4782102457e6705b49ecbc23f |
C:\Users\Admin\AppData\Local\Temp\qwUg.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\Users\Admin\AppData\Local\Temp\uAwQ.exe
| MD5 | 93d1044afbbbef325373626851cf0848 |
| SHA1 | a25a7d014064100875222de0df51332121d1d892 |
| SHA256 | 4a34a0df53f12e6b9a473256b97f12023696e7c25773061cfc71d305a23855bb |
| SHA512 | b36968e4dcf079c37af502d61a834a11b824ae0e7d6d8a8492fb350a6602e36e8b5b1956904b4d63ece68be6e412cfe19bfb0dd52940cd6affe6c2d286da4ddd |
C:\Users\Admin\AppData\Local\Temp\Kgca.exe
| MD5 | b598e182026555007d1fbbf06559480b |
| SHA1 | c6b50a5c59371d6944993f3830d1d91cddf25948 |
| SHA256 | fce2dfbd00302e9dc9ca413e0501fb0a6d19fbfa009f1062a006f6bbf16c314c |
| SHA512 | 35db9b71f9dea9baf6af05ea636a2e1fa2248632fb5859c3ed7a1bdd5aa40d2e72a5b25ea7b535aea9dff095df704b3e874a6fc30b36724dedffdb0cda98e3fd |
C:\Users\Admin\AppData\Local\Temp\CYIe.exe
| MD5 | 50b3e3c1d9d48ec3523b8302c8627786 |
| SHA1 | 7c29dfe7791c2156f73558fa45dc4cb00b16eed4 |
| SHA256 | 95a808e05e44c9e52b838bfb27c44ce1d8ed30e7f4ba0cf47eec45da99f17e8e |
| SHA512 | 143dc09bb7720b8b82bf4357aed3ae01ac90ce2840a56278e9c1c89a39cc8e5e4bd1eae508b1c5cb1eed43404a42878950fb8a8e245bacfc2a66b325be938714 |
C:\Users\Admin\AppData\Local\Temp\aAwk.exe
| MD5 | 709aceeac4a2861e294c1b6e04cba9e1 |
| SHA1 | 8f1c9820434210dd75db19a4392e7202c8b623bf |
| SHA256 | 412f777d17e18b1b7bbe583f0782a2945f2ebd8cb5e214fdc35130628d6dff94 |
| SHA512 | 78bc1650a54ade7a98a7a4a0d38e7e2cbe5f8761db82137f54e44ca7141b1b5cd72948e4fed414023434e421af42e11a98e7fa9af6c8b4340cfed33182997161 |
C:\Users\Admin\AppData\Local\Temp\gIAO.exe
| MD5 | 12e9b22455cadf4f3f0e1ff10252a1c1 |
| SHA1 | 42baac694a87f2d7d3151964ebea2d806c673d0e |
| SHA256 | 51ef62406fa5ff8cc4d29fc1e59b656579e8cfd88776b9b852829b42194e72ec |
| SHA512 | dab353dc02836e845fcfb7e9078407847e6301bb418a7ba4dd14b00c03604ea302e59832fe0d1b1dd11b9f7167b70425335531ab70cff49e3b891626783cf39d |
C:\Users\Admin\AppData\Local\Temp\ygYi.exe
| MD5 | 6293dcc73bbf2a67dd9ec734f10af992 |
| SHA1 | 938256bf030452213c10c35b795493dcabab70aa |
| SHA256 | dfc7c993b8aa6e2ac5127036404127cab3a9b50c438b6f9eebe60f2e625056f9 |
| SHA512 | f7e8ba2485b7e9dacd56403166d99915f5e845c834fa2a0ffcf16deaf7c607d2e368dd42705e5e60836cf0adc2221ad42385c7e5ef83f2c263fed5ba4097bab9 |
C:\Users\Admin\AppData\Local\Temp\IUoO.exe
| MD5 | 5498abcc7620f19f030b01b09be093b8 |
| SHA1 | c50661309b5503251943030aa58d2b5c3980ccbc |
| SHA256 | 46ce0d184f9f7f714c8aa1659ff02b0610dad378f12db737e1fae45810dadea2 |
| SHA512 | 90ad4c68144fd5391f9e3430f9e31a8f988a551d45edcf045c935097a0ca917eafd26fed07bfc046f62a3d3f3af3d273e75b25d9923fb6029846778bde9374b3 |
C:\Users\Admin\AppData\Local\Temp\YsYG.exe
| MD5 | d30108997eb491cad670ecfd0e6d0306 |
| SHA1 | 5b69b655797c04c23f9532e9b33f4575cc00fb5e |
| SHA256 | 19d73aaa4a1c55a13de34cd2e7942d9e1779a2632b763cebf4d56a2ffd168cd0 |
| SHA512 | f5f938c2211f15331525bf44ddd6a62243cc8bcddc003ff7462ebedb0023acf2d074c273029f446e61c9aaf6e20e874e5cfc96c68bd1288930c9b82c3be2de72 |
C:\Users\Admin\AppData\Local\Temp\WkMC.exe
| MD5 | cd73e00a451fa870d69061e553c81724 |
| SHA1 | 2b47bdba45190dc9ba115dafee3574899b2da1f9 |
| SHA256 | 3ad33d25a783c1d4e3bde3d41300db577959ddd11b24c74c24ae6efee328202f |
| SHA512 | 140acf90dabf7ccfb719ece60182efbfc6ceae67f1d6efab110048db97b8d1f581a33ba3bd537d1e2e1b62cf594ac072f63ff80d26ec7067bac1f4bffc8311e3 |
C:\Users\Admin\AppData\Local\Temp\uQEq.exe
| MD5 | 8981a37f69632bf6e88490aa30fc4756 |
| SHA1 | 245a82f1fc571198ab533e2fdc32dac688732c26 |
| SHA256 | a1571fc3bddcbb913490998e438aca274cd80827ac236666e4421210855b7b1d |
| SHA512 | 8cc6960cb2cde8fad104cbfe66643a2a9497dbc9c6c38777e3afaeca157b730df90c8e753a6f9c8b1db9379a96fae7eaac7e8d3c05cd9c429bbd8cd315cf944f |
C:\Users\Admin\AppData\Local\Temp\SEwU.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\YYsC.exe
| MD5 | eed98469704b5b7ef5cf84105a6d5ec3 |
| SHA1 | 6d06f5c0aa4a90ef70bc28648c70fe971cc9919e |
| SHA256 | 77315bc35c71b4fac0ed9ac4a23b2f03ca1d03b29301fb2f607952f0a1bd1129 |
| SHA512 | 68fcc8f8c3fdc344c8a48c7aaf933fee35dad0b0f832cdd8c0cef0838fae02da3b5a04cdc04748097f7d2235146e95793a357f2a3ef03d06dcdbee786d03fe4b |
C:\Users\Admin\AppData\Local\Temp\GscK.exe
| MD5 | a508b8347a620000434a3e7726253ac3 |
| SHA1 | 5575a7f88464e90f48f5375d93be1072b85da286 |
| SHA256 | 27d9c5904b7a3f21c37a3d0d77969b4525a9004f7cfb5fc9a3a080a9b59d6e88 |
| SHA512 | 1ba7eead7aebc55323b8a1798f7c491614766958f6feea690f28db963aa4c236a98d18f97cd3aecd7c18f0d264dacdd456720c2eb74364b4a9ec70568410fbcd |
C:\Users\Admin\AppData\Local\Temp\KgEK.exe
| MD5 | 6c48dd27bffedf64c2a2fba645659579 |
| SHA1 | 3f398ce8e86d2eb1abd2ca69eb6a89dab330840a |
| SHA256 | 30dcc09e13658e86c15a1d361a75447f0fdccbac73f51b48c3c8bf8c1d6ee0ca |
| SHA512 | e0e66e74573aa98f541d59a018743ff9d694b31d4206a814e1948ca708bbd2798f5d9bacd6450b19b8ea319a8a0fdb9147b86f4b6c840dc232c664d7f9856489 |
C:\Users\Admin\AppData\Local\Temp\UooQ.exe
| MD5 | aaba61aff3f55defe1e192b66052d546 |
| SHA1 | 093346f3859e91821c310190653f3925120c63f5 |
| SHA256 | 03447be318509cc5684c6ee3210b3ffa5787fcf324ec613789df07bdf7c9cf16 |
| SHA512 | d17fe57eb6cfcda4e77290e0a986da704f54b0e1faa93b5a8c1815a63fa5c67cdbf0be1216c7b277c2e8f830876a0197183b823ae99a59fcaad1f54cec2aaf0a |
C:\Users\Admin\AppData\Local\Temp\ucIa.exe
| MD5 | e78463bc8e5665ae6a0049a5f3d3be7e |
| SHA1 | ded7729c66e920ae5f13f000c0342b36017a85df |
| SHA256 | 8c0cbab6c7585ef8095c476242adf08291385b700a6429ac48f1d77fa947cf2a |
| SHA512 | 152d2ee4f7d106f4cb64e5ed0c40a56b110de546ecf4dc7181b665e38925ad3dd980f8867a1412fe924f2808ac1d982da8e7cc77f2a528330c36f80a0aa841ca |
C:\Users\Admin\AppData\Local\Temp\ussg.exe
| MD5 | ee156320cf08e624eeecd6b49e3a9bbe |
| SHA1 | 3dade4b346e9e61c054c2b88b3c1e46fa1221909 |
| SHA256 | 8e5ff7329ab49268d9321ba7a4e3a5334615a941803d4709162827b6e7f00d57 |
| SHA512 | c7327fda74f4123c83de748aecb02ab057baf4482186697f14751c4fc8b8aeb7f317d57ff71f4ecec0a7ab7510a62bce11bc78a53f35a52a9d28765e5c4a657c |
C:\Users\Admin\AppData\Local\Temp\AQkc.exe
| MD5 | 45e5650073d3a7021cc432ed44752dcd |
| SHA1 | 7f726d613fb11dcb5d78891181f8ba2968bdc03d |
| SHA256 | aeb87be9f373ebb823f2dc6ac65219af6242aa2ebc01175913602e4154f080a7 |
| SHA512 | e35a4a885f08da1b9df4862c0cb777950eac3f176c47be14212d7d43e1d52c07243980410b209a78d84fca2353a933427253d7a0c3f897e2e97c2f786145a3d7 |
C:\Users\Admin\AppData\Local\Temp\MIwC.exe
| MD5 | e2a8b30bad1107bc18d3069ff96d0a60 |
| SHA1 | 7818e1cc5d24fdd00bbd60326654943fbe26eb27 |
| SHA256 | fd5de1111dd76002b6950ec1a6f675df9a7a63cb154b9c8188b2475330025fbf |
| SHA512 | 4d83f90eb98ab14a7fdde305c6eab494fea42998e139ac31efc6f96e716aa00ae5a25d19c16b29cbaabc3fd560a97e6bb3ba1ee0c2c3e1b76bc0c029a24775fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.82.1_0\128.png.exe
| MD5 | 37c7a595f7ce371d9f1fabbe03d0d068 |
| SHA1 | ca9ced4a487287f52870abc488a049bbea001a86 |
| SHA256 | ca4c272e4524bcc4494e0e62bcdc2398496b339f10b039be66f92eff322431fd |
| SHA512 | c6f4c73fe66bfb9b3339864e19be6121990e87f50ae53cee24f7789e7b2245af505c04d3b47f249b9bb7e411d2799a925ca8c22e832e71118ed144207f8ce892 |
C:\Users\Admin\AppData\Local\Temp\uAwC.exe
| MD5 | fef28146c0bd0eebcc336bfcf32147dd |
| SHA1 | fb86b768482eefca9d3830bdb774531e41c12cd7 |
| SHA256 | 32170c51f2d0526e227b3a26d51995f4a6a763b1e25659f25f134eba9ef77b77 |
| SHA512 | 30614bc2425058ce7cc8ecf53bdb0644331d6fa460a344fc9a6fbb3c12b5e86123b5e1c3f4c73c90d7d134a9f9e6bc583dfce8984ef4d757af22280dae1dff57 |
C:\Users\Admin\AppData\Local\Temp\oEgg.exe
| MD5 | a12baa7c106a698ea39885c0a7d15006 |
| SHA1 | ab7858e4416d12409dc4985d41090c2b9eaa5733 |
| SHA256 | e72c68baca6bbe2d9a6735dcb7bb6aeb6c6b2cfe6c1533b9c77bcb5e95250f95 |
| SHA512 | b47d99965c70a3ccd0830206b99ac1dfeea10cfafa2ef4090fdb6c3d19d51a516b051e24df658cf1f534ee0e5006db0b7f3e9727199179c0d2a60cb3a49acb27 |
C:\Users\Admin\AppData\Local\Temp\ksYg.exe
| MD5 | 119e71fd2cdaab606a75d529737ed36e |
| SHA1 | 26b1186340409627568d6e7b356ba00b7e2530a9 |
| SHA256 | f00302430f1593dcaa42ef968d4c6676f9ebbbde10e6e845d5f4c22ea9004b36 |
| SHA512 | a704d57b55fdb9ac014708a7c524b4e832e077758aed2319ad133794558d5dd3015d3938a1a3ee80680a57aa7744d01ff17e02fe2c0f26f99f0abe8fce06776b |
C:\Users\Admin\AppData\Local\Temp\MQkc.exe
| MD5 | 7ddc5ae52b6c31df17b35e2dea263382 |
| SHA1 | 098a3882dcc62b58f904e0e64d35766f87687efd |
| SHA256 | 2269fe044a627a7c67ed489d6c491b45a6c38c5f3b958e1f09001d968e96e83b |
| SHA512 | 09cf49d4a17456333dddc9ffb3a706c8950ec939ea4b21d83faa21cb1d9c6abbe044e571b07c32ec0335e8b3ae7bbdaf8c85b16a0dd3572b8065ce113ecd94ae |
C:\Users\Admin\AppData\Local\Temp\mYga.exe
| MD5 | f2758e0750edbf053aed162ebc2a5c4b |
| SHA1 | d6757076813ee03f75692e62883b60e4d0b90064 |
| SHA256 | 6f89609fb4f06131578fa128de636cc1fa65e7804d36a4deafe4d2c99a161321 |
| SHA512 | a3788e1fc5a4f5f17754d3f2b437b7b9f1bf27ee8031c6118409d68ef05736e2eada655969c7110065230b299fff93af2144d4639cfa09e8265a626bf33e7d7b |
C:\Users\Admin\AppData\Local\Temp\yoME.exe
| MD5 | f8d078f979a0549d745edf307ecb92ad |
| SHA1 | 1ed5da4d9fd958136831f7af3d7670abedff5f50 |
| SHA256 | 8875b2f3f19c89b723a98c32b198f135d37e0f9cb2bd88985f7440505e271349 |
| SHA512 | ba935dc2c5a13ecb28be88e85e8d35acc39dd26d8259e98523b0de4c7d65697fbf8548efae813eb2b919cac11b0a5d669f807785125cd68088f401099f86629c |
C:\Users\Admin\AppData\Local\Temp\EwUw.exe
| MD5 | 44d3321d5656692eeba6270fbaa83bf0 |
| SHA1 | 75bcdfeef9b5eb3440551105ce59495f273dcde5 |
| SHA256 | 5132060b1df942a8d86531b87f395b62364e8e854e52a2bca01fc6c0549b87e0 |
| SHA512 | 008b795d6d2390cdb43ac5368996c835e95b3916b78f01891b90ba601bce58edea3ba9c53ea76612a7bb638ddb9987290df07cad65246ed6bb0f791f62cdefdd |
C:\Users\Admin\AppData\Local\Temp\kokk.exe
| MD5 | 11cc86802744aa874431379243ba0fd9 |
| SHA1 | 3697784657681143c6ddb742a1da077c0dbfb119 |
| SHA256 | 6a2b75db3bd6fbd29db2d4f2ff18fae52ddcf32c7e61c36bc6c627605463e933 |
| SHA512 | aab46544d4dbb5db901e4ac530fd03cd070a54aeca4236ddd435a62608d99c50c3ba594f54859bc0112b14c1c6c5062cb933a8d94821025db44b7393da652b73 |
C:\Users\Admin\AppData\Local\Temp\cMYy.exe
| MD5 | dc869c63e293226f0f665434730a99ab |
| SHA1 | 3c5284a404424623875ce4cfc2564627e71d58c7 |
| SHA256 | 95e7883576bda11581cc89865711f0287f4571b369d876c5d409a71bc8f12555 |
| SHA512 | 1f20fa2ae7baef3fb2136e2dc2001cd3605c0d6d6df25ade6d45e17c089ff7601b9565708d4c54869da84fe2431a430d7a95239e1e53b104c2c599bf8d6fd083 |
C:\Users\Admin\AppData\Local\Temp\SYYG.exe
| MD5 | 2a917ea8e38acfa1c6d9fe338be53ebe |
| SHA1 | a6215d9eaae11e7fc53228911d696d975083fbda |
| SHA256 | fc297cdd672ceebe2a354ccd596c950912157c5f6bfe79d3b472c24d05640502 |
| SHA512 | 458074051f67160fa9d94b29da688172f00b1491f98611b1ed8c85da86a4dd75239b6df6d0c594a5e9b0f5f7de0ca5a53dc803aff3f0aacc89b88304640a41b9 |
C:\Users\Admin\AppData\Local\Temp\YkAa.exe
| MD5 | cd096c079cb8e38b68782ef4bb642698 |
| SHA1 | 2ed48fcf2dc296eda365097531b7c62497173074 |
| SHA256 | 5a49dacf27c2b71fe15db91159ec2d2c3173661dff796f50af97a7fa61718a5b |
| SHA512 | ba762a876e3d8521af8aa24735ee31bc7b4dbbeb1557a4b557fd4e47e5aaef219773d3823b0a52a2ca48235aa3f9f385e97237976599633f1d790cd21734de74 |
C:\Users\Admin\AppData\Local\Temp\IskG.exe
| MD5 | 7dc3d198fc9f54e0f52ed62d49e89e0f |
| SHA1 | d0da66f3cbada3abe9a9b2a5e254cdbfe5ae629d |
| SHA256 | 618f5b35d50718e93be81671203ed54bc8e8d2c6ef97a6a614c85086c95f91e2 |
| SHA512 | e509574805fb3867f078bff1f0a095b8316f7abe7a0d2ce5ca57eff3d47f38376c1fa7226a7645b0ada840e15de7ab0eefcccc159bbda374b97e5bd8126e19d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\48.png.exe
| MD5 | eab6fdbf30d1f000a5d7224814ae7685 |
| SHA1 | cc981baffc856056d3f1df9c1518853c16ba77e8 |
| SHA256 | 6621bf2c33c9c1308f4d8a60fca7c8e6dc16e5e3dae7a8e37585c0e3db69865c |
| SHA512 | dbd9d5e9cdfe822d8c531a12149d2a04d1776c57bbee2fbce3bc83a55fe181d1fcfcd6e8542ba33a6dad095fdb3c1f8649f666fcdae37ea40216083565430917 |
C:\Users\Admin\AppData\Local\Temp\GEcK.exe
| MD5 | 113db2405a2b9a296def23a422521ece |
| SHA1 | fe9d5792201e474ddc16dedb3a8190042b12a462 |
| SHA256 | 8b1977595f455a73b84c01812f6675aa1be95dc276731db762ff3eb977683b6a |
| SHA512 | b1be7d5ee11a675e21c6813880f36fbce11f111d902b3cdc9a4dd69c7fb11437d12fd7c0ea686f9280c9f5d07c5612b81d2c893dc58f00bee1bd62c0e141d801 |
C:\Users\Admin\AppData\Local\Temp\ScwW.exe
| MD5 | ef6fc11dbd676da30098abfc6d02a4d6 |
| SHA1 | 75d495e96d510e6c33339fefe29da22a760768e8 |
| SHA256 | 64cce7d47007e07aefdfcc624aa9dbe701c6b84d472e6534c7f9fba72e24cb21 |
| SHA512 | e842a2fbe3ac2566e610121bcf80a1249c1adbf60e4300af5d731ee9a480fef027cfc4fefeeccda3edfadefb0ec712667460547203371dc21c12e3ac06b0da0f |
C:\Users\Admin\AppData\Local\Temp\iUIK.exe
| MD5 | bc0d7d536beaf378b812e28ef4819a1f |
| SHA1 | bec76e008673fc2cc6805631a838f24c7fd0ab2a |
| SHA256 | e96e25c77b2fec10f4ab40c3c4531de7f9950d45bc9b3563c80464a63ab2f7e1 |
| SHA512 | f091cfa78e16247b86cd16187005a8927110d5e74f90f7acb5635759e8d8a3fe4d00be8a40a38beb44055f7dc22690744981bb6454ed9971359f5ea00a375f05 |
C:\Users\Admin\AppData\Local\Temp\IkYw.exe
| MD5 | ff530be9cf8df13e80ad52fa6179b930 |
| SHA1 | 03504e134ee6a2902ddd4e90e5285384e37b5620 |
| SHA256 | d446620e890efcd5f073948edbe6b43e7e3ad3a25018703505e48e501e343c07 |
| SHA512 | 32913d6b883011944f715cc27f46a7ede798ac7bc92a24c7a6f626709b137db4fbf3c8c7c60bf9b96a898b3abf745bca2518c7d301226a6d73a9acfd378ec9ba |
C:\Users\Admin\AppData\Local\Temp\GskW.exe
| MD5 | 62e0e067e15d99a76fb1de5bbbdfecf1 |
| SHA1 | cee36cc8df61103c5961b95bafed5103acb5484e |
| SHA256 | d251897349b6b4ac74ae1903b65d05c5c579956f78551ed26744f14abb7a0207 |
| SHA512 | 83a1ed2fecb60ef0e26a2b685d25e26088140620e788298b040b59890e0c2b8f8aa83b6d2a21dea3edfe02992f45dae9956e4d2e3da6d2fd6f92d760518b0f9a |
C:\Users\Admin\AppData\Local\Temp\uQwk.exe
| MD5 | dd853ddca691a91f7730f484c961e062 |
| SHA1 | 0d508d15f8bd15d630e50ed27cf8039407ca074d |
| SHA256 | a8076772f8bd66bff8643de6bce80846a096c4b694344b84492e710a013d9946 |
| SHA512 | f311533251b31e1f820962eddc6d2dd6fae67971a037c776a6f77e45fa858a0c049e5fc52fab7f8a8525d250bef79696a7c6be41ce4b2267c69d197a86588fa2 |
C:\Users\Admin\AppData\Local\Temp\iIsO.exe
| MD5 | 150e54bb09c37e1cd365b1b5f2cb0085 |
| SHA1 | 803ea44d17e7bb122224951adfae6b0dc7c178fe |
| SHA256 | 1f8a66ef71c1f5d934f7939581e46e854bedc5ccd6a12c12f80e7ff4bad25a63 |
| SHA512 | 75ad411081b1d2d3f7bb8bce9a42ca9978af10e4b37c95ae9da13682bf45c6d438a576237d45241f90fdaedcdb272818fa8b4189580db28b3541d15c1351d2be |
C:\Users\Admin\AppData\Local\Temp\cYMw.exe
| MD5 | f3ca499bcbb4b9410cef0be574ea124c |
| SHA1 | 0119eb71477bcaa5c08fbeb7639c2b270785c498 |
| SHA256 | 16e3cadcc56ad235542b44d148293ce51ff99cefa22e41c73e165b80aab7c655 |
| SHA512 | 14a8513dd1cbe3fd3576e8827ed3a8f06637569b7b14ef368290354eba21309901ac4b70526f2813fe08953269a38b7c38213a485fa8cdcdfc47da874249466f |
C:\Users\Admin\AppData\Local\Temp\WAEO.exe
| MD5 | 3908ce25a335a464eab058157fb7346d |
| SHA1 | 86ae35b27a98b9df5d1fbb34f878900bb73c64d5 |
| SHA256 | 68f27b8288fb77a7797ba7a4dba00b3bc04e02e84cf5a35786f7a280487e530a |
| SHA512 | 18c18cbe83306af9b1a87744adfc47bb8887a31cbf19a302a4f1e67e69c0c3e29976778be5989ba40672fb9730920737eec7a3b7304a3c6b5628b82729b7993a |
C:\Users\Admin\AppData\Local\Temp\Aggw.exe
| MD5 | 9551f1f4257587bfc5a84166381d86bb |
| SHA1 | 185df1100fd59d8aafb84cdaff21034e12194255 |
| SHA256 | ed9ab5883537ce727292481113ab6bc566cc9dcda699d487e08571cb99317107 |
| SHA512 | 537002dfa0f204013cc58ab7245d965b73ef11c818080651d9e045f87316ff577894555993ae573974d27189677d2141e5a952532d9b03c5d5e36649eb38d9fa |
C:\Users\Admin\AppData\Local\Temp\eswO.exe
| MD5 | 7d5d0a7b1f30de318bd8b3486b29c59d |
| SHA1 | 4400e1bd9e8075f38e92bf8ebcf0f7d2e6c66385 |
| SHA256 | 660497a803960bdd34a99c196edf73823aa05a0af67704adb86508ec9cc8064b |
| SHA512 | 30c74d9d6374651d90f6d99beab676d9c1e4c715f526ce482aa5f26f86b83a7046b5ee69bf39074508cc977358e4d060ad5b72702fc4655f1623f002da0539d6 |
C:\Users\Admin\AppData\Local\Temp\AUwy.exe
| MD5 | 952b176440f7ec6f332241f571005dfd |
| SHA1 | e2acc9c96831c6ba635dafb3b80c95db44395069 |
| SHA256 | c68c4d13c4296ff0515a69fe74daa2a44e5b86b06983d1416eaa3df24d2650b8 |
| SHA512 | dfd70574624064d5064a8ed084b4a3f7cd81c9aa065eff5c9f066c9e21aee8fa602131fd9f7fd657bf9a6ecf28f314d98a08c7f39791b62db33779ec22f6ab9d |
C:\Users\Admin\AppData\Local\Temp\Wkkm.exe
| MD5 | 284340a9342c222d0de9b3d05d548ba3 |
| SHA1 | 490e77c6f529f1674a88903b7191ff4efaacbd76 |
| SHA256 | 2a97b54aca3eff61d1c39ca6722faae11bfa772221e0e2d6eac38be4c48fceca |
| SHA512 | a694986bb554840b36db2818f22b6c9e3ae5dbd283ebed5835b61feca0c2450a76e26e56b10ead2d01cbff544b0fa6321d8ce63f0c0a06951c5ade8f30d48794 |
C:\Users\Admin\AppData\Local\Temp\IwkG.exe
| MD5 | e6d28ba1d6e4e3163ef3c8fd9f4e7ddf |
| SHA1 | 7309a768147a7d92cc297b09997b87a6b350a754 |
| SHA256 | 36877209b3f9345848614050aadce93ca11d01af942c4c0d82b53dd81ea2d3c1 |
| SHA512 | c9dccb8771df330f7f08a701c639e6f376a7cfcf3084b1c04a69e95b3d3fae84ba19eb29f1fd3b80c8c983ef1958aae59a4660284069d16a3c52ec9866c4a25b |
C:\Users\Admin\AppData\Local\Temp\AMwg.exe
| MD5 | bd34e1be4a3f476a65eda63322d5b132 |
| SHA1 | 1511df3556841a24d96dba0ecbcf37f0ff22a1a4 |
| SHA256 | 262f83f1f03f60a3c6b1795e07fee979343ff71f849fcdd9db352e43550b6f97 |
| SHA512 | 6c20ea763940e674c6d26759d4e24dd8205ec87ae7a339db5a942244d3e2f24e234836c00e8c9cd3f687149bbaa9d254fe9ee10baa6bcccea18c147b227bb4b5 |
C:\Users\Admin\AppData\Local\Temp\Eokk.exe
| MD5 | 3ee3bd83cf7cc71b8164a755e9cd2104 |
| SHA1 | 5766118ea45c8cabfbf41f6b299e2fd9d24bd6bf |
| SHA256 | 0a80e1d95b1f19fbc532c7016a107f95f19bce6c925a075b868693f4f506a283 |
| SHA512 | 3c094698bab8296909fed7f04f5734efcebddc4eaf85ccb54fe816226247ecde7cdfc761cac69809c64a7e2a88c8f211b2893424c3c0c42bc8fa691439c1ae79 |
C:\Users\Admin\AppData\Local\Temp\KUgU.exe
| MD5 | f3bcb0d1cadecf0d3f3a37efcd2a5811 |
| SHA1 | 0223a504bf956c32b4d61724dd7ecf168b58788b |
| SHA256 | 920411909020eac3b2c0768f13b259e4e3c3eedf3cb9ac3b56ed4ba8e29e251b |
| SHA512 | 177dda9144ddbb56dea1bf27e1bba4089dbdb538117a5af3b66528ec3232b22623e02017c218fcaf7b2ac2b6e6b98407b7608ddd832af56e7cb9e16d30fddf5a |
C:\Users\Admin\AppData\Local\Temp\igMA.exe
| MD5 | 5a1a4961532c16eea24a07ecda365a91 |
| SHA1 | bcfd686de2cef3a6e055c962b51c8343f83f558b |
| SHA256 | f851467296439eb32b267f767c0157a9094bd8e2dbbd97191fc02a42a1f85bdd |
| SHA512 | 57aa5171f62df18c73c121e6e41e177f5489bf60b15bc7d1f9497f38d86c2e62096263a297a013badf075032d3005f38d06d2b8d7a5281c90f786124c1bd3a05 |
C:\Users\Admin\AppData\Local\Temp\WsIc.exe
| MD5 | c012d918aef89769ce6b2888d3793ae6 |
| SHA1 | f34974cb5212c7b820dd7e6b91ec72a09722f56d |
| SHA256 | c555075fdb70dea11b81c72025ea9e7fb408dc19cdd94f94218ce787e24ca7b5 |
| SHA512 | 1cab4e2f7d8f3cba180cef54a3da8f24c20f442685972ee5b1801466f4281b4e66a3ae8f1106029d8b508d93f7eda22215a572e5a35a2718c5604b364581e0c4 |
C:\Users\Admin\AppData\Local\Temp\eUkK.exe
| MD5 | dc4e830307b0883d81ef410c59b64ba1 |
| SHA1 | 6f0cd2b0204bf74229676f83733c16aad596f004 |
| SHA256 | 3667ab52ed258564758bd97a6361fbd246659acb32744204d6651e016b4251fb |
| SHA512 | 6007100948b23b0b9ce7cccf407daf9b4e47cc7841ca9e05199acb4551873c6d4801552c98a8f0021c402300c831d430b89d473927a3bf6bff0298a7cc20754d |
C:\Users\Admin\AppData\Local\Temp\awIA.exe
| MD5 | 5599ac64caa945da991f3c368ae13db9 |
| SHA1 | 044c65f014c69b24907b19268b0b9ea9caa16eba |
| SHA256 | 7c753cbefff94be55ea58032968756b6995aa435595bb87f9cdc592602450123 |
| SHA512 | e8217a5061bb47bb0d08891606ae86af0eb2242c8f16fb4853328c8f9c6049e1e11d8cc34c0f36a1ffae23683cc466591dba85691d130d12910570d9d8c5b025 |
C:\Users\Admin\AppData\Local\Temp\mgMk.exe
| MD5 | a33c27bb7d62ec6fabdf2ee6c56bce3f |
| SHA1 | 3257fcb8fd7aa1e12ea905d5a59e1bdeb7cd3381 |
| SHA256 | dd949feca58b7e148947f7ca7e71a305747cd2c946b311788e4632128e3dd311 |
| SHA512 | fb5c7150dd8cb80522836dc76899d0f73e6f469d0b3dcdc761d431d7bdc524c79e371472e7927cda7364844ce9346fafe84aab4b6304010e5874c393084d713e |
C:\Users\Admin\AppData\Local\Temp\acwY.exe
| MD5 | 20e308c011f04b7e8e62734634cce33c |
| SHA1 | 78951302c14dfc108455bf077047364660147eac |
| SHA256 | 9eb537477bd46fe8e6e1aab5ec8a05d93bf25fda293e9bb4e28490219c0af3d0 |
| SHA512 | d14b9364bc257fe275c4d1dbbd7c7fdfd2590b4bfdeae3c2a7ff6641b1b61878495e9e7860e15b35c8e625fc6399a9991725a97ddfcf3f54f9428bf83f1ece14 |
C:\Users\Admin\AppData\Local\Temp\eYIO.exe
| MD5 | d1d81476473d48f63cd3c837f21263e9 |
| SHA1 | 7c25a73274dfe5914aff9b15ae2a9083375f1540 |
| SHA256 | 92bc788a108596e75fc31c0da159754e7b6f900be53e06fc5db3e76b5b4f2247 |
| SHA512 | f1cb6b9c5b202d6a61ee815aa772ea69e9819b274460bb86fcc51c06ee9c7111dca3d6eb91743a4b178947a4cf02916978d90ae95243fa758d2907cd5b0fb5ca |
C:\Users\Admin\AppData\Local\Temp\mowk.exe
| MD5 | fe1743f7dcb8e0d5c6238cef69e0b7ae |
| SHA1 | 658f82cf1c5e52e8898e7df9694abcedcc209c1e |
| SHA256 | ff6a988451112d457ed8fcb50ed51f60a4c3194ee1287812ac3d7da398a4b8f2 |
| SHA512 | 021cef78382e459dc260bebfbb76956568e160da13cc30fc742e66907f996bd64c04e7656ba745aaffeef8c4058b40a5afe651291c166cd5a56e6cdd2cae920a |
C:\Users\Admin\AppData\Local\Temp\GUQs.exe
| MD5 | c94ba08004bb8c1050bc6bae35349145 |
| SHA1 | 257237535f1b7e77656cf9853c89e2f6f286879d |
| SHA256 | f48bdaada67c850df751196f791bdb1a309fb0f1ed02871b503d7dd232a2d53e |
| SHA512 | eaee4d214608ff086c6e603d38fd21f4ce035186e8dc89b57365a5d5334cbd190bef58e40d44225326b4e2913c31dd96f94457594e1e71e6f3d42b602a20841e |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\KFMLockedFileToast.png.exe
| MD5 | 50a81aac1025165b81ce18a36676d965 |
| SHA1 | fb3d2220705f7a304afe2fc2110496c9e4c64d7c |
| SHA256 | 8fd60839bb4ebe3941c778ce0f7113a6ce6be2310448ec2078330cc384a2f035 |
| SHA512 | a914c3accae8f9355b56daea83cadb4da2bedceba11bcd268e496b66c8d4da58b688f8d5788c55bb9a2ebaeae54a0de70e933cf0e9ccbfd664aaaf7ae6c66859 |
C:\Users\Admin\AppData\Local\Temp\wckQ.exe
| MD5 | 2a69466bcd5cd1a684c0246d4d3deb1c |
| SHA1 | 8388b329553945895820191d11ba08f1a06877b5 |
| SHA256 | d6de337d878604555a33d3ed6bcd503ddabca5e1329fa98ffa8148ead6921124 |
| SHA512 | e21a57e8f59ec9d4851f893203ddfdf752f22b45d026491662290710024e812ba233238982fe14ff8adb179ecd4085630520ab22322d56bbd4821683c41c3ca7 |
C:\Users\Admin\AppData\Local\Temp\IEQU.exe
| MD5 | bf9a843a7e3d19844310129be27e2796 |
| SHA1 | 5b5f9b345407030b74e44f278038146cf70f99ac |
| SHA256 | fbddbbc709c2cfd48338202c84890cc6ca6498ec06f1906c06d1c783bc75ecfc |
| SHA512 | 6a160a49caeee87cfb4592fd6e8477a7dfe0951daa940b7f48552c13f21127de6219f1a5550f34763755f79bc49d7b670d4760775797f017c3571a48ffc0db91 |
C:\Users\Admin\AppData\Local\Temp\SQkc.exe
| MD5 | 5c87e511b44b101e8777d56f05bb03bc |
| SHA1 | 2d40fc5cc0d1dfbc0b2ac9bd6dc9dc527ef7fb81 |
| SHA256 | 164efd1db3efee2490d092a75b9cc19589dd074bfbb53ad24f9fb62c256d6336 |
| SHA512 | a834603175a82e99d8ea0e0d6c6f6cfd2e94fad9fdc29600440c55d27276a9f19b09d1ff30f5ff54ebe577877bb6f9fc5b68957a1dd71a5dfc6ecd37cbaf52ce |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\QuotaError.png.exe
| MD5 | 6727fab79efec05bd25ea57e427135f5 |
| SHA1 | d82c33dafb3210db7888dda322c73ce2f0acd4b4 |
| SHA256 | 66bd931870c09072bc3d18c40488cfe1f0f022958758bfa7a4801e5ea1b3d4fc |
| SHA512 | 105c2c675797a02d36bcfc53bdf1753dded73fcd158fe2d22b97a53df064d4d1459389139a8c2c1209db8b74ee4b98a8268f2a826532db500f778ad3614f7109 |
C:\Users\Admin\AppData\Local\Temp\MIEi.exe
| MD5 | c5fea3fa5bfe4fcbfa29093465d965f8 |
| SHA1 | f068bf773c6646783ac595f9a8b563b64beea39b |
| SHA256 | d55cd305ca06ef22645a16ee5577cd5114a0741f10dc3ff7a247ceff3637add1 |
| SHA512 | 106aad21d1fd30a0f186c5a768a90fc61b190a301554ed02748db3c62a09ecced0068ee1544c6ed1240a670049481b710ee7ad76d079bae15b2499a241e199d7 |
C:\Users\Admin\AppData\Local\Temp\KAAO.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Temp\skIW.exe
| MD5 | 5c92887bf207d8ef45498bdbbf2b52aa |
| SHA1 | f171c9cfa1084859cceaca2025488fe2e96b68fb |
| SHA256 | d9bab0054a59e09710071d91dd1b5860faa7e648d4e80116dd7f82eacf200e63 |
| SHA512 | e81b9ca153fd2a3ae876629fc86b995504c48829bd7754d1005ce0caf364d0a2c3742f3e7304333768bfa9a361459f62a84fb818b594fe0e23e1c548e2d49eee |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Warning.png.exe
| MD5 | 6948dd1129115a9183cd5e776691e9d2 |
| SHA1 | a0732a50526b77ecbb9253945bd9fdfd5cdb3a6f |
| SHA256 | 78dc29eb2cf2ffe6bda062107031e440c1a091987d0a61ec4c15082a62954ed5 |
| SHA512 | 584bb4a188492819f31713ea0060e2a635bbc668d9382a28e9721a41fb9d8bb53f19c4585059db6f735f66c91c9403d55d47ceae18fd8cc52f1a6a5fa0e2b72d |
C:\Users\Admin\AppData\Local\Temp\QQQU.exe
| MD5 | 6205589ea25f2202485f387f238d3029 |
| SHA1 | 47f38dd248308c55a6a6c06e2b9f396b48bc4e0e |
| SHA256 | 26e6568aa1ced35cd146bb07680c39d38ccb394e7a29d42829246f2fcc9f4d9d |
| SHA512 | c4191a332e91d599974cb9155468dbb9957dcf29666caa0bc81f6e03c75714598b00e642294f4c9aeb3d95c6fce6cbff7667c9bdad78ceac44e9c42a411f18ed |
C:\Users\Admin\AppData\Local\Temp\mUwo.exe
| MD5 | d40b0010ef730dd7f9793139c875b039 |
| SHA1 | 772cf1230d3e09b5a8c1f3fcfc881c2e67058200 |
| SHA256 | 55822bce2b7e901a381fd0141563f5f09dfb7e7a60561f2d4db061217952a572 |
| SHA512 | 81691286f278e7d8214b27823ab900dd18a6ad141cb040c539fb14981b274cdf55e3f9d34586dfc4d649a2dfeb4700f60a1f91d03cc2a1cd14cf3ff5540ffd94 |
C:\Users\Admin\AppData\Local\Temp\GMkA.exe
| MD5 | 42dd769444ce13545c71b0be58d7a82d |
| SHA1 | 161c62423d369bbcfc9f74d88f0e9b3771391d24 |
| SHA256 | 0db40994cae9b165df9e116fc027ba73cb64f0c68989295086e15ab332fdfee1 |
| SHA512 | 7ec23396baaa2a8fc4b90975686bb21fdb73ffe26121ecf26cdb2d3231a00c621ab233a2ae03ee912497ac375ab5c51f480d46e6f7769d8385943401b2487868 |
C:\Users\Admin\AppData\Local\Temp\ucsS.exe
| MD5 | bcfc5ec0f0a44967a701e2f8f1e0ca03 |
| SHA1 | e56068fe69d10c22437a2e645a5b2635c704b53a |
| SHA256 | d16ab3e5919fcc24a239a65776a46dc2d9d3b5c2e03cf7d04c8ebae922628c6a |
| SHA512 | 6d3a9ff2ffd4e5a4e9eb9bdbc124a0ce04b767d39f97939abe0178e1baacfaed043fcc80423355330a8482c5407811e8eb3485918672be0146baa1a0d8499b43 |
C:\Users\Admin\AppData\Local\Temp\eYUE.exe
| MD5 | 6d195ed0c23a705cec95244c09c5cc55 |
| SHA1 | b960739f033de3db57d522ecc65c33b445ccdbcc |
| SHA256 | 402239333d564d553e2890d36eebeae2b2e23c8afb39735b16207b8515965e81 |
| SHA512 | 07948daff0bcd3fe090df75ace2252426c9f4df6a16993b4369203505ed9b3c1c2177726ab2fc5f1c09f7236f9af9a7a8359b9e846828921205dfa409eb0c516 |
C:\Users\Admin\AppData\Local\Temp\aIYa.exe
| MD5 | f462fcc6fcc8852bf957b612bbfbde64 |
| SHA1 | 9fe923062a1178f4d154db55e5304576a0f8529d |
| SHA256 | 9e4c4eda0abd8d480710f9962b49304fd91cba6e85fafd0785aaa1ebd625173f |
| SHA512 | da0b821692cde37a50367c74c1732dd2ec5f2e96f9900c2a19d70faff436438013badae5e109130d8658d017d602bc640977e14e9dbe436a9933aadef8c71ca6 |
C:\Users\Admin\AppData\Local\Temp\aUck.exe
| MD5 | 2a1402b28671472d3bb0854e4fd403a8 |
| SHA1 | f26884b9b327c75df476f010839ea5975a07f749 |
| SHA256 | c59a57980dcc83ee13df4a02adbc1a6f236ccf761c5380940c60da14c46fa47b |
| SHA512 | e37490b15498b4173be3761096b649329b1abca2d90ff39470ead70c54956934a6c9249b99b3799bd041f2355b5b6de2c7c2902baee50a7067d804208086883d |
C:\Users\Admin\AppData\Local\Temp\QIoK.exe
| MD5 | ffd539fe455bf290debe16c6eada8a97 |
| SHA1 | 8f4fb804710bfc2cda9910111110b64f7dfb50c8 |
| SHA256 | fb2ed1ec420767b148e791830f5fb12bd1ca70049299f6fd32c70c622fc4bfd8 |
| SHA512 | 2eb60fc251795b3da39e6a01af325818f2329421b5ff1c9547cba146690cd1adc2a557321514759999e4d65c29fd7ee306e78b09c1ad628fc7d397e66ddc1b54 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\26310719480\tinytile.png.exe
| MD5 | 7a29162f644cf43ae9b41e5843eab5e2 |
| SHA1 | ec93c76cd85728c091d44dfcdc30f3998c4e64f0 |
| SHA256 | 70aba0c480b87903d4e45cd6c879bd8fe36f2e9a7d4791d71112c94ff75f8952 |
| SHA512 | 49e4efb8ce7c2fa0f2c963087c5c609982f60b9ed228710d589da0080dcf7c793e6c84621dd5af67abbc147f18b717d910bca123da27015c255d8db8f6eedf42 |
C:\Users\Admin\AppData\Local\Temp\oski.exe
| MD5 | 8ba847c670eaf1d749ac068998abd5ae |
| SHA1 | c7d59677825f0cb988774a834a5028be16a24f13 |
| SHA256 | c489161cac5431b99f164c2149b8ff59fb7295e3043774d8f8403bde1a9a886a |
| SHA512 | 0e829a4b95e849c097d29fb4f06dd005c76b3dcb972119d26cc5517966a65f8c360ff78339b4c3a181e7a538fb3186e6bf28b4fd59e23d00c83e611731c25d29 |
C:\Users\Admin\AppData\Local\Temp\oUwC.exe
| MD5 | 64d89be0aafc6d7305cc41004b698ad1 |
| SHA1 | fc08578eeddb57a187b6f43833cee72976654cd1 |
| SHA256 | 1323575852e6f1b6fffe9e009ceeb286c078c737970d259c6b7d07336a3bfc6e |
| SHA512 | fd78c5197007dc992616740e2894d2c8b01b8ec09253c5c7642621d3450f1530139ec06a5ed5446436099b9e42cf186575c355f4a0d10613d470406ab56f4606 |
C:\Users\Admin\AppData\Local\Temp\QkUk.exe
| MD5 | 41195333ef26afc4a939a1a49814f637 |
| SHA1 | 8cbd24f96d20a2f6cc42274a2dc39faa48f400ad |
| SHA256 | 7e5447c35b0c222f404b3ba32db1f0d68aaee77d1c6cb5eda6cae485f0c1dd14 |
| SHA512 | 3967344dfeed7a0ae3f40e41c7cc85726e59d09caf904074dfeee2502bc7b85ae4bb0350d391c9252603a5d608a6f824d120b593e842c37ca99dc2c49b3f01f9 |
C:\Users\Admin\AppData\Local\Temp\ssIa.exe
| MD5 | 771e497c9d38101ea653da4d0d16d9c3 |
| SHA1 | 293c16ad3cdcac9c7a360d9b4c9b7e28fc41562c |
| SHA256 | fd54a0db4d276cc522c94563e715f207cf4259d060849fab4aecfab85ffe54dd |
| SHA512 | ef4954d2ae34f19f87bde8700c5d3a3689881478e0136019918a7c49696c1d3860ec1d9e292bd4be7fd842e8c2a24e9ad2044795f56c71c53f1740b4346e3535 |
C:\Users\Admin\AppData\Local\Temp\WIgW.exe
| MD5 | 806c37be098479c90a5a14f4cff5a30b |
| SHA1 | 5f08c0deca04a1bdf46e27e16f80cc3743b735ec |
| SHA256 | 4d273ee3fc1bfc4b51e780add5c72334da7803fe4f41273bb2b7d74ce81c8e82 |
| SHA512 | 7591f543d7672059fec957d931ec7bb3931d24f4918ab96ab6b389be3ceefd6fdbea3cc8a8f05c03b18c8847d4539a4a41ee7fee3aeb8ed7ef445471c600b799 |
C:\Users\Admin\AppData\Local\Temp\GsMq.exe
| MD5 | 4252b8e6868dd7106bf6f8157249044d |
| SHA1 | 62eed7f1eec514387aba2500ea567be2eddfab2a |
| SHA256 | 6f606e1e927b0b535d8910dcafec7b2e288b9a6b097d3b9df99c8533db3c7d26 |
| SHA512 | 431cd1764768f5cc6ebcb9876483d67d1a25e451c4de5b7e484636791db1292999c99ea7fd4dba0f982b0a74d5ffdc3f22fd820db0751db479d9edf0f27610e5 |
C:\Users\Admin\AppData\Local\Temp\SQQE.exe
| MD5 | 01db6e8c168e35f68ee99e85b8a0cb68 |
| SHA1 | 15e8f6b2a38dc4a431d70eb6e70d6949500209c5 |
| SHA256 | 0d5f0016cff92485f077607db0a0340a593c62e9f2d672e57d2f47fc9a4e3037 |
| SHA512 | 0011160d73fb9ea9fbe5e87a6b9006888fde7cd1eb9ef3b1b129c3b119fff62a47ef218789be2042f9691050fa8f2931535417d1420392e434b1c59607d210dc |
C:\Users\Admin\AppData\Local\Temp\koYe.exe
| MD5 | 5315be22a8911a4fdac8410cf018d688 |
| SHA1 | 20296cf746b585c2328e48a966c9f112aa9f46c6 |
| SHA256 | a8fd84e730d67bd43be5fb6e5d1840adb504cf29e7eb41ac66cca7d0c017ffd5 |
| SHA512 | 288ac64704e4b37546ea5ff995fc7435fd6a7565837c2be028d394127302d66c3fa25c3a9a98192782576c74c562e44bdf8c70fedab717df92cb64e706e422a7 |
C:\Users\Admin\AppData\Local\Temp\qMck.exe
| MD5 | b37e8962c8d49b9d51daaf2f750ff018 |
| SHA1 | c90d1eb145a4f77d853b31acb16d3372094e85ff |
| SHA256 | 6079617f308f2455ba2edaa8c34655cc5fec1b690857105fa31b9e33e0e2ad05 |
| SHA512 | 7a58cc79cfa23813b214916e5132bf62446969ab4307812b8733e62e44430ccf83765e0d422d6f71891ccb8ce6e0d08117f5b66efe162a46e6ecbbfb4123cc79 |
C:\Users\Admin\AppData\Local\Temp\SoQc.exe
| MD5 | f654321ec9dd7bc6897818b72c83ccb2 |
| SHA1 | dbf823cc0bf95a94bb33a91e60bb801c7af43398 |
| SHA256 | 7b1d2c9d68f9617325289cb687f6187788b39747eac6c4c13b1a82172ed2001d |
| SHA512 | 671c3d87a2567cebccaa182a14bb6100f3b8f898614db944dc707ac1475675bd122f0d1772703654706c8e6721cdb141130f1e64e9d9e387a76b3dac4ec609a7 |
C:\Users\Admin\AppData\Local\Temp\aAow.exe
| MD5 | 0e1228342a4d6edd2ca479ca43d4d6da |
| SHA1 | 282817bfcc713f784e94938095d544466a32d7e6 |
| SHA256 | 21f747f3048878498609905ed300bd2256d4959f7713823d052c7aca432361e4 |
| SHA512 | d0781b596f79e98ec218331d699492bfeea7094d068541af67c8596ad1422121d7501c2d75a8d4b9df14cf41d6fd906d653a31a52228261ec19b89ddbb1657a9 |
C:\Users\Admin\AppData\Local\Temp\uMQM.exe
| MD5 | ef10ad6a3cf911d0a360e1210d1dac0a |
| SHA1 | 102839530924b39cfa837d84bad42626a08cc5db |
| SHA256 | 99e06ed9ecd47ce9344a8241e2477dbe310e70efcdf320df3eb1ef435a3bc9aa |
| SHA512 | 81423e950bf47527164831f660a7153f22ad90f4cf667e1f61033f8cf5dd8e92e79afd622143785cc51ced58dc7f1f301629aa0d3a520e4d1199cae0753ae22a |
C:\Users\Admin\AppData\Local\Temp\wkAO.exe
| MD5 | 1152bb5263eb9dcbe71e68cc287bb9b9 |
| SHA1 | 906e9c69f4fcaab7350ec938766fd6bf7e2db940 |
| SHA256 | 981b62f9ee6fbfa724938ee0b4d959a49c57fb1cafe96fea165d57b085c03671 |
| SHA512 | 3aa0597ba3eae60a16d2e868c574c486277577f485ea16b36d8b26715cd09b2e3df2f8b0c3c5ed13db5d854b36300ba340bd583e035993d177a0b2c72cfaef4f |
C:\Users\Admin\AppData\Local\Temp\yUIC.exe
| MD5 | 2c5b958e6de0157d6d71a63c42d6201d |
| SHA1 | 42ffea8278fc8de9a9bf940653287a7a434d79c4 |
| SHA256 | 0de9ba23951ad7c8a3176546b22da3c0bc6b4a1fa621a29dedabadf19bc3a2e8 |
| SHA512 | be3815c5b37db0361eee3dfbd785c262a5a90b4770169b24f1b7c5240c6c9f23617b93fd176e8d63ba32a1f2042cec9750a6cf2dfb612341d259c5cdc4f6cd52 |
C:\Users\Admin\AppData\Local\Temp\OMQy.exe
| MD5 | 0302417169c12191f2b76b7f9317f222 |
| SHA1 | 9839f96c796a9fe802398f3118c66f4ec06af554 |
| SHA256 | 560f176ae308e02b3e7df3daffba6f852b90a59c34d8881890be02e8f76be005 |
| SHA512 | 204f0056af56ec075a5f6c839ba49211c3e8d71c422f2b0cb4953e54af6d4f0ce709091526849173463726e83f99aff447d4f8bbbd66ef178ed847083f400655 |
C:\Users\Admin\AppData\Local\Temp\oIMi.exe
| MD5 | 13af05122e76027639d975699b5072d4 |
| SHA1 | 564c6ac19d55c3b3aeeff69cf32f38edabc88842 |
| SHA256 | 336bc557aaa76f9456935c5da417925c4c1b73f0f92a64bdff7627eeedf66110 |
| SHA512 | ddf9720e484d833415ccca33db146c7abc255c4f02ae8b3c3563a5fff2414a87a779785b5b75e65297351e5d6b30c57f4fb38d03eed2aaceca18a6a6d6aeb624 |
C:\Users\Admin\AppData\Local\Temp\eAQi.exe
| MD5 | 372784a446828a4a4b825fa23394081c |
| SHA1 | 8e115db75b320870caf9fe69d6c66c2df7be900f |
| SHA256 | c1649af10970302f95efa83e35534bf6e49c4dd62c84b39daad6c2a3c00c1796 |
| SHA512 | b1c74b25dc9ff62c64c251a3bf93ff8ebe024740136974fe72c23474c2109c5880ab8b811043e98fa92ceb952d017e095e8f55aef531f5a775b9a2be1cf848ee |
C:\Users\Admin\AppData\Local\Temp\WkYk.exe
| MD5 | a24dd329f726cc6b3dbe5131975ccda4 |
| SHA1 | d1bc24844fcd7617ea9fd7375f2f04fb67e7a4ac |
| SHA256 | c1526df70f322d67fc140b2cc68fde282f342e144b36b8f3287bb17dd97dc2c5 |
| SHA512 | 89132d2f17bd50006df36579432e9381194ce69d534889eec800acd568200049d0b7adca2964cb6a402e3bce414916287acedb5bd51d4ae0bee501ed0c71188d |
C:\Users\Admin\AppData\Local\Temp\YwQG.exe
| MD5 | 9cac14ec6bc333b89540ba7c5386f261 |
| SHA1 | 2a659d50e708cb1de60ad01c96b638fbef499daa |
| SHA256 | 1da07ce5f3260e87ff691954d09c13d75e47353d31ad4c91dbaf68831969f3f4 |
| SHA512 | 07e151d2ee7d1edcb783b48a6230c75016803cf434308f61a618297eb279f731c29b202bdbce5d3cc267cfd56e3a1aea4add89dfc24dc92f9f4ab660d3456e4b |
C:\Users\Admin\AppData\Local\Temp\mYoW.exe
| MD5 | f3a8ab7d9ebba444965df11354bd07f7 |
| SHA1 | f3cc22cb1873d0da47e08b24fd2fa20e4089b25f |
| SHA256 | c50f80df6a75152c0d762db2901f9e161c8d5923632ead0e6b18f083258e4a68 |
| SHA512 | 50df1f0cd2ec54a5b1e016c5294ac045b10a92fea122c1899a9ee64e5486831db71a565c9beaf30deff7c1f9b80094bfa0506792cc167046c34c9d1e4415c613 |
C:\Users\Admin\AppData\Local\Temp\eMQA.exe
| MD5 | 900a633d5deb85fdea66ae3ae588d70a |
| SHA1 | aa3e1079e3df569bc707209aa4c15a424f0c4403 |
| SHA256 | 527ee0f4169382a12191fcbcce1783cc19adf266566c4a193395d216b9a88f8d |
| SHA512 | c1d5d470131f77f904937cf7265adb2b201821a95e7b25171d015095cdd925c5d85f1882b76ed6ce7d6edb663e659ab4c92f3b9c26b3194527e413fa62ab6641 |
C:\Users\Admin\AppData\Local\Temp\soEI.ico
| MD5 | ace522945d3d0ff3b6d96abef56e1427 |
| SHA1 | d71140c9657fd1b0d6e4ab8484b6cfe544616201 |
| SHA256 | daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd |
| SHA512 | 8e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e |
C:\Users\Admin\Pictures\My Wallpaper.jpg.exe
| MD5 | 90b6e49416b9fe17330ad79239710068 |
| SHA1 | 6b042757ea777c041aa418429998f1d94fecf592 |
| SHA256 | 7f4ff0d863bf16119f441eebbaaa228f3850f86e39cedb149e9958635baaf41c |
| SHA512 | 63dec135d23bd20ecb0787ab528ee849f98653ec72bad04497f5ead56fd06f3e676ea26ca983ba8d2e2abf56a2bd97eeca06bbfb7ec7f8f5b0af9235533dfebd |
C:\Users\Admin\AppData\Local\Temp\qgUg.exe
| MD5 | 3fa025bea04f2cefe1fc66ee6868dbb7 |
| SHA1 | 1c6eb1362ee77fbccefc020eb8a200f32a6a8083 |
| SHA256 | 649027414bbdd6e9be41e5720d75fa4d2d9473cec4455d24809909b8b66cdcfe |
| SHA512 | df0da80b16e636581c9296981bd57eb2c6ae28473b79ef3af7b6fd86e512f2c56784e6cd6ba2363821b781cfae8f15d2f39a49b3191bf5924cd66b2c4f8d7f4b |
C:\Users\Admin\AppData\Local\Temp\MAYK.exe
| MD5 | 919dd1bd728f9f7a334b46b954873684 |
| SHA1 | cc460cec4d03c59744b4bf44108e75565b4f843c |
| SHA256 | 04e78328ae58be2a75d817604d0a6130da55a3f4e528ed10ef3a9556bfcf4299 |
| SHA512 | c617c53d803bca4ebdbfe34ccb5382264f8d84c502e6ac1d9e2ee065b22118546fd95bdb66ce0fdc5c2ec3c44eb8e5e8fc150c8ff7fc668535ef0f1ceafffa31 |
C:\Users\Admin\Pictures\TestExit.png.exe
| MD5 | 5c24a6caf007cbd96b591ce759fba8af |
| SHA1 | fe96537fc00b8b4183cbef8d950fd5a8bcbd9275 |
| SHA256 | 944c62cecf4ade4e2bd0936767eabb95a552fc40ac27a115c992972e3e2c6bb5 |
| SHA512 | a47a61c817e4fa54592914cbac0039f84174cf19314e7d886d49fd9188a270ec5edc4ce8b263e82835f3b6c1ca2be48490fda64abdd042a08a4233d40172bc5e |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.exe
| MD5 | 45655dcf31d1229891ec1273549800e5 |
| SHA1 | 06310513f73c9572e4ab1a90f3c8817541ab101b |
| SHA256 | 2cba5ac8aa5a212b551872c4efb1ecd54e81725736e64743b9bbfeaf83105f81 |
| SHA512 | 8975de3069e9ab7256c22d24d766d83290dfaaaa084c9fbd62735b68d896994aa1b659e465d38ae78b779adb34b41922d15d9e63d50f329df604e6328979da2c |
C:\Users\Admin\AppData\Local\Temp\YIYO.exe
| MD5 | dc7abfcdb93cc527be2b8cd9493d5e81 |
| SHA1 | a14018360b8c445cd8f0623b64e8af5381862e6c |
| SHA256 | 5fc6bf13cbf5788927157a931e766c8bc7d05f4cc72e9b284eaf1141c974ae69 |
| SHA512 | 079e43179acfa2e919993ee6ac04b2966e4f7a8429ce0df49ff5dd2f3778ba99eac4fdeca20aafbf96f73a5d0b6a76367dff9f98b7dc945f6caa1f2fc30cbcde |
C:\Users\Admin\AppData\Local\Temp\gkUA.exe
| MD5 | 1c0500e213363ab54c0ad0fad9007863 |
| SHA1 | 1104b02985c2dd32c8fea56bfbf99c9dd6b17180 |
| SHA256 | 875a1981445c05e2a9854496c742d19b878d21f9e7823d353ff09dc895f3eafd |
| SHA512 | 464ee45dc07b8b9700ac2da23968f0d8999f414fb644feae936f42f7ed163f6164aaae4566bc077bdf77a37a37fa5709c56f798ad4a5843b3aab2fad7aaed754 |
C:\Users\Admin\AppData\Local\Temp\qUAQ.exe
| MD5 | a615711770fd5844f457f1ae005c10a8 |
| SHA1 | c7c98d4d5abcb2e556bfca2a98b577749a54e5b3 |
| SHA256 | be0fb4a268bdc801802b65253a464ee3d4bea8dd477ca07752c058cc51207152 |
| SHA512 | 8c9d46f8730c412cf4d8e51ca940981edce500410f86586d47e65967b78bce4811019f9881d327a1e8be80b89e5ead06eaa1c7e4514aecd6cb251383485315b1 |
C:\Users\Admin\AppData\Local\Temp\ocEc.exe
| MD5 | c47f4884de3bc8b27a3aa86b5689b654 |
| SHA1 | 4bf354f9c14b430c8b770ca06bf481cf64117a82 |
| SHA256 | 2c7ec31c56acf20e74bbd7b689799f3895643ee2f98ed8d602a9fb5ce9404a7f |
| SHA512 | a1d7648a82d9c7147e92350c2f87c65e2af3f9ea475c929c83814ae5640ed3d1f39bc00fc92f1f25dd0df8c28821c119868751389b68915d98ab2971e8bebdc8 |
C:\Users\Admin\AppData\Local\Temp\yIwQ.exe
| MD5 | 8da30c6086d11e12e089da821829cb33 |
| SHA1 | 2b28e01284d8472407758f00e7c98d2d5dbfad3d |
| SHA256 | 8a335c30202e9b2b6258a2693741415aac71879a90e28ce340be5ce4261b1d0d |
| SHA512 | e6616339c2edee8b3c46c6f088499cc690d0f21426865a1f319b0a3effb7a2dc3d5669b1e4c6a05f25d261e33ebe865fbc7589d4cae5d539f5e6ea22df23fef6 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-16 08:08
Reported
2024-10-16 08:11
Platform
win7-20240903-en
Max time kernel
150s
Max time network
121s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (55) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Control Panel\International\Geo\Nation | C:\ProgramData\HUYYcsok\DEYcYAQs.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\pscoooMA\IogUEowQ.exe | N/A |
| N/A | N/A | C:\ProgramData\HUYYcsok\DEYcYAQs.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\IogUEowQ.exe = "C:\\Users\\Admin\\pscoooMA\\IogUEowQ.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\DEYcYAQs.exe = "C:\\ProgramData\\HUYYcsok\\DEYcYAQs.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\IogUEowQ.exe = "C:\\Users\\Admin\\pscoooMA\\IogUEowQ.exe" | C:\Users\Admin\pscoooMA\IogUEowQ.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\DEYcYAQs.exe = "C:\\ProgramData\\HUYYcsok\\DEYcYAQs.exe" | C:\ProgramData\HUYYcsok\DEYcYAQs.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\HUYYcsok\DEYcYAQs.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe"
C:\Users\Admin\pscoooMA\IogUEowQ.exe
"C:\Users\Admin\pscoooMA\IogUEowQ.exe"
C:\ProgramData\HUYYcsok\DEYcYAQs.exe
"C:\ProgramData\HUYYcsok\DEYcYAQs.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xuAIQIIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tIogMUYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TqIQIosg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZAsswQgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UOQwMkoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QGkQsoog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WMYcocIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oCwsUYEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GkgcYcEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FwMQkYwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RsksQMUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pGcUAssY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TMkQIYIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YoUYMMQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UOQAgkIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CKwAsQUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CygkoEIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IkAIkYsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vYEgMgog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XKEUUcUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JYkIocAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zWIcYcYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EKIAcMoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wSIMAggQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OCQQMYkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GkcYcEkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qioIAMQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zmIgUAAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TUgIEkso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XQwIowog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BIEEUQsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cqcsYEos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WGAgoIoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\Ycgscckk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gMUIEIMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AYsEMgkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DwcgQkoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VEwYIUgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\daswscws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FWsMEYIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WCEscMAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mUwAcgko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iqUMYYEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cUwwgUUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NAskgIgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fEAYgUYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RyYkIwAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JIwQwUAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VKwcocsU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MIMYokMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WmEIEQgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kyUkoQMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WWEkMkoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\roMcMQsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vEIIYsAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xaIIIwoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bkIcgoMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fcoMgUsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\amYUkIAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GgQwEAss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MCgIIIUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cswMAggo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DCMYQYwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VeYYEgAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LQMwowIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lSkkswUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VucIUMIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UosQscMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MQggwQoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yWUookIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cwAcoMYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VsgwkQkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RqUgQMsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RyMwYAIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dQoYsIgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GAgEwggo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UoAQocwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aWckcEUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QcIoskAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZcMcwYYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lcgwgggA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nEEwAsMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\paAIwQQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\noIAIwcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oowwsQQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gEskgQQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OkoQsUIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oSQEMYMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NGYUEIAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JAwEEUUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BoogoskY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\usAUsEMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EKkEgAUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uGkAMsIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yAsgcgoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sMIgMQsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DuAMccks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nWAIsMYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jeoQIYYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\heooEIIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iSQwoIYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ywgMAQEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mEEEowEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NyEMgwUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bkQcIowY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zkIsEAoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JYUAQkMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aMQooYEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wYoQIwIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MCIYcMEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AycEMAkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lAsoYMkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LygAUsQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LgogosEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rqgIMMUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pEMUswcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oyAMsggo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qGIYcYMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ksIYMwUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AcUcQkUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\niUgQAQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JQUsQMUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VAwoIIIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.169.14:80 | google.com | tcp |
| GB | 172.217.169.14:80 | google.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/1688-0-0x0000000000400000-0x0000000000433000-memory.dmp
\Users\Admin\pscoooMA\IogUEowQ.exe
| MD5 | a6ecb76e44b9095db829df6f1de92acb |
| SHA1 | 8b2163865c0500b12ac26937c913309d358f78ae |
| SHA256 | 62b6e21931dacf3b5f7426c63a5064d9af39ff159174adb8a6b884e41b43617b |
| SHA512 | b8e0ef931b9cd8d04970d93563deea7b364f912dc7da25be7e1007f79e98742be6d3f3f1d843b02079f7637253dd8722c305659e21ef346b4d52b5efed07cfcf |
memory/1688-4-0x0000000000460000-0x0000000000492000-memory.dmp
memory/2400-13-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1732-22-0x0000000000400000-0x000000000042F000-memory.dmp
C:\ProgramData\HUYYcsok\DEYcYAQs.exe
| MD5 | f450a29720f0afacefa4d20dc47b95aa |
| SHA1 | 0f9b15cd2d567f0ef76f06169d2d138400dd1239 |
| SHA256 | 7bb0b2e7288137de3948d1569638e1d0634690530347dbb5cb8e9a9631925ca5 |
| SHA512 | 94ca6e9cd7cb3ac65ed98db0c641b34fbdff36db5e916e1d6e09eb4c570dd5d95cbe03fcdc5f304e40182a4f4525d571af49e5bb43ad3e5ae9f956ca680e7522 |
memory/1688-20-0x0000000000460000-0x000000000048F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ZmgscoEo.bat
| MD5 | 33ddba189b8fdd62eb3935585e6fb2a7 |
| SHA1 | 2d5c83bdd4c9f1102d7fcffce4c8d11369c384dd |
| SHA256 | 758ef19ce5ddc8deb3ca48e24614597d48503ebeae132800c8a91e63df9fecfb |
| SHA512 | d113cad0ca5f86d758d7af10c61749bb7d6ec3869eea654396b79f2cd468b730de4dbfe57fa75b5fd812633dd080a71ae7d21c7bd1f1ecda5b925e4c3373fbac |
memory/2704-33-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2764-32-0x0000000000260000-0x0000000000293000-memory.dmp
memory/2764-31-0x0000000000260000-0x0000000000293000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\xuAIQIIY.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
memory/1688-42-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
| MD5 | 38523dacb7a20f049d5de61fc1cf87d5 |
| SHA1 | 310f1c826385f858572a6c747688d897b851024e |
| SHA256 | 4ee4b1cd9eddbf7cdef2797a8822ddd7afc8082b9483d52abee606e8e99a2191 |
| SHA512 | 61d8bbc98b2414fa7311d1661c9ddd33edba50a5a1847a78b52429b819260d176af87068b10a0963f858e55a0ad5ed3fa2bcc0f02389334fd47894aae662bee1 |
C:\Users\Admin\AppData\Local\Temp\dKkUcsIo.bat
| MD5 | 58766aa2566fb1ef2a134f11563d145a |
| SHA1 | 93c9d71dc5c52e50e764592e7a6aadd24a39e2ae |
| SHA256 | a697c7f6c3c5779f79adec0fecfe88d384f51200f47d27709f0344c06a6ec1fb |
| SHA512 | d66259ba037ad338a20e6a3db4ef4c6af68b0f1ba38e4c3e0593898b521d464a0522d6ff40ef8b5463f50108cea331dfcafda6642437894e5f0b87aafc170666 |
memory/1244-58-0x00000000005C0000-0x00000000005F3000-memory.dmp
memory/1052-59-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1244-57-0x00000000005C0000-0x00000000005F3000-memory.dmp
memory/2704-68-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lqMMgAcM.bat
| MD5 | fd91498140a07411fea58c000ce23ee6 |
| SHA1 | c9b87dccbcbb332780e4b8eaa7683f619b54a082 |
| SHA256 | 7eceda9e4f9ae70e5597b363522d9cd8522b8fd27aff1c636a7cc97460743efb |
| SHA512 | e6bcce0e14f69de83d67efb94e6d5f1ff9d9b30082c740092f30b47c32876422c16ce5586065e3b2d41cb738c87dd25214902f4961bd9228b6d21685adb24511 |
memory/860-81-0x0000000000180000-0x00000000001B3000-memory.dmp
memory/1052-90-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\JeIowkQM.bat
| MD5 | 5315b569079582a775121c6aab4cf56d |
| SHA1 | c0c472dd0eb92bd9bbdee9e54e84ab762817c9bb |
| SHA256 | 7975f874e3c06e302b82ea05553efb9c68d79f0cbe24a402691bfee90abd56ac |
| SHA512 | d759b6fa384d4c0e1a19ad5072ccf9b53ec80fb713db68afe0b8468c185f8829d4789b73b74384cc683e9e7e0fd17a694be1e3cb325ed22b27bc7e9c025df17a |
memory/1800-105-0x0000000000400000-0x0000000000433000-memory.dmp
memory/760-104-0x0000000000260000-0x0000000000293000-memory.dmp
memory/760-103-0x0000000000260000-0x0000000000293000-memory.dmp
memory/1968-114-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MccMokss.bat
| MD5 | 307201c28268a53808fcad2f5f615c29 |
| SHA1 | 2ad32b9fb0b3766822b256582e9cd66af9386ba9 |
| SHA256 | 772d7c7ee1d43b7ad0d2e2162fcbd730451a79afb845f3675bbde0051b04c1ff |
| SHA512 | 3c0f20062d75ccf0fb79a831d0d5cfd8b204a79b466e8f2de29478d98cf8c047f32493b7e777709151a7b7bac5e0001b9121b54e7f32623650e8e61a627a8267 |
memory/984-127-0x0000000000160000-0x0000000000193000-memory.dmp
memory/2192-128-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1800-137-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\woAUEcUU.bat
| MD5 | c446d29890c9a097208db5d3e3bc9688 |
| SHA1 | bd2aa12d80df38f2d63bbad68d6ea1eddbdd2c9d |
| SHA256 | c30d834aa64a586252b3646c9c02b36df84ddffd2a11e5c27fbb33e5e10e52a0 |
| SHA512 | a5ec304decb35f4ee292e461f582a288ed95bee93287ad5d359644a4a6836c376e528a0011bddf4cc3057e0179ec8e9a590fd4d77e0684e185a36281247173d9 |
memory/336-150-0x0000000000200000-0x0000000000233000-memory.dmp
memory/2060-151-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2192-161-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GgIcgoMA.bat
| MD5 | 424d18645bb46672991443694a20ac2c |
| SHA1 | f886b9766a51385721b9ac50d8b7ce7817ea7a25 |
| SHA256 | ec1861b186d0b5647d2d7beade8a11abc89aedbc938d2a168b5dbcd875f06afd |
| SHA512 | 0a12088ee5f3b35df3075610e47d3b128ae7f079248a8b462806482e9802857c12ba8666416642ac873dcb59eb8f118b741f7b5adbdef81475db86013cc55cd7 |
memory/2628-176-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2652-175-0x0000000000260000-0x0000000000293000-memory.dmp
memory/2060-185-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WqQwEUEs.bat
| MD5 | ba0efbaa35fef154a511197be4ca1d34 |
| SHA1 | b68b358fd150516106d0c67ae9209b5beb51fb90 |
| SHA256 | 10eaa99da2b97801d4586d2a5b2f40e8b8bf342400c09c2017f4326f1cd76bf0 |
| SHA512 | 37ba1670ac014d7e971ef15bc0cb2e217b11c881c30d5b277359f7e5b012871030b2dec9ce1f1d0976f590f956de4135ca59665fc728503b0e5758d6eb0b71e8 |
memory/2724-199-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2816-198-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2628-208-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\moMoooYI.bat
| MD5 | 9a8ced22db7aa402e7cb78f69a6f35ae |
| SHA1 | 350a008f92b6c20e1e1d2eb2b5453881d02d83a0 |
| SHA256 | 74bb1c5b3f80930f7c0a5e08fbdadd937e1030ea640eceec8ea120b0fa24e20e |
| SHA512 | c1969f9013a32d42a023cb3c9029d0e2a4cd8643b300f7d7b9d15b892d42ec930fcc138a1d0aece6d31edec87b24eff9182bbfe0b662fef842e7953c9981e7e1 |
memory/2360-222-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1316-221-0x0000000000120000-0x0000000000153000-memory.dmp
memory/2724-231-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Hckswwkw.bat
| MD5 | afc0c26d519de5438accf5c1c88ad42a |
| SHA1 | bcb5d34f511358e76ff2b5e054744a90c197699d |
| SHA256 | 5e88b7bb9f032b1d99ba810d1260e2607f5cc1afa91de7b78b1553fe32ec3ab9 |
| SHA512 | 4a55624715492aa026cebb407dec45b794d705f0e6010dbbaf0d44f8a2164f98c9d81e5496c94c902730c9d451447ec0c5e4184c5d86c8b83a112483f554ba52 |
memory/1512-244-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2360-253-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vkEEsIMc.bat
| MD5 | ec219cfa29b1e26895b608d45b06fa9c |
| SHA1 | 0e60a4b80dc802ae31c57a49e93e217295914871 |
| SHA256 | 9103bc6d462678c036299a5d128d4810f32b30700c15a588d06a0dd6e72bfea4 |
| SHA512 | 6555cfcc932bd43f99d13fd7f57eebadfc5a09fde9e1a0193d876fbdecd0b56fd83c3f7871c34c6989b95b37f153e096d12889c0b30aa8899239dd7af15b0ca4 |
memory/1512-276-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vYUEYkIA.bat
| MD5 | 50df76bd9a9107db99703f8e28c8d6a0 |
| SHA1 | e75571f517bc20fbc0f769d67be3291f192b367b |
| SHA256 | 1bc96c0e4b2d81bc926f0306748db0f27487ecb7f30f018188a3376ad1a01d2c |
| SHA512 | fed6c4736baf244b891e122133af35a940f77a24f8221eb690805553dee5eec96c870662cf7041b590c5d61c83365bcd1910467936e0b2030014e0d46e3b540b |
memory/2168-290-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2676-289-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1148-299-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\JuAoUAUw.bat
| MD5 | 6bf52ba88b0eb9167030006de69b6f23 |
| SHA1 | 8ddd2906cfc31673f9f273dbec56d823dce370f2 |
| SHA256 | 8589f146091032cacb7ea8fb968c842880619d83a0f7cff44d370abe1b714a52 |
| SHA512 | 0cfe4e00dcc6376cda0c9e509296686050511ed165b713a8be38bbcd37de8e7b2ea8d79f749e7716a88028f547b544bceb9d1e83ec8a9ffad3d021dc87f6eab7 |
memory/3016-312-0x0000000000410000-0x0000000000443000-memory.dmp
memory/336-314-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2168-322-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ZOswgcYc.bat
| MD5 | 5c247f8296d0a8b6e5f2102d5b360d5b |
| SHA1 | e1b76da1149954d978d2ecaa8af8965fff002d8e |
| SHA256 | 85b18c346efb7ba892ccea35a3a00776353014ad66e466dd7e103e26f455d385 |
| SHA512 | aae827cf7313e66368c210ca19089f7cbf066068976684f9c5d84c051a30b77d7752a07c313904c15be79a91bd6521a0798178c4f597bb7deece38431a900437 |
memory/1280-337-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2660-336-0x0000000000130000-0x0000000000163000-memory.dmp
memory/2660-335-0x0000000000130000-0x0000000000163000-memory.dmp
memory/336-346-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\eWUAccIk.bat
| MD5 | 8090f16984565c858a543d8d6a1c51c1 |
| SHA1 | d9e2d43623e086efe25e82f4234d2595289f15a8 |
| SHA256 | 8b7930db65fc73644a80d57747ee4aa7ff92cb4a6b66cacf7476234a9a88ea07 |
| SHA512 | d670eb77e794854e15f065d4bc2bde44d54f3f56d69ca5d7329af414992d1fe5634c56015ed58fa7543ee33fd04ee7d877fb868252aca9e4b2091c77416eb7f5 |
memory/2844-359-0x0000000000260000-0x0000000000293000-memory.dmp
memory/1280-369-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AwkgIQcw.bat
| MD5 | 96ff56c17877466e8fc7cde330d9c9fd |
| SHA1 | 3e7fd9071c764334b9c204ebfa215ce4db075826 |
| SHA256 | ee341497539445447911565015aac785fa7268dcd63abe5af1c857749fde92f8 |
| SHA512 | 3e1e524bb938a3166c3343bb00eba70e50b9028c8e362eafabd4767bed2232aab8c9a1bfa0249dca7665489413614f0027f68b35adff8fd2547047f516bd3c98 |
memory/1136-383-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2144-392-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CqYYUgcU.bat
| MD5 | 7ebae49fed8d7549c11855ec2dca1e14 |
| SHA1 | 8e3903a0315d03c019511ac030b08142395d55e1 |
| SHA256 | efda2bcfb1736533f0284194aa4e9e5fee6babfc3c088be4c01bbbff293414b0 |
| SHA512 | 44b41aadc9435c2532edf0c5bd70578267a5f30b2b5f420dd16b0d3d9c012db9f2bf64741739001b8ab7354b040b849362e728b53396056bdd83fe90d5ff9b00 |
memory/1512-405-0x0000000000260000-0x0000000000293000-memory.dmp
memory/1136-414-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IYUEkMcY.bat
| MD5 | db78ef1fead15545356f232778b82b1b |
| SHA1 | d05edd76a829419597e9e5a52f6c6476d7efe076 |
| SHA256 | 82f9bb52f365f38ac5e0a5abacf891b220771672d9bb04e869088999ba4e15a9 |
| SHA512 | 72f36edaffd8311e91d7b2328e4adea120a0654c1035702fc58c9aae339e8f614453bd2185eb10cfde74cd8116c78f542e68f7808c3a5ef0cc4505094c6b6ed9 |
memory/1120-427-0x0000000000270000-0x00000000002A3000-memory.dmp
memory/2284-436-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FqgIkIMI.bat
| MD5 | 4a2d36e0570e1ecb90b3cc9e082fdc10 |
| SHA1 | b46136de1a68cc78ecb4db50ba0e73075f391052 |
| SHA256 | 47440259dbbd24b09948a98402ab518d6fb98b0c3a1ad5487944e818482f93d5 |
| SHA512 | 999d98d93b6a42203b4414a605e82f06a578103466d38f44abbb0ffa37a14504b4e66a89804dc148bf25f7cced5908b20fc8660998df3b90296dd316df340471 |
memory/2356-451-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2540-450-0x00000000000F0000-0x0000000000123000-memory.dmp
memory/2540-449-0x00000000000F0000-0x0000000000123000-memory.dmp
memory/3044-460-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jSMYIokg.bat
| MD5 | 8982a3e11c84eca6adb420b195c3e671 |
| SHA1 | 12e49132314e9c707e3956b198334b116218e80a |
| SHA256 | dd311dee394563ecddd144a54ff5aff20aaed30dae0673e457234398e1a75fde |
| SHA512 | a941c7bb91287b53eeead3b6360ce22c8e321bb670dbd0e87f223346cb33b653f42bd227ee9e744192ff4e3219c12e41e38eeee4c7b4a976844ed1cb91556834 |
memory/1496-475-0x0000000000120000-0x0000000000153000-memory.dmp
memory/3008-476-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2356-485-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TuAAYkwk.bat
| MD5 | a1c468190bd1b794958f88955f5bc373 |
| SHA1 | d04011f3dc6ea7909392ebb1d3c2b22d2242b0cb |
| SHA256 | 9684cd898c335224708243b61c82f55ed9544500e7069bdad22c3924549f9746 |
| SHA512 | 04620b773343c8754709ce3df818fe6421a64aaf22997f3883b4d9213c04c27e35abd726f07ebddc0b84e0f33b4040addcf68869283e1745abceabc04f290f81 |
memory/2868-497-0x0000000000400000-0x0000000000433000-memory.dmp
memory/840-496-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3008-506-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BOkkIAAs.bat
| MD5 | a1a22ae8b4edc01008df5a910d94720b |
| SHA1 | 9b9914319d516c87070a0de1886368fd3058cacb |
| SHA256 | aeceaa44f1a7f71ea990cff52f8df2bf4e54a643d4452b3a5e6e52644ee58780 |
| SHA512 | 95a2c880743bdeae9d8271dd069f127386a70e847b7d5445a56072c1cc633f0252cbaac2d945a526c7fa672e27fe756839d014221fb6ca9568ed93ba20d0599e |
memory/2328-518-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1180-517-0x0000000000270000-0x00000000002A3000-memory.dmp
memory/1180-516-0x0000000000270000-0x00000000002A3000-memory.dmp
memory/2868-527-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tOkYEssM.bat
| MD5 | cad9ebc8f3f6fed6ddc51c5ade213364 |
| SHA1 | fb27377baa27afac253ea67639bdaee9540420e1 |
| SHA256 | aff252b2ca495db14184b9ec6e6c30b20fce1a709a291aacd3fcd9963386a0e8 |
| SHA512 | a4ecd839916badb1383ff6811b9e87c960102ce2ff773c55c23c0fe939b5bf1d43040eaf64d6f34279b2d6cdf6bbc83d0a52cc4b16f75e5ac70c35324c2f6c42 |
memory/2328-545-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GgUoEksI.bat
| MD5 | a9e7d9f8f55a36c9aaccf2d397cdb0d8 |
| SHA1 | 55736c428b5b8bf7e16e03abf9c1e4689f0974d8 |
| SHA256 | bff63efbac0f292930fbecc44df8eb41b3c4f970013783e87a2e1c9c8f0dd6ff |
| SHA512 | 10c243572fee20a648d312c7fbc97ba69b809c6cc16e1443f03435b68645c9681b09c2d461fe86b2ca4fbd47c1aa52feadcc98ee5c695453e28d9322e9a02513 |
memory/2088-557-0x0000000000120000-0x0000000000153000-memory.dmp
memory/2088-558-0x0000000000120000-0x0000000000153000-memory.dmp
memory/2604-559-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1772-568-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IeEIUEgg.bat
| MD5 | 30e8946a2f9b720c31fa5bf1ddd790db |
| SHA1 | 8c1f142769ef43ac3c4ad9f7103f8eef47ae8dd9 |
| SHA256 | 1fcb821d6a6e5b83cd94fdb9c8463557d5b35c40f2e1c68d2aa35be51073aeb3 |
| SHA512 | abbfe390d3f4d8c2b135ecf640b5eb33461296c44634e41fd867972b5346c7bde435ff7238222f6c614df646205ade167b6c5e2539686bf8719e72b250430272 |
memory/1956-578-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2604-587-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ImIEcsUI.bat
| MD5 | e5f2b25e5c197161ce738a7895fc7531 |
| SHA1 | f34f65a96abba994d28372870ae8eb14d09db329 |
| SHA256 | 390a66201b203232e26e691687ecf0ed8a6a42e139a6eb7848b1d08bd95bfe27 |
| SHA512 | 52a18e927fe7253ec7b8f35c1dc84fcd428689f99e1d05645b8a00adf933456314c946ba4a4b6e650e985b2b7f63e83cd148daf9eea1eeb34043945ffa811b38 |
memory/2980-599-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2340-598-0x0000000000160000-0x0000000000193000-memory.dmp
memory/2340-597-0x0000000000160000-0x0000000000193000-memory.dmp
memory/1956-608-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MwQoIYoQ.bat
| MD5 | a8d2c0137686f05431afb97ed697b825 |
| SHA1 | 053833478fb3a70a7bc7a96dafe8f36fde5464cc |
| SHA256 | 534e1a1a0f131784c5e2a3794c8a0ebc10c8e504690b737b817b5191f39224cb |
| SHA512 | 1189bb334a4881fa12115be72d3b38fac7710b77c7579905201e104d5b2b34497dfab4c979d5881946eef9d9ff78a3974731038494ec3d423187a2599370d113 |
memory/2876-618-0x00000000001C0000-0x00000000001F3000-memory.dmp
memory/2980-627-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\pIUEQUoo.bat
| MD5 | 5ad55c58f0a7dc40133235eb5dedafa3 |
| SHA1 | 2a3d5d9e14ca9bbaa0e91efdaaa1418b2c53c3b8 |
| SHA256 | c763f8fb985e0323e3c8de7c8fc057b74dadc61742af19966cffc607f4ffdea2 |
| SHA512 | a5741bb85fa6d549393eb1c964ac35396c98aa7b10beb5146dccec25c130b98554cca8770f81b451dceae81190966aeb2663afa7939e6ba971b1784bac52616e |
memory/1648-639-0x0000000000400000-0x0000000000433000-memory.dmp
memory/328-638-0x0000000000120000-0x0000000000153000-memory.dmp
memory/328-637-0x0000000000120000-0x0000000000153000-memory.dmp
memory/1796-649-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RKooUgMM.bat
| MD5 | 442e48a837817130869f7d800cad1cf0 |
| SHA1 | 53468c69e68a818e88025a321fc4dd40ce569890 |
| SHA256 | d7dd20488611a39cd1c15bca0f6e717a11da8e8eb5304f83544a758794b0e82d |
| SHA512 | ec802e197388550bb4c2b30db4461a21fbc4c1df11b78c1d4c459d43081986e4c2f0db77170948ea934c56d93596f2feb93716aa44f981e38f47b54067090506 |
memory/756-661-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1708-660-0x0000000000170000-0x00000000001A3000-memory.dmp
memory/1648-670-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FSQQEMEs.bat
| MD5 | 8871819b430f31c3fdedc04bc7e6ee77 |
| SHA1 | 3ef6c4ea3f7b7c1206fc0d3c1ad5f6cd979ea5dd |
| SHA256 | c6ef1962e2c1d24dd11004f612bc64d819c75b6d2ddd4cadf9dad1d7ff3f7952 |
| SHA512 | 74c4b78081082eca6db9c2e8ec94f0376d57449445daf342f89a92275ceda75746d574f950edcbc1bbae860f4f54063559c497bf425ecf54436f38b67003c1db |
memory/2984-681-0x00000000001E0000-0x0000000000213000-memory.dmp
memory/2984-680-0x00000000001E0000-0x0000000000213000-memory.dmp
memory/2492-682-0x0000000000400000-0x0000000000433000-memory.dmp
memory/756-691-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\VMAoIAYM.bat
| MD5 | b12f6e06b8516d885e69e62ebc86d122 |
| SHA1 | 9c52ba3dad217d1c584fea55ab3763c7ac2f9933 |
| SHA256 | b50f08b89db44faf5e1ce17b83cbd06e6eb7763fb401d85c654b233eb976313d |
| SHA512 | 7314127a03e66ec2e66c9ec68167626163bd774bd828ebf79dd22f2587e68ec09dfaf205be69765639d4505cbedcbb9bda9dc18739f1bdc62228b6d1d9656c34 |
memory/2400-701-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2492-710-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\DUswIQQY.bat
| MD5 | dadb55c0a5753b7dc80515fa671e82bc |
| SHA1 | ff5deb0c692a1f6023c850284d6e83d225389c56 |
| SHA256 | 0a14a25d12af11a2a26fb231990d947febc9b8ea4105c546fcc4ad54188610cd |
| SHA512 | 148dbca6d35140dcb29db5d45c0cc1a1205fabf4ed7e7cd97a6f9a136e390a51150edfda2992a9eb86721cbb5c06591de0e2aa65ee25b2d68c7a33ac23ba2fc1 |
memory/2732-720-0x00000000001F0000-0x0000000000223000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cEwkcMgQ.bat
| MD5 | b2997c674c312f8f90bc67f90a88add9 |
| SHA1 | f5fce6c6bcacabd625a6709ab9572c386f9e91ad |
| SHA256 | 78da30f775230feb3c8282480ae912d558579e0b14255f62ebb1ca508aac54af |
| SHA512 | 06ff01ebcd7cecafa44dab070b5dfaac1cf944198250783a3817c4256af4f942fa10ae409253b0fb21a901cbac008ff3f8ef81c74bb743d5e0d37cd4ca891c09 |
C:\Users\Admin\AppData\Local\Temp\skYM.exe
| MD5 | e7dcffc90f1e3a991f7044305007095c |
| SHA1 | 9e3ac12f6222a10a7bf1c23b6a887a1e95acd904 |
| SHA256 | 07b7eef3a2d6c50b8cfd9913f7200c0c0a45eb85138e7ea7943551c69fcc6f09 |
| SHA512 | b81407fa087098138a66eff81786a6a1307a53a4e67426e90363c76553f5fce54c563f92d72ebec84333b5351cfc7949a194808616db39989c99aa280f023c78 |
C:\Users\Admin\AppData\Local\Temp\kGEYEUoM.bat
| MD5 | 8e06517a1a5657af36e696ace3d54548 |
| SHA1 | 11200666d522b496a253be74d684f27377ff8704 |
| SHA256 | 6a0b3012a57f15ca6e3ad79fc506267112b0f04cd5e732d26c268d1cd968af5f |
| SHA512 | 2b0dfb3aa7473bf15f65a923af6e40ddc005a3d7cde89201d5cb4721ce4a29f2db8d7d3e8b1471bce287388ca18e2749ce1d4d529fdec3cb77314d2660287fe0 |
C:\Users\Admin\AppData\Local\Temp\ukYkMAEM.bat
| MD5 | d7215170cdb7ef050660fe21f009fa08 |
| SHA1 | a849d7c9f8f36b04cfa8f58d27846cf4b0da1408 |
| SHA256 | 42867efc84eb3ecdd80147ba04745d8c6edf8d0947c141364426254e0358c3c9 |
| SHA512 | f1cde61d35483d4039f45847dd5e17fec28800dedc6edac0bb75f23d8dc800ceeb1061c1db117752e53d04c7023c49c25761e2a2a4336b4c90da3d968504c17a |
C:\Users\Admin\AppData\Local\Temp\wUMAgkcE.bat
| MD5 | dd0bd450d45a6b48a9649fc78d1cbbad |
| SHA1 | 2129eea63ee0f9583e0c55baa96998ba1e7e1c93 |
| SHA256 | f06cff416ba402875fd6d2aa576ebf18bc052f903b0ee8e58049f71c022869bc |
| SHA512 | 2b48067df3c7657df2df912c48181ddb75089ee1a69ebb65a1a6af75f29da189bc4f182341d81fc51cdf47353c4388c5055422366664f726f676a3f07f6c698b |
C:\Users\Admin\AppData\Local\Temp\zUMYUsYQ.bat
| MD5 | 298028d6f040365a746fdf4274434e81 |
| SHA1 | cf1901a61e8b7b73cea915b402d74db6c40021f0 |
| SHA256 | 30bdb689fbde98e0cba63e99e7686cf12c3f920d910f20f715b8a7c521002d2d |
| SHA512 | dd20261bf66ff42c82b59e16de6bedbe491f29c92a76bb1ff10e60bdccd59dfb799490a5cc27ae7d11070f8be05ccc4a4ece2c43fe6899da256b28eba5f2a6bb |
C:\Users\Admin\AppData\Local\Temp\LqkQwQwY.bat
| MD5 | bfb35c0778742b60af6c61f429ddf922 |
| SHA1 | 863c042455f833c7ba2873b22415a2ab08fb13a9 |
| SHA256 | b7e4f8fcb74c10669f43d22e7596df0ab49f52a5811c0dd9c982d1b4a456334e |
| SHA512 | 699e116d27e4d7636211e2fe6d256bf5aea4a255defd150528f741b776bdb21d8fe6cb6f0dd5afd97053a0909d7ec22f6dda356bc2545ac267a77756d0eb8652 |
C:\Users\Admin\AppData\Local\Temp\tykUAYEk.bat
| MD5 | 1f9bd7f2bb41dff406c35e5ce4bd57c8 |
| SHA1 | 0f741a3bc578842fb981417174494c126851c0e2 |
| SHA256 | e995732b52fa1576a1356b59ed8192d94a392e039eefa97f52127f90244accc3 |
| SHA512 | 655437aced72632383f595f07c7e31212700e04b90a2d5b191b9a10410e93892da61e4bbc96713c161cc5b3cb3968e356de1f1bb71ea5d1791aebb26f00c05d1 |
C:\Users\Admin\AppData\Local\Temp\jIIgMYkc.bat
| MD5 | c95a5b74a0815d6775d771f0d851a198 |
| SHA1 | b2e662eea0847a906bb830b8def2bf5d224ea4b0 |
| SHA256 | e57315d5d89bcd0a1f43df459c2d315d29793037b1f395908fd4bae3a20302f0 |
| SHA512 | a4ba9bda76c79c7fd8dd8f8aa1eaafa61772ed364eda2ebd98372a45dd703da4471cf8e655e100a2931e255e2123c08142efbc3f43b602a7739ed30745c71f09 |
C:\Users\Admin\AppData\Local\Temp\iKkwUAgo.bat
| MD5 | bf22f9bbd13d8e7a1262f6729613b7c3 |
| SHA1 | 2ea20df4c1e3246b8fd13a89b3033a1e879ea6e2 |
| SHA256 | 19ab8c15490d2f6a36496a4e270643ebab3bad911da9cf7e445453852c116302 |
| SHA512 | 736839d0605a6cd3cc25a944c63861720334b686e4f5999fa3fcb22a28ef73147d8ccff113a8be8c9f3a9ca48d718d7b86a8f19498485358b8bbf113ddb32c27 |
C:\Users\Admin\AppData\Local\Temp\AWoYIsQQ.bat
| MD5 | 84ade44e398a539e66df1b2974d55c93 |
| SHA1 | 6c79e440c1d5af517f3540ed560465acf9bad9f1 |
| SHA256 | 5ebaeaef4cbaa0be749409668fbbbdc0aac19caf61168d7721ddf44717c0f446 |
| SHA512 | cb9e201bf10acdb3450d1686142a843b2cb0ae24e849ea49283700f38b7ca39270d540c4dade1131387b729c4a2bc7f2b8893587ab457e24512d14254dca0d3a |
C:\Users\Admin\AppData\Local\Temp\MmUkIsco.bat
| MD5 | e0ee6c6a8120c3882cb000317e162442 |
| SHA1 | 9d676af0c1ea1f83b847c1a9aebe09e358dd117a |
| SHA256 | be2f22cecdb6e8d48d9244d52a294e7492ec52e48bbfc988f19a427b7b8a8474 |
| SHA512 | c76361ed931a4e2e2133680c800d19b54ad035f4c863e66d5456ddf74519250e76b12eb820351492948af3507497418abd0a66e64535896d8f7ccb31ab54387a |
C:\Users\Admin\AppData\Local\Temp\uMcoUsQM.bat
| MD5 | 0414c1c166b616b98ad19ffe240273a0 |
| SHA1 | 851f0bf3c73428f011ad3ad0db278b9e8e04bc15 |
| SHA256 | b46b67c0596d646cd950684daa705651a5e8a546f43f79ba5922e9b588d80dec |
| SHA512 | 189582ee7d5e993dc9599e3eca5b3333ad787bd01bd3957b00f3d40acb3b0759617752ee215c652c91d5bcf38b2330033ccc495d5c3f98f9905230bf5b66851d |
C:\Users\Admin\AppData\Local\Temp\YyogsUAI.bat
| MD5 | ade159b171a8c6d94301c15561d5c10a |
| SHA1 | b55e10e1ea8d897182c87268ff559aafa0d3c4b7 |
| SHA256 | 45a661201e21146dc25df197288fe033df3715707dd11cc62f38250312bbf755 |
| SHA512 | 6e45947d96127ee8c18092603f4b89e810c9908ba87cd41fbf60ddb3491dc1759576443e52b5f231a0b649e39b4d15c370b3eb6eb038cf71b82118045f85508d |
C:\Users\Admin\AppData\Local\Temp\RaggwkEg.bat
| MD5 | b014aeccadcbcb1691a7259159a68e4d |
| SHA1 | 165b7f1b0178c6ac07080f10f6ce2dfb74890432 |
| SHA256 | dcd984c2fa6bfee35e10ca36585c0c4a2270d6650b14ff7d340154278a7fc32f |
| SHA512 | 96c51da30d89f4c48f0f3528f28e69a9d190a7ee35f12eeccdc36094e6f1237cb92bcb0398df52b17f52c242accebade1afc6ecb4a6c259b0fe886d3aa43b899 |
C:\Users\Admin\AppData\Local\Temp\TWkEEcYU.bat
| MD5 | ef6171bd5d549d71fea029bc2e5d40cd |
| SHA1 | b802085b6f142fe7e39a627b36465f70fa0808d6 |
| SHA256 | 98811fd2ade9912bfff915dcce803a949838d1936607bb0b9082cf09f4dd6f30 |
| SHA512 | 7ec2e3112ae4000b0138a6682746b62925808d832db87c7fed7597dd4df43f9cea22f2f4fbc8a53bc46734f1c2fc17d91f38fcb5e22682cca3004df4494c73df |
C:\Users\Admin\AppData\Local\Temp\TiIYkkog.bat
| MD5 | 3114b6b2f5c941f5e5fac0ff18372e0e |
| SHA1 | efabbeda0922477e1bdb107c067cd29838fd88de |
| SHA256 | 4fceb8b90990fa779693e63d961176441d20579c8691478ebc85eb22ea58f978 |
| SHA512 | 03868089635072af9577c5f8cea3434be7c693bb8fa0c6e40b6a1d2ecdca2235798fc8fdb516748c9f2a5e2931e37525442a7b85475afdbb2c7342d18716f782 |
C:\Users\Admin\AppData\Local\Temp\VcIcYEMk.bat
| MD5 | dc30f3871924ff690bcc3aee7233e50e |
| SHA1 | 66db52399320110f7ed95792ac9f778ec931af72 |
| SHA256 | 855f519c500c2b944552b799419608c06d792feab2d4ef859aa6e629f830c910 |
| SHA512 | 46acbd92ad77b4db0bc3013e3e523b91d395745e1520156388029ad8a0beac82c548931b4e1c3efa87a18649508e6e53d68f63625552812918e8fddd77d48eff |
C:\Users\Admin\AppData\Local\Temp\qWcAgogI.bat
| MD5 | 4599d9aca0336fd64cfcb573586a86d2 |
| SHA1 | efdf6116e18798fa342c14964cb353dd6ff9ab19 |
| SHA256 | 494a1d487edd943ffbbd5964745d5690166880d0de10791184c00d3fed51f7a1 |
| SHA512 | 948738cb9743f00a9c8d8e86b635706db24a30d93dab9dd1048f8eea4c67465a19d07894761b3721c27052fc70213c22f129cd701066eb271aea23b5e0314905 |
C:\Users\Admin\AppData\Local\Temp\mOwUoEkA.bat
| MD5 | 8a627684bf43d48ad6d0be0697dd6a1e |
| SHA1 | a3c75ea1aaefbddd3d5c0397042af7a181473f1a |
| SHA256 | 02d9ecc2d9d59fe083408b13f64c39880910540946dd567053ff97d3970b6583 |
| SHA512 | c41d1c1556972e391d0bfe42c89b63c0ae9aedc466e1c6755974c1f9607c7c97ec6c59cf4d0196b1e0d7230437d48b0abfee071139d146b71c034e7d371480e8 |
C:\Users\Admin\AppData\Local\Temp\ioggUcYg.bat
| MD5 | 230ff6c45875cc445339b73a54efd554 |
| SHA1 | 8e78ae6445583f4f7c47cf77f7562c54398dd78f |
| SHA256 | b8cdfadc42b2c179412674128a10f366069fefaec6ebbb56f98d55f63711b91e |
| SHA512 | 6552264122747e9354e384496786a459fcf1033c4d0c3e369aef6a1cb857f913553a26b9e14279f1bea1b48a474d749506e991b2fe0a70fc13fef44dece39445 |
C:\Users\Admin\AppData\Local\Temp\ysEIwckI.bat
| MD5 | ea8fb26093cdb93936ee37f516d89045 |
| SHA1 | 3a09a93b6a6839dcfecf99714cdef51e8064bdfb |
| SHA256 | e332fb635d515c0e035fdd81b8f186ab27868a4bd210f45d9f2f4a131a9d3720 |
| SHA512 | bc1ae4cdd4057ed01c3a986931fd6d5a34630d4f3a45ae84fb7f6aacad484f3e4b4d835ac1102a98d9a21f0fa7682808e397ce40842d12f6b01d9bde1c6356f8 |
C:\Users\Admin\AppData\Local\Temp\aswEQIco.bat
| MD5 | b532eb15c2511459175d5516e9ecdb21 |
| SHA1 | 50ad8256f22d6e3146a3f5fa307fb678c32bd9fe |
| SHA256 | fd9a99813514e915356328921a3101bfff205ccbe369a3b8620ecdc5f3f07428 |
| SHA512 | 40d58c2b61d84d6ba5ea75a7b320fe3cea657124d5dad063851414bda2f4e9bfa2d341d097c2e18b1779f7fc4cde610d38802e3f05e41d75958797118613acc3 |
C:\Users\Admin\AppData\Local\Temp\BUwEUEsg.bat
| MD5 | b7db07ce33f891ddaaef173530ff1bb7 |
| SHA1 | 3771ae6f35a273efeaf003d99184b315a50c15f1 |
| SHA256 | 52ccb88464c028ed6f692a5a0227d88a805d1333a02e6a145f48740149b77749 |
| SHA512 | 77df1e6b13d34b290315d29cb4ba3107c7af69412663d2a140607962286905e6ddd08796f53b2824ad0878bed408e25b685fe8bb7a04c9e783fc35172af63013 |
C:\Users\Admin\AppData\Local\Temp\sYQq.exe
| MD5 | b23f41369af65bf21ab36a99b9d57ce6 |
| SHA1 | 21528ec8991dd25d6b0781ad605c33d34c69358c |
| SHA256 | 9227fb672898c8102f98db5ca1eaf30dbacc4b15cd551c590b5982ee52d90454 |
| SHA512 | be91d62fc704f488b4e8b29e609c86ab20997d6a8ee456d2ab2ed2cf544fcefd1bc7bc16d9ef676bfd08a2c975a4c899bb36086979e619601dbd1e6d4234c675 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.exe
| MD5 | 94b55c74393d9bd88ca0794bfb80366e |
| SHA1 | 6c34181d83d96a0edc36efd57b5e95ac8db6adb0 |
| SHA256 | 17cb0b3806633caeba5becb8d8bfde599a27b5a54abaf2c62a8f4f13861f93d7 |
| SHA512 | 76033a96deaf0abb0fee88509cb62528428f0404e2278211f4c601bf3c1d8268a6681967d6aa1d6b94343957116ad788d13698806bd952fcba47464fb1a3a59b |
C:\Users\Admin\AppData\Local\Temp\Mswg.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
C:\Users\Admin\AppData\Local\Temp\IIUs.exe
| MD5 | fe6ff265fb5ddbe45a0a4e1538fbcd4f |
| SHA1 | c5231ae55765fd69fb7178b157b750d66645b0c7 |
| SHA256 | 2ff10e3cb1204b41e2936eaf535d3206d4189c094bdaff531817c5a24e8a12ec |
| SHA512 | e41646d48d7edcfed3623835c078af02e24aadefa1318a376b4fd360c928221539f778f60c7f2d58870cd4b24f5cf73d21f5041d540a10c82356427b4ea0f46d |
C:\Users\Admin\AppData\Local\Temp\wcwc.exe
| MD5 | 9d76c4d786e38f3a7212d1c59213f2cd |
| SHA1 | fd9e3faa0061c593966d9225f193ca28353765d8 |
| SHA256 | 8892a82f1fa6d715fb806a952d4e2029f86873fc3c96b82d1d2b1b3908ec2e65 |
| SHA512 | 58791e367e0489045ff98cb88ed8e8ab0834c1223d2912157484deb945a7868cfedc8e11b292bc92c5fe7bf1cd6245f10bdd13a734d20636bb6ffe220ed3653a |
C:\Users\Admin\AppData\Local\Temp\fgEsMIIo.bat
| MD5 | 64ae85f939553c7a9fa7f039bfb7fb97 |
| SHA1 | 978afe076cfb6decc029b7f41371f800b1d69a8d |
| SHA256 | 207cc9ad74a272d6507e9707abb00bd3633109fae4e83bec29588c0420a7c362 |
| SHA512 | ceac6202d8e401324013c85bb1eaa4b323a89d15ef4498cecdc8625db2a9ca6d8f2701ae20624c8b7d4d87b03bbef5f82f8de1bf706566632fee75bd47dc5fac |
C:\Users\Admin\AppData\Local\Temp\CkMS.exe
| MD5 | d632da323cd4b520261985cd5d2a4569 |
| SHA1 | d779169003fe6e2b7555fed895dde7cb883ab2a0 |
| SHA256 | 2c67f3059c9e0ce2c36cc1767dabbbe02beb1179bcdcd84f7092a8e05ab15a0d |
| SHA512 | e53b1e650a712b37b1195e1cc951432c1c519b52d82c704ce064c79fb0bfa05df1f9523bcc624b5214ce198af5969658a4ef06a9f25ddb7e7055a3ac926d89a6 |
C:\Users\Admin\AppData\Local\Temp\cwEO.exe
| MD5 | c5a1e5b9bac720565b8605547f1e6e18 |
| SHA1 | 0f6f300a1130021ef4a5dedb4234f567fe98ad4c |
| SHA256 | fa6907e5c2db9184e2256021613f6e32d951709612acba23a8a74228a01aa858 |
| SHA512 | 345b6d6d74b4d1357b231927bb54a68c121b51c071f316dc1dc274de11a25d6bd872a05a6a0099b3fb2e95b6bce0fb4c86f40d6c86e89298dccdf5a62089494f |
C:\Users\Admin\AppData\Local\Temp\mgEu.exe
| MD5 | 9a64eebcdb7102560573790c81a89a3d |
| SHA1 | 6b7a657abbcb703781e23ab3e8298f71601b7c60 |
| SHA256 | 43082f159d64152f5c9e2201397521d5fccc3f6eb873bf5bc8a4d80b11ee1d70 |
| SHA512 | b1eb018a04724b8adac2c8908f32bd614d0ac6e6baf41b5aef17aa8992db2f1ec2a4bf245c5d98a541ab118281ff5a5837f47fc157e0ebc6e5e19e7888e86722 |
C:\Users\Admin\AppData\Local\Temp\sAok.exe
| MD5 | 2bf913a9cda61107eed1004a76cb439f |
| SHA1 | 8654f08ef3c2e220685193713c361a7108263f4d |
| SHA256 | a4911e55c6ee37a555b056d7d41b5e7a808083e7110c72f9612fa587a5dd3434 |
| SHA512 | 2c49e959065d65804f19311d6e8aece6f64560a6ddc445b3d97a63f1d6bf3af65a3dfbdda6396426b40b0a1e52f9df7dda5f7d38441c0aa7f6c5ccc5ffde4118 |
C:\Users\Admin\AppData\Local\Temp\xCIcogko.bat
| MD5 | 067375fd2420428a65523607989067a6 |
| SHA1 | a3938177a10146319a398547f741e1c807d1c0c8 |
| SHA256 | 0544a602ef6c6ee6ca04a085f8a69b089b87b3f1b7ec0f4f699d66029242535b |
| SHA512 | 7a6eb66012579414d219c5bdd5ac278c078de909966324d908d5b2435e8d28d4a569b540959ca89fb946ede08778f1679df0fddd3d3bf6847905dbdc0adc0f87 |
C:\Users\Admin\AppData\Local\Temp\IQck.exe
| MD5 | 57c1c1b33567f13626a08b7648792e53 |
| SHA1 | c44c161b2bcc712e9ee2d00ba806eb294091b6a0 |
| SHA256 | 93b76b571391fe1a97e55e0d37dd8e60e5bb8a4136263637960cb23dc0384097 |
| SHA512 | c34a4eff1ade806a4cf0fe679f2bf725d91eeeac0fc53cd65a29840b1f1c3e24e8805d2c7ef26e0ac2bd65cf25bae58bc5daf06752261011a86aa326bda0954c |
C:\Users\Admin\AppData\Local\Temp\cMos.exe
| MD5 | cc7242ff7748e1df8ff289329bc47df2 |
| SHA1 | 963c9dcac8f871e3cb327285018453897b25bd9c |
| SHA256 | 134820dbcfeca4193049a61d8adee0f2b907a18ac9870d1be6cb634e3bc5cfd0 |
| SHA512 | 03fdcff40d48a086b528521b09f0444434b52f1505e783cee960dd9d6ac7eacbbb231b096a7778e72387722b415126bdf8aa77a68a914a927c01fcc47187c78c |
C:\Users\Admin\AppData\Local\Temp\uwcU.exe
| MD5 | e9948ba6a416ef51b21cec50912684ae |
| SHA1 | e004a2cb0486f027bf7dd9616eaf5463e92e027b |
| SHA256 | 4b5c77b338c7a7126603bcf393752228c06592186f961eb246c97922de9aaa9c |
| SHA512 | 1704eb4b9ab5d0f47433a8f8b076bb732f6b8123b1de7916f2565e2c10bae47a05f1134a11827222ca6747ee74e366224953ea43ac07ee1ef269ef0313b9fc05 |
C:\Users\Admin\AppData\Local\Temp\ecYc.exe
| MD5 | bde98f4baddae88fac54fc0129a30175 |
| SHA1 | 4a6dbca598995c4c80208440c294dc42b0ee9eb2 |
| SHA256 | 1404c0565795c0dc0136f3f40634bbaeeb35bdfa87964dc20bf69c18b71e1a03 |
| SHA512 | 152210ec055d26beac67cbeef5b2cc19dec4ac8b6f37b60d81c100ba59a41f13d4021f109733271720031a77c5074d9adf0671c18a9ffcda161ddd2145c30064 |
C:\Users\Admin\AppData\Local\Temp\Akgk.exe
| MD5 | 797cae0b941d5b2f748ed1aed0a5fd8d |
| SHA1 | 62060ba3e9a5ba451d8dff381602d68a9e7ebddd |
| SHA256 | 24829fd39ebf16c027ded511fae51ecb870d928b562d84102eff927e7ff6c698 |
| SHA512 | 14397a01181bcabdc0703fc1c078d9535649a8bdae5e1d8aec426246051156d2da9c48fd0a0d273cf02867a2292cb1b16f6359af4a768424b9abfde11d3ac6c0 |
C:\Users\Admin\AppData\Local\Temp\Awoi.exe
| MD5 | 0562d9355c1ae1a531b0b156d801ee8f |
| SHA1 | 7c7c377e52263743daf230d43f72e75058ec41a1 |
| SHA256 | 9308aac1f33bf8d25eb444386943b435bfa7a87d458dfd5a10b201c73f11592c |
| SHA512 | 20d13d917552d5b32a4f552d24069782ab8b09de3c6f0b429e433ad0de88d1bb6f9d368908d07be96c96c63f3f1949edc873726e2c7524e8ba7452ddcc36d0dc |
C:\Users\Admin\AppData\Local\Temp\CcAc.exe
| MD5 | d3bc48ddbb91d4720b23614f809d212b |
| SHA1 | 2ebec644288825754ba48eba496514568af72c27 |
| SHA256 | d16043d4b8d1cb411c38cb0f520c810c7cf86e24c8233d923d5c4fb2c795a0e5 |
| SHA512 | f19cf4dafa0cf449a528a70e31ba59918c69e289083046ed41654519c30a05c454db4aa260572cb83c6003a71670939da91c3a0acf17e3ecc650152f11d89b78 |
C:\Users\Admin\AppData\Local\Temp\YwgS.exe
| MD5 | 9d2978350af6514780a768206148f701 |
| SHA1 | 7bd0281717a363bb53b480af5bd9201d1d5c2353 |
| SHA256 | c8d6d0aa1232536b18642ca41a2bdc071a578d6499cc2619e4bc4f6c7b185c54 |
| SHA512 | 21d78b02c974787f09f452bd11b65194cc5f40184b332a0b9e1b88714cdf52a3beb5dbc17f31aefd6d1f04694b70d3bae0eb0df33ea7bba4723dabba0490a24a |
C:\Users\Admin\AppData\Local\Temp\nQwIwokc.bat
| MD5 | 968cc69103795c045a26b7415a2f4ea4 |
| SHA1 | 161cc097a965f5e3bcfa8818cdd7f9e1f949b959 |
| SHA256 | 1a14fc8afd33e6d00ef995ba5828fa9bdeb766825771d02e7d83c535a35a1031 |
| SHA512 | d8be237172a19a52ad61e3d8d88ba52e6829bfc59963f6114b0da7e7273efa9f4d64ba61747dabed49ef91329165758b23a0c9bd63521a1b1640963d5c473815 |
C:\Users\Admin\AppData\Local\Temp\kcUc.exe
| MD5 | ba5b1c89344875b322d1b6f67a4f3d13 |
| SHA1 | 7c1b947e6347a9d02f35484ee637293a2018fae8 |
| SHA256 | d2c3b8a56131371ff2a30c839a42645d7035f161a57bf351d44c92734816de97 |
| SHA512 | 0ad3d1828b7463ef8b5ee08ed0d90174af3e7f23280f30e74c6b118b6ef19c04ed358e4c028092dfed923d587f1e4cdf1a73efeaa762db4c7102ee1adaa05d56 |
C:\Users\Admin\AppData\Local\Temp\KQYK.exe
| MD5 | 36a970b74a9e9dd614c1b7699f01849f |
| SHA1 | ca1b61039d5feb3985b7d2b293895bd82acc2dfc |
| SHA256 | 86a848b9ea0c0e63aeb2fd6b736a5969bee356d9fc919aaf48373aac5db7068d |
| SHA512 | c1e87063378ecf985b1e3420f769c3c2da46111200f99508c8757258efb70570cab57b228826c92e59ca63a99c6a6d9bcbe476223922d6b33a821797f02d50a8 |
C:\Users\Admin\AppData\Local\Temp\sQYY.exe
| MD5 | 48ba4297e8e28646952de6861621a936 |
| SHA1 | 2032f54d0845e80f2449bf991b34f365ce9afd02 |
| SHA256 | 6babe51c2c58f707d2823990cd5544b98440f5f9590ae63837bf827c7250b4bb |
| SHA512 | 773553c8bd5e98b5e2c8703135f53a342d4205e64038382a157105f7eba2130fedb4ab61719ae879c6c8765281fcfdaa23ff5ce70486fce82ccb8c1a2a17e3cc |
C:\Users\Admin\AppData\Local\Temp\uQUU.exe
| MD5 | 3b5f66f2af1b1c6b737debbdcbe25e6f |
| SHA1 | f6d97a1a34c35b028162fa74beaa27a045ea0de3 |
| SHA256 | 162161e4bab064cc0449c19d40ac75220a6ed11174dd6ee7ea164c1e28323b75 |
| SHA512 | 55ff6a0c8394435bde7f4793c1cd32c411f84e915fe31d8793f18fcc0872604aac79e1347bb90493a9ebcdb909e0c7b833bbaf6a66c7ec0436fe60895baeb5a6 |
C:\Users\Admin\AppData\Local\Temp\SYEs.exe
| MD5 | e5347927bf306325cf534a5913b91079 |
| SHA1 | 85b9479471b3a0555203b809e43f217b8b7d8a24 |
| SHA256 | f18df413d3cb090fb7c185eafc44386942017358d4c6f5e4375d7c0ab8fd577e |
| SHA512 | 3703e352d464a79c03e90eba1e62640c68fb430a4014f0cabf170e9e4d6bfe5c8a55cbcb51868c6bf7064a410b67213127ef062fbd577f6c2e982f97483ee2c9 |
C:\Users\Admin\AppData\Local\Temp\aUcG.exe
| MD5 | 539e68141a9ac921ee66cff9915a0432 |
| SHA1 | 58185bd0c890db3a4586d806f5414c1d4596a764 |
| SHA256 | b3524b1b248e82dc2d8847607297830ce77edc0af35bc525b0302ec5371cc2af |
| SHA512 | e5131fd4afa2afcec69c2196c43431aa0ec14d36553ecc747ebbbe17aedf721869125c1cb7a1930d8e3faee170a0f66ae43d56f83d545d6200599168fd3585c6 |
C:\Users\Admin\AppData\Local\Temp\uQwYUoUc.bat
| MD5 | 7bac8c811418d8d7ece354a1d408ea85 |
| SHA1 | fa2fee925a6f1ace760ecb3804687ea90b53e2a7 |
| SHA256 | dbce1e63f1ea517124203b025d2eb29f88c8cd558a7e2ef3cfcc110c4159a18d |
| SHA512 | b70ccd42fb645c89e379e1ea3afb3ce09840252adcfb607c3827a49fd672c2361822bc1c77cd33c2051e96dec820adbf7409cd1e3e28ebfda56ee63020ea4a54 |
C:\Users\Admin\AppData\Local\Temp\uoMI.exe
| MD5 | f4b9ccf0f3cb47d879c6dbc30117d68a |
| SHA1 | f95ff7cc6bf1e71dfe337bf782de2d1f0c2cb3bb |
| SHA256 | 2777753a052bbf89b3ab0bfb6f022b1b1d11d8874aafd18280fcbee47545e13a |
| SHA512 | 110d1ef4394f3aca05b059a8d242bbc1855bba8594c4117d1b344eeb1e61788451c9f3903dc9569c3647ae3a0f4412fb69842204921d476a07c79a8e8b69807f |
C:\Users\Admin\AppData\Local\Temp\OIMS.exe
| MD5 | 5ed85f73e9ea20fc37acdba039e64719 |
| SHA1 | 1f95d7aa626db6a31560becc07751f6d53105c38 |
| SHA256 | da92677ab584b73129d4998769cee602085787c6be62c68ba514119f10d944bf |
| SHA512 | 87a0f1e7aa01b554c213f44f78ff443fa561ee7c09620225ad658cd074a6fa34416de10482fdff877c99d8b7b86a9859c45bc37de1adf1931e6887b88aff3a86 |
C:\Users\Admin\AppData\Local\Temp\wsIS.exe
| MD5 | e101117d541c354afa7ec5d361b2b17c |
| SHA1 | 7d212b18e0724b5a02fa018d7f428877e7c0275a |
| SHA256 | 3e04e6e01eeb0bced2c70d2b06eb67bc4c1548a314f637d5575fcd70a257bea6 |
| SHA512 | c203ee21e5e6a4caefc2b80d5b488eab58b2f524146834d1168ee64be68bad34f0b70bb1ef8fb0ad400b6e64e1ecd8f0c899dcb014eac17e683893ce95646f4b |
C:\Users\Admin\AppData\Local\Temp\sMMk.exe
| MD5 | 3412618c45df534472165139799f49e3 |
| SHA1 | 643f5a1c6e015ce06ae296bb76530ce4887311ce |
| SHA256 | 55e2e596476bee132520a8870ca24dafefb09ddf855d108ee3b07d3d42d874c4 |
| SHA512 | d1da9ad141090b3806e524960492741238b3ba1d7d95bf381d05b2b2918a193d7f79c437d383c4aafeb4601da95fa9ffcd9757f7f3c1cb333a480bc19f365b44 |
C:\Users\Admin\AppData\Local\Temp\MoIg.exe
| MD5 | e7c9c20061297328c39eee038e8039e5 |
| SHA1 | e875d627ea6f263a5b109fc0ba6bc1cbc6794e0f |
| SHA256 | b16d41ea991c886f5ba8f0d5dad450c569dab360391369f4736aa2241c8f60ee |
| SHA512 | ccfc05d8edd172c1983b98012b6f73fcceb5052ac4578e76d2bb864e3d06e8c88064ba9e245bf94b06dfb11b84f62998d8b4c28526c1d21a1b2e29fac2d5bf3b |
C:\Users\Admin\AppData\Local\Temp\CoYU.exe
| MD5 | 67fe041ff0c6e389db61b393f556e66d |
| SHA1 | 910920ebcc3a616d9eb8cd084f120d9120a785bd |
| SHA256 | 690d8062b1fb738fc05b6a0c76e666d9d017e57ff92e59e9253f800721ed38e0 |
| SHA512 | 42dfac33dab857d5b200b91f528f75e752f296f0be890e4fa5eb20167bbe1fa206a4ae5b06f26adeb9ba54c01b9934a563876c1d2f4ad27b67e6fbc07d919130 |
C:\Users\Admin\AppData\Local\Temp\kCMYYoYo.bat
| MD5 | 1ba69dded4d2becdb008028fd0aac629 |
| SHA1 | af0eba5f6293995e0231f1ccfbd6d2fbc56f2847 |
| SHA256 | b75f425dab0d69dca8074ec0528dd428b6c3778a53d4ddf791b088070360e3cf |
| SHA512 | b9d3e7b7d9957a2e5eec2e0ce7a3edb9adc0c201f05335d482077a701070973c683f98fd21738fbee740f5ae70846359a60d066d3504224fb811687fb11cd5de |
C:\Users\Admin\AppData\Local\Temp\iwAs.exe
| MD5 | 33b44bba5112dc660a01ff8141e8bfca |
| SHA1 | 8334702833b067ef82ede514c88de35287014bc7 |
| SHA256 | 1e179eb3ad877ab66389a3dee45055bfe43150c46492231f8b08c8b22cc6b533 |
| SHA512 | dfec153c509f73bfbd61f82f4e4c73112433f6cd523c17091ecfaf42c62b80cbfaccec0be9a1ed52157f18075f22f029442d4424b275471ce3872650f436055e |
C:\Users\Admin\AppData\Local\Temp\KcAc.exe
| MD5 | 1c97d09a208bf055229bbe5d96885d2a |
| SHA1 | efe77d13f2f8384c5a928dd847a34e4d7e75e5de |
| SHA256 | b0d4dde722f4cb286dbeb082e531252374538f45eaa3732f9b3601170e5aaac6 |
| SHA512 | 24b557f8dacf491c0304ee2973ace45928b290511305d737415ab6341500739e6ab1b249d5abe7135dc6bebdc4d93442ab836a8263832dd4b74ed363f3917560 |
C:\Users\Admin\AppData\Local\Temp\skwY.exe
| MD5 | 981f7502a7d26c4e9d5236bf88deb066 |
| SHA1 | c566785dae51f923b7960580d4abff6bc0818dc5 |
| SHA256 | 481b36e8948a2f17e076bc36c717a747e1b8427f1a0beb69fde4999ec05bd019 |
| SHA512 | 4ef909959a83ddcae4c6454d298b8290234b861f1caa2e45763f3a4ef3a805d3ea6c15648a8bf8fb08ffcc8b0e9b0825602b377b00537f7a573b86b4706ee9c3 |
C:\Users\Admin\AppData\Local\Temp\OMsK.exe
| MD5 | 939eff71affe1073a0badeb54822e517 |
| SHA1 | e3bc005f85e0eaaa7e560fc138f91b8d01990af2 |
| SHA256 | 296a1759ec322c8cbf371da3d860f39053f357e31e8435bdf7430667bf05598f |
| SHA512 | 97ab585666166a5b79172f731eb69656ad119e7ced330a9a5afe79c66e50f4b1dc98c57e70c14f70421607e15d39d107b5c69a285eaa5a53701b23f3fdf4739a |
C:\Users\Admin\AppData\Local\Temp\AMEg.exe
| MD5 | 1a43317b43c65e4f8e6987f1500b0169 |
| SHA1 | ef85c19412a3df7a16ba5b2edf4ac3bab835b5bd |
| SHA256 | 7111eb85b3411c24f05b8563e349f7f3dc7905609e458c6535a368d11845445e |
| SHA512 | 38a7df340ba31c08960920672afcd10d4ef62c719fcd70179f848045553b4829f66853c4a0794938e7e8a369ac42071c38db9973479c446c67ccad3a1b6d9def |
C:\Users\Admin\AppData\Local\Temp\Msky.exe
| MD5 | a72b9700c8ad59ae16283977c92308c2 |
| SHA1 | 034b6808a6c0a2436c5bbf968aea16e27fdc293c |
| SHA256 | 0031461e6d551ca5037e7ace6b48ffcc0f9039d0fb233f28fdf48c98d52af935 |
| SHA512 | e80ea88fa46be5a7364ee2da4e12ea8aa19a55561fc7efed53456422511b88c949eb1e2df1db643ed155c8b0ee55312a079d3fee636e7d5909c2f6d0645362ec |
C:\Users\Admin\AppData\Local\Temp\CwQEsgsc.bat
| MD5 | 50c4ae4dd2ed13d8a81634c2ff875737 |
| SHA1 | bb43a57dafbf34be8696fbdc8a807f33a7b2f7df |
| SHA256 | e69a693e8715ba3b9f12d1a135e16755b2e839892940570bc9fd2e37c56cd48c |
| SHA512 | 68ee8be3304a42f675e55958c78345fbb0eb7aa091fc6c881ae9f9f9416d64c267113ec51091956e635bc0c6867cc35f28b767c946bce3a168264faff722a983 |
C:\Users\Admin\AppData\Local\Temp\OEgK.exe
| MD5 | 1b93a86ddc18bae2105c6574e031835d |
| SHA1 | abed64e4a429dcce20c9e3a4ead095147b923a81 |
| SHA256 | a4112b4e3a10819fe827f66f728857d6d8cdf2ee07979e07fe649ca0aad96c4c |
| SHA512 | bdeb904d429c7a6fc24d16b0f617c4404c955f72772ee28818af6691f6455cdcc640f3694733665875c93af97b1dfea1f25cea04e6aa8d043f84df921763f333 |
C:\Users\Admin\AppData\Local\Temp\MAcC.exe
| MD5 | 2c0d7d630bf9ce6367c89967a77025d2 |
| SHA1 | 232ab260779b3d408c7da8e85b4d81a534e559af |
| SHA256 | 4bf3b4112a527da0b81a7bb9a3365dc0a82bf8b35e351e9ef304ef6f30dd2d0f |
| SHA512 | 2d090786d62ec7300a52d9bd6d2094982d52b297a4e88db470b602d37b373e68480817fed4ca5f324ba8b981d032f28394c0896a25ebd6e6269088f12d8c2662 |
C:\Users\Admin\AppData\Local\Temp\YcAE.exe
| MD5 | 529a5ac3ba4c770a5fded2388f3cd390 |
| SHA1 | a5a8363314eb9226fa9525c2d0e4017e8076bb8d |
| SHA256 | 4d9efc9cd6a5ab9a5386adc84441b310f9d77e769acd7a9f2615107abd814cd5 |
| SHA512 | 4aecc4b479b323831143bdc01a22ea883167c17b175895717e5ee89a80397eb1e4a2c1abd4aece55e269a31cb4588858d4f883f23b872d5a405608012d674ae8 |
C:\Users\Admin\AppData\Local\Temp\akwa.exe
| MD5 | 361d0fccd8665a5bab2649fd34adf476 |
| SHA1 | 7368f9f5fe7fcb57fde4041bd9f5e7173d01abac |
| SHA256 | 794cbaf613b45ad49f5bf0232e035060063b0c3467964ebda279858f230e2fbc |
| SHA512 | b902ac73791d8ad0e74276725c0712b2cb5a896a40601840b3276c1dc1d09f0036c5adf0d0d1a878a946e6902b8675e49e9a014f3e2deedc84dc5b155d816301 |
C:\Users\Admin\AppData\Local\Temp\EMkA.exe
| MD5 | 3187895a83dd209ef723a80d93c874c3 |
| SHA1 | 941a693bd7318cb6b9bac718d59cf4d48d7a5018 |
| SHA256 | ee15878b215eef06474087a457701a594c528f2bec5b43cbc0dba9c0a4ec92bf |
| SHA512 | 6a20f77a5f960b45d0283f253153bb1cf9df641b13c2a28123ac121daf0aa29a1e6c97a20b511deb9495449a78245390e47723009c52da83d634708b9866b6d1 |
C:\Users\Admin\AppData\Local\Temp\mkcA.exe
| MD5 | 488c5504a791c93e44129c8b5c65f513 |
| SHA1 | f5fc7de2890849b35251ff005c4f8100fdf5cd26 |
| SHA256 | be65853e280dd498343d58521e65eae36c71991927ab07d0e2260d2971c81bbe |
| SHA512 | c92d6e9eeb3df1102909c2ddf746bd5dcb640ae926298970630abcfd7573705b9ccc806823490d9051f37a47f11e9a2b76dd6aa3ebffae1044fba0207036c5c8 |
C:\Users\Admin\AppData\Local\Temp\uoEMsIsM.bat
| MD5 | 93e18673f0929d3be7e7a9d2a82bd06d |
| SHA1 | c1f457bdd1d1ee966bd83140f98555918973a4a0 |
| SHA256 | 2c85d75361293666f4408add653cec80608b8063c2fba7565437ec7cfe8b560b |
| SHA512 | 3080f4508ad7be8218d8f5f241c4f00e790310b1ca1dda795248e9c5a48d9d3b648cb15a43bf0b507ee71d95019ee6d6cf29b1d9587fbd3d8b013e5ca93fa250 |
C:\Users\Admin\AppData\Local\Temp\cMIQ.exe
| MD5 | b5588fda6b6b15ce6c99b483d0ad6c30 |
| SHA1 | f40891161b1ce5fe5e9f09a684098876345e8862 |
| SHA256 | 59bec54a69bcedca7fc994d4ea5f62af44abcaa2b7bc237e66e24c51b5521498 |
| SHA512 | 64e9325058439e2e5ef7e0d5bbc38634f18a6d75fadb7e1aa0ec0cff2181748591f554ff9f8a0e2c61bd437b8b30f85d83adc6b994b4b82fb95997d64907e542 |
C:\Users\Admin\AppData\Local\Temp\cEcO.exe
| MD5 | 5dd0d11b520ebd34d45cf25aaf9a2a94 |
| SHA1 | de20163d0a442286b1cf4b91440cb3c8ccf41b12 |
| SHA256 | 57110e876a0c52aed5bb8e7392c7ec5ba85e4debee3250385fbc88d690eca701 |
| SHA512 | 288cc0ffcd59f9ab26afaa1598308f8d6bb7c903af8e8399e349c74811f366fbbc5847136148236ca500e75f2d0d7bc236dc458706d5ac27b3cb1b3e674a8fa4 |
C:\Users\Admin\AppData\Local\Temp\iscC.exe
| MD5 | a9e875723fe62fd85d671cb6e407e7e4 |
| SHA1 | 774f30e182b1401754f7483c2c51669403ff6599 |
| SHA256 | 3476d2587f48ff8ca2c8269daa2367f53c2c8d50562625fede73d8e87aa8b053 |
| SHA512 | 5450d2d6ea05262d5d0f86c430d4916e3a712a6299cd11c6ab76438e8beda77aea48ece4a198a2f2ef5b8a23b738b10444c0eb3c95b4cec2c6da2bb22f0769c9 |
C:\Users\Admin\AppData\Local\Temp\acwA.exe
| MD5 | 3a8eb35edcffa32191f77a10d415ab4c |
| SHA1 | 251b884c40c44cb027e7ff4bfebeed014e59dfec |
| SHA256 | a7837d74d1ab3ada9da95d5ab37329a7667ef3cb02af0bb0720c7f0c5d8fd582 |
| SHA512 | 9f9d1b923daabd427dd9d8399eb3b948ca7472afdcf470668055cf450dcf31a266d44b2efc4b86e206ad1c54be76114c38dc9773d6386487f1b03b4e39c7d26d |
C:\Users\Admin\AppData\Local\Temp\iQQs.exe
| MD5 | 78226a048e71412f7abba19ec8108ba8 |
| SHA1 | fbacb809f92f17aef86b6c4811a0c440cdead40e |
| SHA256 | 17cb9bb7574601e6292ead68d95e94d4cfbafc768ab4900a1c12a54a9ec32d61 |
| SHA512 | f1ecf6cb71d20b522b12058eae62703e7c170c5e2094364fae6a3d0837d99e96565d08ce43dd52fb07fd97d6d17cb5702fb03c87c5efb29665257a855be94ffa |
C:\Users\Admin\AppData\Local\Temp\YwYO.exe
| MD5 | c332336045d54b397f88f954b9feab8b |
| SHA1 | 74b58342ff7722eaa3203896ff3990cdfc128739 |
| SHA256 | a1680e2aa64a9d5e3198aaa3ab4842770ee70c68cfc3b23cc6f447221fc67867 |
| SHA512 | 7a87d7b264e5332a016a48fbc8e9a61e6ca9fe0a627d3beab6498b6cfddbbc17e1a3f4e7c3585cd530156ec486741b8e865cbd1e2438a897d74e69826361cf20 |
C:\Users\Admin\AppData\Local\Temp\IgUK.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\aYoM.exe
| MD5 | f01f0eeb89f2a0a42b361df94612de2f |
| SHA1 | 922f5e35a355b086cfa1f87695017a47f433025d |
| SHA256 | 8d8ab54c83636047a900da6c02649fa94121735cd45c098f6975b2d11ea99139 |
| SHA512 | 0e2626992f1864fc17ce5eed96d914adb7d900620c080287381d34b5fb289547ec5e299d291afb3763ef0dbeb91f9fad932530733834e4f352a30930708360bc |
C:\Users\Admin\AppData\Local\Temp\qsAG.exe
| MD5 | 8fc3fc2c9657a7d90c5827e60b2dc015 |
| SHA1 | cec376bcb39607d03a5adce93da08009c0e96979 |
| SHA256 | 40cd47c48755b8ad9f75c73c12eca95af87f12d9d54aa276e09deff2e18af0e8 |
| SHA512 | f9066096b543892c5d8eafa11c273cd076e23506ffc23fc3f4a58996338939a04c5d2768c9697d0ca2e8c76294e86ae7deb990debd6f4d63eda1bf728d3cfd97 |
C:\Users\Admin\AppData\Local\Temp\cYEe.exe
| MD5 | 6997357ca23d2cc0c820af2db6706bc8 |
| SHA1 | a0cec0ad63efd58b97ff783b6b0d91bf8ddb7150 |
| SHA256 | a4d6d3e8f720880331934dd7a4f733d67fd0b6cda9ae3cf654407ccd7c8f1489 |
| SHA512 | 6ccdcacbadfc143cb3c9d379fd6beec26c373164fa1d0fb76857f2c3fea448297f30cd02573eb7457fdb76cdbe97222c377c403e09df25f5032ed33c3a30c995 |
C:\Users\Admin\AppData\Local\Temp\LKwsgsoA.bat
| MD5 | a495dfd30f1bf1c74142b8447c90d0c1 |
| SHA1 | 518fde376f04d01fe018c4a53201334ede82f419 |
| SHA256 | 60d9f5befa3d234841615cd99604999bfa6682dc435ad3a7b07daba849fc1aa6 |
| SHA512 | 4a3f6067e8f425e7d8dd7b24dc9b7fd46974d003b404e1a810758741c783f4d8f866f027632c2b3911dbc2fc2a97834e0d934ac1c6f490d3556c2a9843d29e77 |
C:\Users\Admin\AppData\Local\Temp\ZesgocIU.bat
| MD5 | 7e939f2788fc44ed1f33519fdd43bd0a |
| SHA1 | d34976f769cd7f88676435b109eeb5e897c13269 |
| SHA256 | da2a3b26dad8f54c4f2e8ee02924d2331f022f7981c7999b8d2f89aaf715cc8d |
| SHA512 | b8d16d097528a503dc552a4dbf3b30f0dd300773d36fa702f79a24c20330f5cdd3cf89e7a5f3a98e7fb75d2af68df0a3c8355e5a87e59e63e51ef5b69d077c18 |
C:\Users\Admin\AppData\Local\Temp\zYIQEEoE.bat
| MD5 | 48e64ad8a0de285b35099290724e3e85 |
| SHA1 | 6c01f7a3692a54702b9e705ec918962807737e4b |
| SHA256 | 727019d788182a0d3b832ceea075a34cae451846ea90bf5450a060b6c20e3e3d |
| SHA512 | 52b869545c5601375e1eb51a20c88601631ae53923dd8bd5ca725c7076c38d23b12cb48175944e56188fb26d489c46edaa438beeef9faf3a690caab8f9f5dfe5 |
C:\Users\Admin\AppData\Local\Temp\xiQswcIU.bat
| MD5 | 1e2805dc739811a795342d32ef55e4cb |
| SHA1 | 757229ddf5785160a150c4f774bb2f2cc89434e6 |
| SHA256 | bf513d6d787a803ac4030cec2620da283b90e9abcb7d07b4dcf121e9855093ab |
| SHA512 | ad71a5148360e3d87d0de1614eb3814b70a6a1be05209d635f8331d2a7ebdeb06ffa474b8395f7a5600bee9afc36c6725b786ebf6ac2ac9bbe9c6450133fd6ed |
C:\Users\Admin\AppData\Local\Temp\pgskYcwY.bat
| MD5 | 0cdeeace9e406c7eceaef1c9b36c2552 |
| SHA1 | 90160b41ee457abc49f523ee3a57f99aa4df6a7a |
| SHA256 | 241ab3d0635736319412e040eca74d6431e10a51b4cb8f9465bef5ccd3191d34 |
| SHA512 | 85768c7480ca7e017b712fb6bbd5c0b0f3166a9a83c23d9e65e3ef3b54bba4c727a46fe1d90314a32e816fa3a758f3d92e278886dcad8e1836da3b2d94e15e07 |
C:\Users\Admin\AppData\Local\Temp\WCkwscEA.bat
| MD5 | 97a68574f593ed64bb781df5e3b5869b |
| SHA1 | a4f21c8e59b740c335826fa19bab41a0d816f4fc |
| SHA256 | bec29a476816218762376e1bb9b83e2511bc9311d3450ce4786a4cc758a65fa1 |
| SHA512 | 70db884d53c4cd0cbf3e21fbb58e517ab79e4633e68249057a3b65bca747140fe7bf244ffa293702a3e93afd8e8e406c6eba14b4f2dd506bab705f3195893607 |
C:\Users\Admin\AppData\Local\Temp\CSUkIook.bat
| MD5 | f84a72efc15d8f25ac8b1214b06eab66 |
| SHA1 | 4258c6893555f502737c598c2e5f72f8bbe38f1a |
| SHA256 | b81be383204a999b4f73aa21065b6c6134afdddf40ad7a0ef1c2c73257c751f2 |
| SHA512 | e770e05a7ef18649c898714bfd8e206c46a3ebe23a654611cfb04ba7cf9421ca30430db90890dbd268009226fea047df946d56dc9df605683b6051a51bf70c61 |
C:\Users\Admin\AppData\Local\Temp\OwgMIEsU.bat
| MD5 | 126a9cfc342e2805d71c5e6082677390 |
| SHA1 | 4e3cfa4575782b0259c747232484836979dd097c |
| SHA256 | bdd404153479779071bb7e28a0fa960ddcfc7a00ff5d8b8fc55e13db0deb3c4d |
| SHA512 | 8784f750e66173b0e8065ab87ef3682fdc45ae873564146fae2a3297b4120cd4ff660e018300a7479fb88aa574c2ffd989252de7ea27a4331e0108ddd30c1679 |
C:\Users\Admin\AppData\Local\Temp\cQQgMYUg.bat
| MD5 | 5376b37492c1a61a4d35f0e9a8ca2a49 |
| SHA1 | 22ec0dce7ceaafcbba912e3fe51346f67f7224bc |
| SHA256 | 303cceb1a01726c6490edad635edf16f404d9fb31902ab36278937644b7ac7e3 |
| SHA512 | 2b55ace190a6aa590fab52b93136a5b26dd74dc176b3d1692f399a38ed0a831b6f15dd8a4d8bedaf19ce154ec38db7badad69df55d5cf018e092345b587b30a5 |
C:\Users\Admin\AppData\Local\Temp\kkwYksgk.bat
| MD5 | c9f708f7e29c39683bc8e4ad531f56ea |
| SHA1 | 0ceba73bb4f3fc7f999782835c61399201a9b17d |
| SHA256 | ac872cea9705983ecc031171950d5e1f90f9cabcc5b74890b5f3a7fe951995a0 |
| SHA512 | 6cee3faae6a379f8e7024e6d47c548113b15dd5d242f0a8879929d99ee27509562aac88c56b23d28df3d33379451ff2e33507a541cb36d839f8c0101389f590a |
C:\Users\Admin\AppData\Local\Temp\reIAMUkE.bat
| MD5 | efde0baca3931e36edabf16ede20074e |
| SHA1 | 2bb335db29448f6dad81b501eae7dbd02f62a7b8 |
| SHA256 | 7ff39de7a9ed11c207cdd61a4e0a511d093174298b578927ddf914e9f1a0362a |
| SHA512 | 92d2c7c8eab20a9c4ac4ecff0b0b3e093d2d5e3f4470686ddd7f829f97ce5e042a627a7457305a4f459d3daef88d80bb765fcd8130c3b11e75036ecb79189f3b |
C:\Users\Admin\AppData\Local\Temp\jqUEokUM.bat
| MD5 | 9f7103c58e1220f3b2f08174e380c6df |
| SHA1 | fbbe00fc42cbe2668fd13883b1a6b98d82a183e2 |
| SHA256 | b9cf4b4f744993fc5937425ebc966702f7cc0c27b6ff41b9ced24392052ae2c3 |
| SHA512 | 7d143338ad75d5c089606bc85e18662a1a7df3543990fc24ae258b3cb7399cf1b930da70a8b32095f757bc18114c29cc4232371d01ca8bab577490a5824dbc17 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\128.png.exe
| MD5 | a221c3ff6acae6d5eb680fb8c14062df |
| SHA1 | e7717ab467e72a85d400f5d5dafe5f0848f96720 |
| SHA256 | 800ca505b4fbce6ec7e65730f265d950db7ad036f2e35d7ece8bcb5786d5cb9a |
| SHA512 | 72b660608bf79f3ca68af1c087a7abde8112fc6b9c5565d73aa92828c5d9941129ab7f121b564c87bbc251949f8f5ae74a459a98562e091b0e79d74044d5e097 |
C:\Users\Admin\AppData\Local\Temp\EAkQ.exe
| MD5 | d7b7e5b83986a7bb3e80c2654f0b11d7 |
| SHA1 | 5af0f6bd5c89966b72504b34f32f6a47053d3505 |
| SHA256 | a61a544f67c1c7bfe7accfdd2443ec24453bdca60523988eaffef01e1ffd1c13 |
| SHA512 | f1ac489bc822d3d199065335201eaa64ddc3f4464d07d93af431dbd7cdd3a5dfc9ff4bf3759599844125f60d3b7c9afe8bd36bf500b7a47a6d05a2d57819a23e |
C:\Users\Admin\AppData\Local\Temp\ggcM.exe
| MD5 | a75d4ea47dac3622b82947e6510fd39d |
| SHA1 | 6e7219c5e0b1ed85601763f8aadacb3692fd238d |
| SHA256 | cbaff38375ea7209cb3cd4cd5b1f53e409f6c609083eee802cf7bbc119e893c2 |
| SHA512 | ade021df3d93c75f7396a3b3b6c36ae3df793e698e8495acd5e22c4dbb75f40e407a06fa7ab5f90413ed92a82862d13abbefd0ee3ac138ff202a2a0f6f57493a |
C:\Users\Admin\AppData\Local\Temp\iQYi.exe
| MD5 | d983a52006b44098011dea0adbc1bc12 |
| SHA1 | aa393b7635b0eb6e24ca384a73f3b5ccb7b37dc6 |
| SHA256 | f536339df3742a63de62eaae55390672a3730fbdea260b23d5afbabc65bde7a5 |
| SHA512 | ac3e9df41d576727e0480c6a1d185773c4b977c28046e252fbab0249ed8feace37bc6e5ec9e1c1fe790ae66471f26a70b7b6e87302842cb787a2126ec28592e5 |
C:\Users\Admin\AppData\Local\Temp\YsUs.exe
| MD5 | d94d95f1eceab7581b6bb28ed767a804 |
| SHA1 | 2ac09196443d4edd566d7450639a539bc479df4e |
| SHA256 | 448a83957c2f409b772effa539fb3e12df237dd9c63aac0a5fe1415672a90e41 |
| SHA512 | 21d6c66cd8536dd89c17fd66cad9215b49a02a79d02d186dde38d29c7d4a87273a7866f0c47cf9ae22e9d02874f27cc322502c3c507410a463be2d96edc24faa |
C:\Users\Admin\AppData\Local\Temp\zqYkUksg.bat
| MD5 | b235d934dc318f91468bd21373dfea7d |
| SHA1 | 4da73dfaad5e2df3f9e77c069a9fe74d7f5396ee |
| SHA256 | 4e0ad1f3b79151078bcb877de1f8d5833bcb0bd54074ccde5600d26e78a31934 |
| SHA512 | de79b64ef4d12cf37663d118657e86f0b65e634ea56fbe43fb4051396d44f357dccce805e742b687c325d6ba944486252c2770caf07ada3941d5a85051f9b7bb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\64.png.exe
| MD5 | 66bd799193e404af28371314f9cad54f |
| SHA1 | f43a0525771afaa4eca7dbfc3e4675f4d494fe32 |
| SHA256 | cb1795751b9b6bcb43b53582628ea066e36415bde66a41f96eefd1eca86844cc |
| SHA512 | 86a10b3de809f6f41633ea1f4f239752731f660045ed7d2f5b99ea34b3db3363e84efb3a71d10f6a3c508bf021c53786bf71d948de598e2cc4d64b8b5d56f2e9 |
C:\Users\Admin\AppData\Local\Temp\qkUM.exe
| MD5 | 3c4d53460f322f91bbcc542e3d240ae1 |
| SHA1 | 0e777d480cb4af7844278ab8fb04dfb2ba294cda |
| SHA256 | db62783834e853142897705088e6e0c93674a0fa92fd2807837d3c13f0ed81d8 |
| SHA512 | 6dc7509009723f539e10b438e5fefe5e58397ba6da789ef619b55cd68112368217f765b0b483a110d162367ee188009972d8b2bcfc081cc8d9c47ea3c67f2002 |
C:\Users\Admin\AppData\Local\Temp\QQwW.exe
| MD5 | 58f980e2d5a45e57bd36180b3e402db0 |
| SHA1 | 1a6c13d450e9164ab66490ba3279b7f48baea468 |
| SHA256 | 1802ee7f19fabe585a264a608f1a7ffe8b78f06b2a015821015324e4cf209fd0 |
| SHA512 | 2b02ef35b6b2323f4481ec6aaa065d964f17abd4352938dcc7aa1ea65021209490956514287bc4ca1dc4edda2ead2bf9870a525e961e46fc3ecb185e8683a084 |
C:\Users\Admin\AppData\Local\Temp\GAEA.exe
| MD5 | 08e7c9c25c750267ef314ea433696f92 |
| SHA1 | 122b8f8157bc964bfed7fbd8798f6f8f149ae8db |
| SHA256 | 5510573f4380a36f314b9935b1d651177c517a024783a99d2554692c50d17215 |
| SHA512 | 3cbceb2fb76ed3e61e96d8fa4ababe944f5a38eea0e3e2e4cbbab004a08bbe8a885c222231ec0d6ef2fa09e90f66a7e2f379222a9fe2a1db2db2ce86af45bc97 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\256.png.exe
| MD5 | 01fb60b511e6cc932238240ae31cd51a |
| SHA1 | 1fd66a049d53ddbb298d4de60b9da1d21bfc281d |
| SHA256 | 2bcca449e8e46bfbfc322a3c1a2ca12a8923c209bbbd62b29e79b88be54450dd |
| SHA512 | ade4bdd0256a69c4cc96ad7b54cb3ed201fd4eb6b7447f8a55738d15be506f009681253c3d83c94af0b5812c631f106479eb3d7e6b403d5ac95b87db5a755f4f |
C:\Users\Admin\AppData\Local\Temp\dQoEQoQI.bat
| MD5 | 181e121c9bf9a67b855fa85b15f21534 |
| SHA1 | 1d29cb53bb70414023dd4a9c503fd17f52ae1b47 |
| SHA256 | b393069e7a55728b81798e1e13ecdc2858bff42c4fdcc33c0fa333250e2cd5cc |
| SHA512 | a2361722f05a3c08f2a459ca44dbdcfeb6b1fe841dfc66b05526bafaf6f729e8ebc6f2d8b6febb327dd3ecdc94b38619adcf813ea1db3f057655b49602eaf559 |
C:\Users\Admin\AppData\Local\Temp\wkYA.exe
| MD5 | 98165609e5945d71a1c23021449d89c9 |
| SHA1 | 9081939da95bb037ca87a555b7bcb3e330c31ab6 |
| SHA256 | 18d7445304f74c6cc0f68064ccd4c85130aacfa42336ced4362593151e6e7595 |
| SHA512 | 7de0b9959024bb02ed18587d9749ee29cc7bcbad3347d8d2ca3566d2ff5fe1b58526b12b05345e0677f3d09e259810d489ad14587fec5562e48a489ecc9d9acf |
C:\Users\Admin\AppData\Local\Temp\owwm.exe
| MD5 | da5b6e18822fdf1f6ea29b94c1ce6f56 |
| SHA1 | 7026c6bd1c9d69da6e441291b8ddbe5871f8bdad |
| SHA256 | 6609ee5be820f532c94d7222e021ddd4813af97497cbc5de29b3cfe5c409edd7 |
| SHA512 | 93f1becf1c68650b4ae3da9bf5c51897a7596a0b440101e77a90e8d72303d99931d04f5cdebeafded817f1045da8740d3ff2cbf6e1ef225ac101e7f2a09b654e |
C:\Users\Admin\AppData\Local\Temp\cskG.exe
| MD5 | 15b166c1e3207c680f7909fcb6feba96 |
| SHA1 | dfcce2ea84cc777ba9734cb89e4bc679142655a5 |
| SHA256 | 94ad1919990160ba542475fc4c75ef69da9271c16b0a186c20d9017bbe2e5071 |
| SHA512 | 58f781e621701440ae141dbab9294ac0d5d89ea2ce48f26b27eb6c63e441c8c14f2c7513ca94831015db9f990f0ed6cc3f0a71c9b62b1511c51c2c6b5e16fc25 |
C:\Users\Admin\AppData\Local\Temp\OQEy.exe
| MD5 | 7618acfcf0c8378d697d6cfb8809eeb5 |
| SHA1 | 6c021f37dc32afdec8c2fcebc2a71f42c635bab4 |
| SHA256 | 1e772a588a38ce8a94f59fdeeed465758494f43b18bfb9514290dfa6eed649c6 |
| SHA512 | a2354a3df469d915679744108e2b5cc8f255b6d0c7a559b3afcc88f3d4951ce61f0d93f6ea6d97ead9d9b024310eca5e96ddd0b2a133f9cb1336f33b4b0b77c2 |
C:\Users\Admin\AppData\Local\Temp\gocs.exe
| MD5 | 4191fe073acaa82559ff6e5781ca02f3 |
| SHA1 | c7d3190bdc9bfabccace2f42c5122ad5b544c2cc |
| SHA256 | c30f6c9cbe1ad51a2e649e9b8f7414468da033598a942c08736131ad852540f3 |
| SHA512 | 656a017b10a6e07eafe19482204ab89786c96ae7f997792ab02505ebe8c96256c9686c11d1d3736cd681b313c08920b4d8862a8d180017c9d1ec9a3c81479810 |
C:\Users\Admin\AppData\Local\Temp\EIkgYwUo.bat
| MD5 | 2d1a7a2bfc54b5697f94db8111f0a6ee |
| SHA1 | 5830ce543b7bde27f4385a65c62fb2887cbb129b |
| SHA256 | cad631cbc1d06fa08c706dfda49db19689ebc5e55f0ededf5fb6144ba227e67a |
| SHA512 | 60965f0a4a50f002d686093a8a005e2dcfb071ae69038558337d248bf5ad6902a1cb766076dd61a500aa02bf11efc781a4f60857aca1f59491e26473aa001020 |
C:\Users\Admin\AppData\Local\Temp\yMYA.exe
| MD5 | f3d2873e2d8d2cb2ba5fd25f2ea8d323 |
| SHA1 | 10f9a42964046465662d65062d341f6a53406575 |
| SHA256 | 4eec48706fa71917edc5aee797dd78114734c43fae0f2b12e4e2d76af88c768b |
| SHA512 | ada7c69f30afc3feab1cd1917ce8c50d6a58a665673896ba0f6799d70ea2043b7a3eca4911586e7f95f1e7a9fdc84c04988a976c0192b1c6f42658f5f85b42f6 |
C:\Users\Admin\AppData\Local\Temp\SYoQ.exe
| MD5 | b537235e3d63fc23a832267f81bae6e5 |
| SHA1 | 21254da2288613a50d587ded5c893b52e3e9ec2a |
| SHA256 | 93646c6ba642695981028b49047167bb42fc03896dc8e884193efb1314a3c557 |
| SHA512 | d7fe976dbb813a5b2d5bea04b1a818134a0a468510c5c738563b66006f12d09f17d9093dcf708aefe4146bf73c01380ee9e9d3e25b3308948412a9142293e339 |
C:\Users\Admin\AppData\Local\Temp\kAkM.exe
| MD5 | 28fdabe3467300e82e5699154dc0ad9a |
| SHA1 | ceb97b4c42159368630c651423f3e875ccd52fce |
| SHA256 | 9f338c9acb9cae23f7b1828ce12ec856d1f80dccde134628ca01b9a9dbb81733 |
| SHA512 | 24fd3767f8b6065d01d5f949a1686998bec492b3c7ab3e5ca832a6d775683bb61e0d501c034f0f2434f705f1bcda9f742082feadc22dd0f6828fa3f3a06b83e8 |
C:\Users\Admin\AppData\Local\Temp\YAck.exe
| MD5 | 862b74a1f6756efa829147b923018f79 |
| SHA1 | e557541164203fd801392aaa4604f6e1170f7162 |
| SHA256 | 281a6e6ff161708eed046a7964bc0064d2ce23ca1b421b81167abff095db120e |
| SHA512 | 4c8e509439b9766a24f300a98600458496db60acb48ab2c7fd0e7621d5e13c3793775228efa9e5dcca3503ea92d6cd259e921055ac399b2ad57f41b81e974d25 |
C:\Users\Admin\AppData\Local\Temp\MsQgowII.bat
| MD5 | f752df78232e4696d0b7d4f129a210b9 |
| SHA1 | fbb511e2070ef90d0a116400c9ad1f30c91a7df7 |
| SHA256 | ac0b7dd8a9712ce3ff9e5762820727d98a5a72a37f4897e4ca4039de8a25cc59 |
| SHA512 | 231225bd6777f509a75a827a7067784a662e0638a17d5077419a3ad3c7136f1bfdc3cb3a770fac4a76e0b3aef68605a34b6281a7c3e64fdfc97a9c076f000c45 |
C:\Users\Admin\AppData\Local\Temp\uAko.exe
| MD5 | 620142353a238c67bed5b0d09352fd41 |
| SHA1 | 2c23bbd3864c06068aca9cbc50ee56c1063f5be1 |
| SHA256 | 99359917dc73f3686467876c9afcce5927b3bcbc4c3137c7f7fa9838397c3947 |
| SHA512 | 46131ebce0cf167fa2b2aaa0f854b208683126404b3dee37d7e96e1c27cf0d25dc7acb70fc76678b7900bd97a51949393a3d723c7b136b2c2ed60565f2566dd5 |
C:\Users\Admin\AppData\Local\Temp\AsMi.exe
| MD5 | 6437004cc7ed245617dc3fc2c1d311c8 |
| SHA1 | b12c7a6e874d7af35c6fc74f8dbfd38cab1a0499 |
| SHA256 | 109058698b0fa8885bc85ef9a417b1a85b788e8f90637e24d6c31112870e5bb3 |
| SHA512 | 27432337b49a61d57959cb2f93618e5591ea42d3c1d53f9f16c94cd91abac1d1570bfc11f430b7baeec83a8485d63451e1374bee7c64f17fe0a1f9d7548391a4 |
C:\Users\Admin\AppData\Local\Temp\kwkU.exe
| MD5 | ee53fa3def33cfdbe62f7c7a49bda1f0 |
| SHA1 | 2cb2853d3555884d06d94b8dfb11d60333ec70e2 |
| SHA256 | 9cf6abe60b36c863281a2ef6898ffb836c9790db03dae7346d10de8e30958956 |
| SHA512 | a22d4a93bd1132bdb463a664002fae0fd2f14cb54d75a70024bc16e38ef47130a9b24571ac8f6c11dcfc32930f4c18c2def278f1148fa2b12fd7ca436af43891 |
C:\Users\Admin\AppData\Local\Temp\mYkk.exe
| MD5 | 52f6d8050244885669c8dba427c9f578 |
| SHA1 | 7c610667ea897c71fbded5e84fbe4af05edec876 |
| SHA256 | b4b6b33301b950cd0c452d0083488fa27d3dbe5aecbb8cb531e569cf65f6e2c2 |
| SHA512 | 52aa74daa7b99d885a7046769edd02da249020a62b103239b1f5bd22c99f7dc3e818823d61eec723464e44fee3917cc9f1a35ced7ff1e89da7ccf35d14ce7d3d |
C:\Users\Admin\AppData\Local\Temp\mkEW.exe
| MD5 | c32efee1e2b189c10762a2cad823f4ab |
| SHA1 | f31539935d69afb9d8b7a6982af993c0a5a27acf |
| SHA256 | 9bbfcba4ffa1a001f6393cc1028dbdedfa91c2b6e3ba5080aa8c89f48fc99d88 |
| SHA512 | 426903d2f706b8d040119a615efd513fb1de1ee015438bd147216a2f415add530bc48c4386b46bee3a84eca394511e2bc7ee6150f5419df7bda1172a76163960 |
C:\Users\Admin\AppData\Local\Temp\Mgwk.exe
| MD5 | 1ce00477c79282fff85514fb3c6e6b2f |
| SHA1 | 4ebbadff74a74d0e6175a7340c8341ea09cc94aa |
| SHA256 | eb9d8d649d1643b077d774d24067934531aa62396a00b9d429c4c3a50a8b79c0 |
| SHA512 | e8d8994a64c9b7e24b0fcf684d96023cbd0c54e5a4cf8bac763f755ec78a8d53ebacb38ae9e38a4314ad00435df6fac0f6553b35bc33bea22121818232bb7558 |
C:\Users\Admin\AppData\Local\Temp\mgUgwUgU.bat
| MD5 | bb967e93659854e237a81bc2358304dd |
| SHA1 | 9855bc4ee15d8f9d37bce4ef13a8c1332fa145a3 |
| SHA256 | 3ab385dfdae408d3a9af10b0ba6689a9e0b4e5eb4a4cce8cef0619dd55c99e12 |
| SHA512 | 4b1520a61cc72ef085b1ac89f274bc1ef44c1704ba5eff6384378ae00cd54e329a7979cae02964ed048dead902da9de259b178d62366b26ab9dedc3c6e5f83b9 |
C:\Users\Admin\AppData\Local\Temp\wEgi.exe
| MD5 | 87fcddae6234f90a6dd9c4b84f2a1eef |
| SHA1 | 5b82ccdc53fbdd6220dcdb95478d6c0b8cc69a68 |
| SHA256 | 528a588ffa1fcd89d3477d74256d1918c8c9af5878c9f9872e7ec18a5b22a1dd |
| SHA512 | 8d501896e8dfe8d3ac43713f16b268ce8887231b34ef8a8413de4c2bc13cd776f9c5959659b6031ef746a0cd8323027b891ad2b514f669ea35cf65e890df60c8 |
C:\Users\Admin\AppData\Local\Temp\Aoki.exe
| MD5 | 57271148d05c845280455be96605556d |
| SHA1 | f57177140662c9d0a76421502f68d9ad716bd890 |
| SHA256 | 226d3cfe5b4e36c184765c5db4c0bf532f9e0d6809596b74dc16574673a49905 |
| SHA512 | c47ae96a351cb5613917b7228e4d257b7475090c4de443bf95d463378ce4f41e4a4e1d8b86a0c2dbe306bba641cc4ff801b9759732638973996ff9f302ae89d7 |
C:\Users\Admin\AppData\Local\Temp\GyIMsscY.bat
| MD5 | 9dd270f3028a2eecd0a71206f8be7ce3 |
| SHA1 | a956a0411f84dcf8bbabc8f19b8b555761e86c6b |
| SHA256 | b5e8a2deae26ae7b4e2da1797b465b988460143199150858dadd975e6f66a6ca |
| SHA512 | 75490843134e1c53b7ebf0021daec731e0ef25587376b90eb4a638a18c6a075996c57ca0009fb2139bdfbe3de64006595e7a5ab7cf75630203b469a94e051796 |
C:\Users\Admin\AppData\Local\Temp\oUYI.exe
| MD5 | 2376b35276092d7cdc52445465f9c118 |
| SHA1 | 4d9150d9f0f6d4950000880a45eaf766cdda8511 |
| SHA256 | 8302e212ff62bc213f489a6e523aa39c945fbdd1903420e03627bcc4695ca57c |
| SHA512 | 39935925dc45f217f0d01ade5b6e4926216d4752bb50a10a2c9a22e5476d9c375fb1290ea415f336efe4b8872f8db01347cec85f9068bb2f57b207808a8bcfa2 |
C:\Users\Admin\Desktop\ConfirmApprove.rar.exe
| MD5 | 3ac5668e3c8c5531b481203ef7776c41 |
| SHA1 | 4471961f7a0e0adc3c4e9a573b0a73e9b58248cf |
| SHA256 | cda748955fe2baa2bf6346dde9a4187feeba191771f0035d9c807932736d4048 |
| SHA512 | 8626c870293e75b3da42c5d45e8ef89bad447239632e889b01853f41b7945e8b8255c85e1b1107d50393e28a4aa6beb38aaa9c41e0d34c986dcaabb207979192 |
C:\Users\Admin\AppData\Local\Temp\viwIIcIo.bat
| MD5 | 6a27ff049c1ad2340d0ccfe869584fec |
| SHA1 | d01c669afd71bd6f09d45f5c1215352041970584 |
| SHA256 | cbf1e0f7d383837204dd1cf2a492a416f18f95546b9fe3159204da4a95ea7851 |
| SHA512 | 240066b727367181043d21c80bb98c774af0484b4c9f5e81bbb7aee195741a6935cea379504b21a1a6c34bd8ac3c0934e43dcdd064878a79d85075b5806f9766 |
C:\Users\Admin\AppData\Local\Temp\MEcs.exe
| MD5 | 7bc9067ab929ebc81458f479e172557f |
| SHA1 | 4101af2962c393e47e64ff6837122a87e2d7eddd |
| SHA256 | 0ce73a69ef90629534a359dcee854d0d4a02ecb882bc97aa5ebb3521b7f54157 |
| SHA512 | 91669b048e8bffc67e1d55450e7c711b89077420974d41b679a1d67166880e66e224d217e8bff3b2fb511d55165dd116da25f848829811d8136f086cbb0b8730 |
C:\Users\Admin\AppData\Local\Temp\kgMw.exe
| MD5 | 594437d4954843179617f3e0647a4fe2 |
| SHA1 | 01661e81155cad400728a31b0dfd215a62326eb3 |
| SHA256 | cf0eb58279959003be69efa71a12dc053a554e8bac594e62f9c0bbd7232eff6f |
| SHA512 | 9f8c102642545dac1b6c8bc2066a2cd004f7a2782ab426dc7995668a8dbe1bb87a842ea2bf8b8a7f9e059ffe01e2a95a14e5d6b8fd1de6a3141290eb6b169e20 |
C:\Users\Admin\AppData\Local\Temp\IAUy.exe
| MD5 | 0dad42dbd93b98e4f23686c794283e2d |
| SHA1 | 3f1b48d4eef0d0d7009806e937698c206f8b5d61 |
| SHA256 | 8a7cc280b1d00057702b349cad85a91627a1365fbf73474404b3fe59e7e7374f |
| SHA512 | eb9aac8dd51039595ccefb579722797ab26c632b6a8526d3566029be0af99a2e7fb4593fb09e54ac5f98023739044f66aa5ac8d34e2b897a03b49640004424f9 |
C:\Users\Admin\AppData\Local\Temp\okEy.exe
| MD5 | 50941ccd420516b71fef927821980856 |
| SHA1 | 9a15b7a2195939b73a804fca119f40ec63c25641 |
| SHA256 | 5cc251e84536a4ee12c11213b8204f278f25890abda6f773b78c82d6bfbc131f |
| SHA512 | e5f96722e03696b098ebf716b0c053a4d1abbe8221174b5f1815d48cabdbc85c1879b8f713f5db07c10fa4f5394308dda70963d747df933daf39605507984718 |
C:\Users\Admin\AppData\Local\Temp\eggk.exe
| MD5 | d12172b486de67282c30291750c4d1db |
| SHA1 | af0384cc7a9884721a66d21e20f78afd27d8d6ea |
| SHA256 | 116468b27766455d86d576d55d6f7b01a183d2a81a0c0a2adbae4199147c2edc |
| SHA512 | 8c39384419b2a208c6b6bd9d07b9511d250d800587e83872243b7dfb421738fc6825db0b70b12e5508ae7daf2d40b3d0841d9ce2ed68fe59e6d1c34863b363a4 |
C:\Users\Admin\AppData\Local\Temp\qYwK.exe
| MD5 | 08baada01ed4a6592bcee8e43fcc3761 |
| SHA1 | 9bc4a253d1c8eecb8ab23ae22dbf5617d499ba09 |
| SHA256 | 98d19148609eb99a8b1f7a8c6b07864578a09ad1af7696414baf0a70844ad7bb |
| SHA512 | ddfd071160d34aa52abd5b93d27f580b00f704f6aa44e69337c2684b6a8f32dd8664e4d80459ded7ed71aa74884c279fba1e561228cc0f645b0e84fbb0b712d5 |
C:\Users\Admin\AppData\Local\Temp\YcAS.exe
| MD5 | d0e8caac756ad4be589a76400fde4ed7 |
| SHA1 | d19a49fc63749106b6033cbbdf9fbbcfc32839ff |
| SHA256 | 084a56934a436d7865e5bb03ab0db92a02e25518c639c30e6422d3c73cebe43a |
| SHA512 | d290ce24a55e12aca0810ec804ff4afb9ddcfa54f6a63adada7247199530ed14cc7293545a772cc1be4540b76d2b5b621c1c1cc77646df3d41f83e6352de9e13 |
C:\Users\Admin\AppData\Local\Temp\Ruokcsck.bat
| MD5 | b396dc5969eb9fafcbf102f33f44c04d |
| SHA1 | 7e9a5a106089986d49d5850e803f4609845fa9ec |
| SHA256 | b41b8c53d39ed1e64dc10fca0be603c507a40ce1ba6f0b4655075a0fa3bcb7e4 |
| SHA512 | 8f074040bdaa1e8916ae18d436ec7edc1e00cc386f195d56342a4eb9946dfa835c4d3b4886667867ba153efd0f5a95d80fbb6e2221ad3f85b9350b5d906cbfe3 |
C:\Users\Admin\AppData\Local\Temp\ygUq.exe
| MD5 | 625b2854c0d14395af58af873db27f37 |
| SHA1 | bb9a1564d10045876758937f3bee9cff65e5b90e |
| SHA256 | 99820609634e2fd2aadb70225b079c8bc6166bf7a83498087d3de2326beec8b9 |
| SHA512 | ab0c47c37b15d4cb005036d3af51b9e36d8a8c3dd46418c3b801320c4cbed6a2ee0ef53452d928b9aac8dd856a91de1f1665c14a0d5f6749b7346baf3aef2352 |
C:\Users\Admin\AppData\Local\Temp\kYoa.exe
| MD5 | 73e7506ca8cca5fc38c2f9d6cc132cff |
| SHA1 | e2ebf47a282da064ca698acc6d137c45830d68c2 |
| SHA256 | ebc67e84767db6dab230546860884b614bb119916ca50c2bfc2a646e4ab2a2e1 |
| SHA512 | 2c126632a46734be4d02439789809330f36b956a111e985e895bd0f86382252500c56abdd528bb513ae9dc2e4bb4f5051ac3323847c0f41fa87b41181cb72543 |
C:\Users\Admin\AppData\Local\Temp\CYMO.exe
| MD5 | 440ae18d80b8f7d465125f0f1c176610 |
| SHA1 | 95482f4904dfc2c33392e598d1946fc0690968df |
| SHA256 | f27a30f9fd7e41524112501e7d611c3d3ce80430efa7ba1b2178d7cc45694486 |
| SHA512 | ab1a04bc2fb45f4cfd2182fe2e2a1f9d8a94dc8538a444d059dd0b4ac5af6ec0a1c715e49de5203aac01f9446b432c2e3e534b75d6e93018112b3b27618a30d2 |
C:\Users\Admin\AppData\Local\Temp\aoYW.exe
| MD5 | de4e5e8c97570fa9126c0be0197826dd |
| SHA1 | 47c2d989e6c012436bba254ff1a61b4422a98344 |
| SHA256 | ac214292bc7dd9329ec48c90f1e30bde88ea9fae69ea856dc3fba422f110dd1c |
| SHA512 | 43d0d83f2873d2074f1f1d5fab569524b4afdb07f4e9f3b3e83fd443a20ee1c37fd7b9e5102bd86b6649b72e542dcfb0f157cd5e18889a09f5fde4478f23ea02 |
C:\Users\Admin\AppData\Local\Temp\SkUe.exe
| MD5 | 336fd884f0bba108fa8e669c199b4f63 |
| SHA1 | 9a3736134d31737e7f08b8e48ab4ee58aedc67c5 |
| SHA256 | 611048f62d5f9b6d53cbdc943fdef5c7b512d89a246edbac1f711ef33d4be81e |
| SHA512 | 035ad295147d1c62755d73552a9527524a74c00a846057c23f1bf1bdf57ca3cf8cdc0fe2ac88fb600de202dee4935d1ac53f75e246938d72d0a6ee88e3888a87 |
C:\Users\Admin\AppData\Local\Temp\TUMwEUcw.bat
| MD5 | 1db2c017ccafae3d4a2331e8bc3c55b4 |
| SHA1 | d3054d2641d2563620513c08d55ec6ec83ba921b |
| SHA256 | 7c13c5a5d27bcf0d358a6c869c39430f4219cb0bfac16132934132bf237dd342 |
| SHA512 | 74539f1faf6e8cbb1f455add44d3c7d6b2bf083ea6919d3fcca2636d7704927456964ee36c74ffa7da3a6580aaa065d9180bc36fe9e9b774c29fcea431fa0819 |
C:\Users\Admin\AppData\Local\Temp\skcM.exe
| MD5 | e0fbb92b31bf489af6b279fc897ed222 |
| SHA1 | 450c424e526fb2d19826cf5b30e87c8e613e2049 |
| SHA256 | cb84084e5f0f11cb671bde29ab83105a8975ce78fb95fde37a4e759b2a9c4db2 |
| SHA512 | b4de3e2811de580c7c5b812d11c43af63b7dc3cbeef5a41269057dbd6e9b19d2345fca166e04c4041549bd63147f8a8b6975034488f64e3c5a636fb8322fd920 |
C:\Users\Admin\AppData\Local\Temp\QsgS.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\AppData\Local\Temp\EsQg.exe
| MD5 | 9a698e30f4140e268b06359c5882a61f |
| SHA1 | b9e691dd0c0622511f082bfb435f2769d3f90928 |
| SHA256 | 2d931c41504ffa07385a9a7d4c9285de065fb00502a2a012e454c6f4c8a4bed2 |
| SHA512 | 7b54e58aee526dbeaeed950f4b3ace0905ba9fbe0b100b28903ca3f0109c15d1e926680851f844b3b488f4e4892dfe9f5f4228d2b35d4ae8f75eb76a93464126 |
C:\Users\Admin\AppData\Local\Temp\wQUG.ico
| MD5 | 5647ff3b5b2783a651f5b591c0405149 |
| SHA1 | 4af7969d82a8e97cf4e358fa791730892efe952b |
| SHA256 | 590a5b0123fdd03506ad4dd613caeffe4af69d9886e85e46cbde4557a3d2d3db |
| SHA512 | cb4fd29dcd552a1e56c5231e75576359ce3b06b0001debf69b142f5234074c18fd44be2258df79013d4ef4e62890d09522814b3144000f211606eb8a5aee8e5a |
C:\Users\Admin\AppData\Local\Temp\cMAe.exe
| MD5 | 88f19bc3e9a82fade0ea6acac622dce0 |
| SHA1 | c7ba37747f9d0829ff654e7c6b15df8c41b71d4c |
| SHA256 | 32521168ca609873e59d5c1940a81c1f49cef54ccde9e9e1beb6cc7a2877f47b |
| SHA512 | fa73d80dc798a6f3b61a2e8f254619daf277f63de7a094570d086503825b721a830b946876af9a51ed7ff867f0240fd141474114f2992f08536e7e1686a6fcae |
C:\Users\Admin\Pictures\UndoRestore.jpg.exe
| MD5 | 1adfb4f3de4ca9fa19ae9d63fb6f1469 |
| SHA1 | e68a94190df83dda8d2a9faeda868f1a81fea00f |
| SHA256 | 63bb244cc537a588b72810aadcbeb6a0f908bd1e7f3d3efda37e95e170a2ffa2 |
| SHA512 | 2dd29766f8daf59ee3e97f8ec8ff3f7b20361d27da5133b14aa509c8892da6a1129182ade87fe81ba7eb401898f604a154725540dbabd48dd7312e9690549cfa |
C:\Users\Admin\AppData\Local\Temp\teUMsEEY.bat
| MD5 | fda8aaa445c1e0fea23cba3a55a6b8a9 |
| SHA1 | 7f904c0534094b12d5c07ffe1689b7205f8f33ba |
| SHA256 | d67f8e152285b27d5519f7ff300b4932c8e1782755aefd86f184a4d9d2510e8a |
| SHA512 | 868e05440f25d202faa3b1f4bb8d96058e95a6c4db692129bf255d791083b781c0713887c40f66e28915d5d89bc5a44f319e2fbdd7bb12802de6a188cfcacc23 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.exe
| MD5 | 8e747469e76cb962bd29c0fa6bcb1125 |
| SHA1 | abca065eae925c5728589018a5a911043d871e38 |
| SHA256 | b73f72940895008c7ef060f4e4dc5439dff6b3211ff8ec89b2795172b215a1fd |
| SHA512 | c7420b379847e037efce8afa65bba405186e9e1895e086459ddfbd96eb39a1616e9962f2e84ab9987528f5bf93200907abfc8154baf1c002f4c7dfda47d82c52 |
C:\Users\Admin\AppData\Local\Temp\woou.exe
| MD5 | 5bd495b02a564653d4cf20920b998a1b |
| SHA1 | c85e2427b1a4f8e22dfe4ed72769034fb1c42c49 |
| SHA256 | 1f8692142bd64cfd13f96cf12e756ace1ec8d475042563c8929e9a1ac293fd77 |
| SHA512 | 7748e6714899c8bd193b2e5604e37aa2d0eea514fcb243766789c20fc1812a63a961f0fcf05db1ad4f842c5ce5faee2a40bdb6ceef9b6eb2352d4fd55c853028 |
C:\Users\Admin\AppData\Local\Temp\gyIoUQYU.bat
| MD5 | b47c61850ef4928f3f56bd09db0e5394 |
| SHA1 | 4344d7923bfe372199c9a75fcd4aa0097ffba7dd |
| SHA256 | d6d3c16b0c9c4bab175d94cab04c9880c89dc333ae394ba83cc4cab9a98b12d9 |
| SHA512 | 6b4472fc5a174cbebba9708a79594e4e06b6856b074ef7a6ef6ec65ec7056d0ea710ae5805596cfa2b7f17aef75e7b4692e525866d0f1690b6b5074f6a79094f |
C:\Users\Admin\AppData\Local\Temp\cogo.exe
| MD5 | 4e95a8d73f3e8675ed7eef047d4af71c |
| SHA1 | 8ac774cbfff71512c086ac40457b7825eacac460 |
| SHA256 | 3931da554abcf0e95f93f6bd17dc72eecce3083b54f5f48ef8a8b4bed898796a |
| SHA512 | b8bf8d34045eaf79316af38e7618c5d587c6091f5598d4b2a5f3ed76e2c059036f250366fdf21b053288ddb7512dea75aa8b78009f9cd968e91323d6a992c630 |
C:\Users\Admin\AppData\Local\Temp\eYQC.exe
| MD5 | cab29d089d1917acf241a53831f675ee |
| SHA1 | f9a1226274ca08b2efc692f84e22f5b4c1bf062e |
| SHA256 | 2aba7c851a954de5ae1cb90da0a3356d5833894eedaf56065a095d09db4564aa |
| SHA512 | 8bb885d2a6386cc8dae4008c7460be588ffb5d0b4cf41bed565c0f26be092fd99432b3be94ed90688397663937ab074c0c522d89a774a131e7f59d115e39e1ca |
C:\Users\Admin\AppData\Local\Temp\wkcsIoQg.bat
| MD5 | c1fdb4825c9e42a14bbfeb234725dca5 |
| SHA1 | 6b9dd1122a4bf3e2a9f5b9be9c04a16d7218d232 |
| SHA256 | 6a7dcafe996d3107a8a5c2a4da59698c9064baf3a188616a5dc15323222573c2 |
| SHA512 | 7c81d974238c85e10b4d8e79a4e76e5da55bac511d3fa351c0f49be6a9c0de6bab3e2e63634595c9882ed7142053b9ec90bbbe4ee3f05f2d207f1db725e702be |
C:\Users\Admin\AppData\Local\Temp\ewQe.exe
| MD5 | 6dd3d21cd32fe1c70fe8a22521c899fd |
| SHA1 | 4701307d2f1b0ee0d2668355ce8f2ae9e1e9d9b2 |
| SHA256 | d75acb01932f32ad7c6d77c9dca9efc2219afec1a5bbceff90c99edb21a1378d |
| SHA512 | d3c61b62b8a436fcd1fc2ec28ff51bb570c12d7c33fe61da80dcc1922a11da3daa28dde0a5a6229e0a05adcd5cb16f6fa76789af131018ac8c0e55183dd3d27b |
C:\Users\Admin\AppData\Local\Temp\kAAe.exe
| MD5 | 44422fe868a143ac200461a9c327f5ed |
| SHA1 | 13473d201f3d4433c5e8d104a3adcde395ee8c23 |
| SHA256 | cfcf407c31dc3efa229f1bc6374407f77f4d05c928c1d49aa73dbb0897ce51ab |
| SHA512 | 81b7d5744f4366ffc0fc7f532f44851dd1dea2b319af40d46787021205781b194ee6b3e8b3f1dfe78b0cd34279afe2392ee119a359c276d2f74075969b295e68 |
C:\Users\Admin\AppData\Local\Temp\CYYa.exe
| MD5 | 9bfe35a42436562cf0a5dde20651ea61 |
| SHA1 | 52e12133282c570f66baa3be7fae0b055591a28f |
| SHA256 | fb8b9ed741c3139731963edee706afce2f2f31b69798d3940c116627528e738a |
| SHA512 | e24a98e5c0c9ca8b400d802d789049d031c0c442d3fc022fdda679d846c1ab6d66ae3ee28603962129073d1c97a23649c3862f5eb920a8decdaef8ef012bd11a |
C:\Users\Admin\AppData\Local\Temp\igIYwkcc.bat
| MD5 | a492d6dfaf27296411e11b484d737da4 |
| SHA1 | 59b9ea90499a98e0855a21cc57d4ad8413b140b4 |
| SHA256 | 35bbb152fd91bb33c4fc02b4333c281927940c9b03560389217ad2c1294fa39d |
| SHA512 | e05433c0009c79d81fbca00460cafe9ed51b01e8cf9e0c254a73dd0e1f6c4fd3f16cf1a53fdccc645e6b0abe6f21a7b9bea57fcc085d8aa9a67b573949b33680 |
C:\Users\Admin\AppData\Local\Temp\SgsS.exe
| MD5 | 44815bfa9292c30d15609073c38c3533 |
| SHA1 | 73be231466b4af9f7a0c88432fb012e92ffb57b7 |
| SHA256 | 4044d36f7b4286876d9874ac30b27ff4427e76539a541a584f6e093703bb2b4e |
| SHA512 | a1765e491cdaf1bdaf5d654067f2525181a028cdb6905b3c66a6ccb59930de4be0e1b4ddc14e1d9657bd411924094dc141add66dcf1378b21a7c0bdadc2ded38 |
C:\Users\Admin\AppData\Local\Temp\IAsG.exe
| MD5 | 5eb7ae51b86e587bf1670444c5f3e65b |
| SHA1 | bc6a230bbccb806b8dba8ba987aae17a7ac227aa |
| SHA256 | 1f2fcef0db66f31a371d308912c4ecec4b0c5cc6fb30558efbd0f5b9588c96f1 |
| SHA512 | 31efa434e9539841ec4c3b19f9691ec60f6715ea7f53a18468bb06e75e8170dfad598a900f247ec14a42dc5b611b956b414a1bd93ffaa6ea864f66a9339d6e85 |
C:\Users\Admin\AppData\Local\Temp\OYMs.exe
| MD5 | a0a245f5cd90496441d1558f2f71b5c8 |
| SHA1 | 3fefa87747b52d212cb3cdd4a66359ea583bb196 |
| SHA256 | db0c556ba272e63e05561b221b9c42968a3b32363a9323c432338bf46ae02073 |
| SHA512 | 719af25ec87c364997851c811057b4cb172ae1e33e4cca0626908ea6c14577f2d82aeac741a2042bd968ffca27c925cfab9ccd4ff0d937b379a0a681eccff8d1 |
C:\Users\Admin\AppData\Local\Temp\soQk.exe
| MD5 | 602bc3451088de575effa01377466624 |
| SHA1 | 68165ed2814b3761dc13fcf4ad43c679969609bd |
| SHA256 | 9662a1252ca8c8c3b3954832e7560237e04b834faa59dd9cdad6161795e7fd6d |
| SHA512 | f3b9e057efeefe11904ca8055e7742d568362d18f5c6fdb4c61066639326fa65a376c4b70934bae9623be3a6eabca1c257ffcbc662145d4425771492d4e2c25f |
C:\Users\Admin\AppData\Local\Temp\UioQAsMc.bat
| MD5 | 4120aea4d9a7776ee313318d0d66f21d |
| SHA1 | 0366ef83592c1176a9190e535e029afe0e11b944 |
| SHA256 | 128d59a1f87b3fab4422f927d9a6cb2f07fbcb9f35ca8bf26d17929ce9052922 |
| SHA512 | bd3e765d16f147990a707e69b7185f89122dea226d9817b5960b7869a44b366cfbbaa9a4f0a86c2e5ac627eba3e3b8f10641a56b3af03ec7cf391354707b1ff4 |
C:\Users\Admin\AppData\Local\Temp\ywMs.exe
| MD5 | f01b537bbfc6e8b4b3b995b6448415d7 |
| SHA1 | bad838611932cc5fe0863de1bcb45b34a4192843 |
| SHA256 | 956f3fddeabe902592787df4611813168c22e518f3349061d909db317915a061 |
| SHA512 | 25376bf783dee687f1d848678e9d1bdd436ad45628a82862833412a1a1215706a6abf1a78575960641d31683fc7b2a76e5e02d110544cb71603e434bc4030be5 |
C:\Users\Admin\AppData\Local\Temp\SkAU.exe
| MD5 | 92fce1d2207fb37234df2ab3669a5b0b |
| SHA1 | 6d1ace399b727ba2bc9cdf1e67fce46795236124 |
| SHA256 | aafdab12b8e7865027125b04ec56d1c2c35ea353f08e3e73e088b88a4c45fae5 |
| SHA512 | 09a0e2f293e562e6cb7f7d79c60fe2fcd7e0c23ff92c80ab0c8e3cce79ad5c6be03a081fb21ecce6558354d5031ad2429d618b28ad9ef1dde7e9dae155718a25 |
C:\Users\Admin\AppData\Local\Temp\kEEg.exe
| MD5 | 6344387589e1fbb68ac0df77ed4e017b |
| SHA1 | 61042405682d94fbd82551538119e1d334a21741 |
| SHA256 | 42bbb8b1ebb4bd165767db3d98be501e2391f63b52c8407100dadd1d88d5e106 |
| SHA512 | d0a4f1aec49958a8c72847de687b051b2852667ab85a72d5a9c65905a69708cafaf90d1270a931e9b979a018ce6bbbda6e9c5f91bbf117aa95e9ec7ab82da834 |
C:\Users\Admin\AppData\Local\Temp\zOwcUgcg.bat
| MD5 | b1ee79d5a4d11afb9ecefd1e1f51bf8b |
| SHA1 | 35530c7dd4e15af579bab6f127f4f679abfd56a7 |
| SHA256 | 1ed1e5ae36e1f225aa1762ec066ca28d6d3af4f9cdd196fb122928720dbe5f7b |
| SHA512 | 5a5b400b0a33402a8083102c2a6c7e9ad29d58d65ac2c427116656cf4b59db3f987414c328183e8d5cd6a2174b87c16bef89b0baf63bf5e2179650b19aa0222e |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp.exe
| MD5 | b6d5a4b1b8c4cc07265f27757dc32994 |
| SHA1 | 3a2668bcbaf9473827552794395f3cd43a3a7a2a |
| SHA256 | 3b990addff4440dbc7cc89be0a46afd9308f6fb329fe7f668e5c94056367b678 |
| SHA512 | 90b32da25d4f6f788f509f5db6820546d61bf97ceb06e595e8ddc0285cbed0c778127f0bf7098ed0edfcd24dc6a631629dbeb9a39e4c6182a16f961da673cd14 |
C:\Users\Admin\AppData\Local\Temp\AwAY.exe
| MD5 | 3a481d2ec20a38fee1bc03c0feafe071 |
| SHA1 | d7c88b7a805729d54a70184ce6643640c8b77fc9 |
| SHA256 | 4a089bdf5deb1703d2b4acc055e0804244243912ef38ae6dcc55e3ca4e45a490 |
| SHA512 | 6f9af06a30ac3007d873b42817ba061ce3740aba18ed0202de813bc14fb313f25d98ca6f32e74a48b681959179b2b1463396f197b3cc19f0fc5f91e63fb8023b |
C:\Users\Admin\AppData\Local\Temp\QoAA.exe
| MD5 | e6ea3d5880089f409f24e5cf75cab7ec |
| SHA1 | 06256d28d30a03c79e7d110f61cb11c7d764c92d |
| SHA256 | e9d508478da8d36d1278a65b1d9c34acfe755afbd372946fe1d0c2778b84b707 |
| SHA512 | 9bf0df135e123e06fbb7691340343317711646fd9771e4e6848170ceb3172be085e4e928f5f93476b306fefb1da7523cba420d04ba6ffca1ba220f2b912d4c8e |
C:\Users\Admin\AppData\Local\Temp\qEMQ.exe
| MD5 | 21a8264371a64609c96c64920a211fbc |
| SHA1 | 5c0c21591788cc6795119faf5d8f06d23e29400e |
| SHA256 | 67fa56abbf9b9d9bd9456943ef712c5f5539156543c4116c5c0ea7fb4d24a777 |
| SHA512 | a30e7230b3edcfe26853cee0840e8b6a6a94a269cfbe61de1b43c1d01273e6ef7e7763d056a8ddc59fdb31094bd71a1eeefa99682419fe9b68a10d877221395b |
C:\Users\Admin\AppData\Local\Temp\DuYMgEkI.bat
| MD5 | 44300490f33a2c337836cad6ac69bf9b |
| SHA1 | 29e5bdba387c1d23ed4594a9c478a85b223373a5 |
| SHA256 | c6ae5317a36a57f1c6943138c3ee36e123b00d2e9c0e050881b5c118f3437c0d |
| SHA512 | f1d0e7d3676b99a02283a4e866e4a21f2a40fdd3c36ac4060c5e768a2eefd83e02a387fdffad4a019058724e0981d74ffacd286f74449bf343709b79388b6719 |
C:\Users\Admin\AppData\Local\Temp\sgEk.exe
| MD5 | deef978c2fa8416b13f5ca754e2c7d1b |
| SHA1 | b25caebca0e5ce3b994e5f24f7e9b035bd4e026f |
| SHA256 | ed85a346b9318b851b02852a777fac2940e4f922686f03fdf31027f915879f3d |
| SHA512 | 5bfa83e955088dfd4cf014fd6233828e220de2a8bbc0ca101e60be8677d540b19cdd4bf8615aabe61a04fec31df94d9148c85466403f3064f3c16d1d1a41ecc1 |
C:\Users\Admin\AppData\Local\Temp\MwIM.exe
| MD5 | c016a8ce39fe22ef285068e48af16370 |
| SHA1 | 86bf80cc3b315b49e24b8449d18f99db48af1aae |
| SHA256 | 159455488fc94592ca68c402ff36a14d8294d919b248c5a5770487aa3efe4367 |
| SHA512 | 76448fbd5d336f8bededd31f9c23156a23cb162a9d87166b5c679f6fe1d6a27a8d39ff513e5babb04de0e39012d6e1396646c581aca3624f4a3d165a22f3395d |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp.exe
| MD5 | 1c9e72ef5fcd01555ef2710f4a406068 |
| SHA1 | 66c57ba45334a8f2e4bcb898d82424d7ea7bc779 |
| SHA256 | f4369e7186bf6b876a9315dbdc7549331dedf0eab0010176e22428edc3ad18b3 |
| SHA512 | ab3a7dff9144f95a910961420f3e3f329badfc531efeb89242bb6e70b2c5911f7da8a9efa4377860470df38efa7a6d8a693349db88566aee752b6d0fd05e012c |
C:\Users\Admin\AppData\Local\Temp\LswocksI.bat
| MD5 | 1042af4effc12c50f83d24fdca6f02a4 |
| SHA1 | 613ad6f55569a2422bfa90a13e0a394e05b2544d |
| SHA256 | 38e4553f7c37a2584e03400064728e0307a147272f58db65bf7b1baeb1aca87d |
| SHA512 | d1a1304134ff599d7bbbd42eb8de7f0d0767432c6b8dd469b7482b17a3a0499c6bb12ddd09747b4245f142551f7d7681a39728787ada2b7f6046b30c91a35bdb |
C:\Users\Admin\AppData\Local\Temp\iIsk.exe
| MD5 | 1deafa6c271be9927edbdc30ed3833e9 |
| SHA1 | ceca76aa4567d56aadaa51eb176938815e6f927b |
| SHA256 | b50495a29707f3bee0a74aa5d7fb68b86f9dbab3a27e95ccba878803abe10f5e |
| SHA512 | 044f066e3e683feca4a41e86e73fc1b9387901370cb0e1266a3665207c5c61435b9f507723825bc406f1f1bbf1ff2b3e58134484ee4a6b4154017f5b024fc88c |
C:\Users\Admin\AppData\Local\Temp\OAsi.exe
| MD5 | 677b49abaf98458f6e3aa5330b6ee765 |
| SHA1 | 791d08922fdb99e601f39d6fdaef3d2f6dbab05c |
| SHA256 | f9a9bc723e7e611d24ac5c607a545575f289b2418b383472d8e4885d068c7306 |
| SHA512 | e91028c0d3f2b7e30e87a9574667b56b702578c8315a94f017287481f416105b8965f9d90765fe6e189a8a2898b9a5b6b0e903809b53878e630a889491091ca8 |
C:\Users\Admin\AppData\Local\Temp\eEYq.exe
| MD5 | 71da2b965cf69ccc7e9ce488650f0802 |
| SHA1 | 73a7ab0dc6b51250e56db28bd76f1d4b457b1313 |
| SHA256 | 13d1f5c467cbd30e275c1b959f59e11fc95a77b5507aa8a15075766779eed759 |
| SHA512 | 77acfc415c451cc8b92a37ba2284a86618859a799ea3dad6ccf00fa8cb67981169bf65e312a7d0f2a58b0f6b3aa4fc6e71d09839eb77e1bdd22dfb7428333d5f |
C:\Users\Admin\AppData\Local\Temp\AccY.exe
| MD5 | 0893bf7fb763356b1f2b8c2e1d18b162 |
| SHA1 | 3fb8e43fec4027904edc8cc25651543b5a2392d2 |
| SHA256 | 6753d6d17a23fecc8ff23cdc6915d584bcc315556a8c7c0f46c585b2da4fdc71 |
| SHA512 | 492443896cada12ea673599b42def18a2cc7b1350371fbdf449b33ef9737ac3d908a67bb1d8cd8be935a24922e25d7459e01824c4d4d1cab8a9647b4ffec29c7 |
C:\Users\Admin\AppData\Local\Temp\zAwgYoIc.bat
| MD5 | 52ea8752d7cd38c90453913bfd5405ec |
| SHA1 | 5ff441eba092333e2ca461727887a4d2be126c4c |
| SHA256 | 85867167f844b40a425c9a70e7337921072f89cdb7f58b40c7d64526d9c96b0e |
| SHA512 | 27f00789040ecf9e23ea48ede47d6dd354632afb8694cb738529cfcc9dd8dc1eaf44209d75758d70b560de30cdd7db91abc20318ca4c63405e52d06fe165ac5b |
C:\Users\Admin\AppData\Local\Temp\yoYG.exe
| MD5 | 3af910083bf5d1011b0158651e75a54a |
| SHA1 | e223c7520ecc35bbf62e4f382a145e38fd73d317 |
| SHA256 | c3ff94e7205adb752e82587fe0f9b9d7eb4cbea098a4fc85eb84b8453c6bafde |
| SHA512 | 99afa54967f9a31cd636dc5051f1b9a9277e8d7c56e6a94c64354a37d176351c4d85781fb8c89b06ba2d7ade778e5be6d5f64ac6d7fe06c85bb4dce8893e8f7a |
C:\Users\Admin\AppData\Local\Temp\CgYA.exe
| MD5 | aa8287281eb8b408fb7a5019266bfd1a |
| SHA1 | 063f879ebdc02ad439007404283e7c6fc3b9713f |
| SHA256 | b09c29dac37adf46c6c3ccc1458687fdf01e9d5c3e517a87a362c9aa835941b7 |
| SHA512 | 3dcd1bc7eaf902d51f3fa9c917bd048c1edf2149493923ad894da4237e83c691886218e7e98c4cfaab10d0c4b8a7b8b2abf345ca08473cbaf94880821a3e63ec |
C:\Users\Admin\AppData\Local\Temp\qwEc.exe
| MD5 | e304d03530c3784e660278555e14cedd |
| SHA1 | 9a0e768b5a75cc6063a898e50b1194aa909fb93b |
| SHA256 | 4737e6074d882f1aa672e3ceef369aa6f241507e71daaa6a984524448d6df849 |
| SHA512 | bdce6848a4fc8e30ca7493019ad60a5eaf5495acea2fef500527b718d5060dc5e388ada9309435f4bafe180bbdb9739bfa816bd20b14cc37d5df1bcb693dc50f |
C:\Users\Admin\AppData\Local\Temp\iigcUscA.bat
| MD5 | 9b200c78c603d0ff1e83a92afbc8da6c |
| SHA1 | 3e65f0ffd7312701a9aa465ea2a767b2d563ae95 |
| SHA256 | fc8d7e57b7b4e4b936c243a18b38a4b2d695eb6cf6692844e6ab8627b550dced |
| SHA512 | c37a2c82c74e5ae9bb08a0d4d443b750ef0b87f35a6850f2484dd84b3fa5ac2a1ee62caff008d75312ac51d9ed2549698b922c0615b3d4ad3d70aa8648507a20 |
C:\Users\Admin\AppData\Local\Temp\oAAi.exe
| MD5 | 10e348bd18c6e72921ae7e96ab650ea3 |
| SHA1 | eb60efe18c80727cdf8b0ef88eacaadabf7b315f |
| SHA256 | 910c5b3e7a6057116eb3583383c44a39ac982fe16734ec6ef6d38b0d64727461 |
| SHA512 | 3247d0b788f98587262b6bac4633910bf28a5d63028d9df3289acff101b73725fdf3bca3889c3758aa73f00a0a68913dd23d42ab10b91f5c81b13fe7c34dd8d8 |
C:\Users\Admin\AppData\Local\Temp\aosy.exe
| MD5 | a33dc2c43d91ad9ecb7ca91c8dde67e1 |
| SHA1 | a65024fe3ffb5a4b582c324b0bff3c902158895b |
| SHA256 | 61061e99f7ea0531e9b0a560852997cda713092f07fbbdea2271447313e4be21 |
| SHA512 | 78314ee9b52b6f5731e3227a65183cdad7f761c6c77ca3dc9bd308dbb757f284ca796a5595e05560b953493e310291e59d0a0bf26e50e46da49b1a30fb8ef1e3 |
C:\Users\Admin\AppData\Local\Temp\sAIQ.exe
| MD5 | f061039df9fcbcece231d87ef083c3ca |
| SHA1 | d31376b08a25cdf7d636dff611c3b89fd9c69e62 |
| SHA256 | 5774920ca8130370ea2c977302eb936adf1c1bd0ede838164ff5271cc6781956 |
| SHA512 | 0269a8cfbf44950e2387b6eb8d92afad7336415ef1ee691b813a9e8b7d78e7ad6e5792f5bbd94a05d8960fcdc9bb4beaf1dc4266d610303564669a14de10cddd |
C:\Users\Admin\AppData\Local\Temp\Mgog.exe
| MD5 | 0af6f60f85231a13b671b04fdcd98da4 |
| SHA1 | 1c760aec8e4e3d007ab84e9df743dfb32f90db75 |
| SHA256 | 1fb5c8b42bdb4a4ade7ef51a9f921ea1c0c734c68b055976160728d2bf1611e6 |
| SHA512 | b82dc7b351c2850648762d0508fd6ce9cc546919a99d9fd40376f4634cb535bd8b899da7befa48d0371512875d76a28845c7de82a8df98c7dd1e729e92594650 |
C:\Users\Admin\AppData\Local\Temp\GasgUsEY.bat
| MD5 | fe3fadde8be8d4a53fd25c828b5897ca |
| SHA1 | 98c2f15a541bd69f52e2f5a4cfae3dea291080a3 |
| SHA256 | 61fe20af43c953cef000e418126ed118b8f90f000f449f504422a8a065978bc8 |
| SHA512 | 1015d9ffc0d91ee4a82a1498a01e51532168cf7f7d0ee749d1b742aa58a5b4a7c5ebd2a9be0ea06223546ac81884851fb5b2bd5c7d224598c781c87e9b45742b |
C:\Users\Admin\AppData\Local\Temp\OMca.exe
| MD5 | 0b59005270a2486d1e0d147b04549f60 |
| SHA1 | 0a7ab3e04fdf8ee8c8f05d90068c1bc28e603876 |
| SHA256 | 83bf1995482c5efba0da063ef2426b82cbda0a521afeef3195f90f7488cd61a8 |
| SHA512 | c3a0ca1c8d26b033ee4f04e7a50315619c0e707f5c81dfbb550dd0faf01b60191073fe49491e89d84a9f4c82e61164b45a19458f3d906806571cc54de6be8fc8 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp.exe
| MD5 | 56caa274aba771f44c123b84a82eed32 |
| SHA1 | 2b3bfc319e7091ca31941fcaeffe1b3d770d69e6 |
| SHA256 | 03da74c63e52ff76ee16c2a6d789bf669c457cb66ac869a8ec56e39c43a6c8e4 |
| SHA512 | 3e099c091306fbede14e63a3436cdd5d4b5b1e3edd32a39a2d49eea8999445e267599eb52be90447a76e0b97bf2a18c122226ab0f502f47b557870de1a238744 |
C:\Users\Admin\AppData\Local\Temp\GwwcIQQw.bat
| MD5 | c72db898029a25324e082de0fd02c616 |
| SHA1 | 8520c3573343bb177677bf1f8332879cb65de2fa |
| SHA256 | 1a5b2d74dc384a792698e5e930e8b671cfbcec9c933f4c08564ad2586d7731d6 |
| SHA512 | a180e23c7c3987aefc42f2797a566efed47a0a912c1b7ea7809acc52681d598461e02d2d3c867a9461617d37157294c463aae85b4e6b4eeb0a6c36a783d9bf3b |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp.exe
| MD5 | fa4c163bed9cb495a6809eee7be53995 |
| SHA1 | b9519ac604e0691d4649b3f0df61848be4f0a659 |
| SHA256 | c39ef00285af044dd451a58debc03ba9765a603e73b785e1cec0f2b546a3a66e |
| SHA512 | 014cf84ffbdba7a824b6dc0e149582903b4cbc6c52bb20377a3c0e00a586588ce828c372559c83b81d729728d50d6ecdb7638668ea43238c9aa7c2546e15534e |
C:\Users\Admin\AppData\Local\Temp\YAcQ.exe
| MD5 | 4e67078eb03819f067113c191260bb48 |
| SHA1 | ada1ed6abd4414e2dd9c21cffc544f14bb99ae73 |
| SHA256 | f5c1a11e7749cbef0acd25c7df6b6ba304bcfce5e7600463c20fb24d365222cd |
| SHA512 | 7c5bf8b1ff205d92f4536e51dd6ee16fe981ebbcf9ff17d48043369ba139ad6d7077eb02591ed390cd913f74a82adbca66005aa57a453c079509625f1d8644aa |
C:\Users\Admin\AppData\Local\Temp\OecYMwMg.bat
| MD5 | db58823962cc86be547ab73ba1915d83 |
| SHA1 | ce99e5700522dff12b5fbb57f2c2bc7584b41ce4 |
| SHA256 | e5c4362699ff8a312044c5419e63e7a0c517c5aa57d14fe220df4bfc223a7184 |
| SHA512 | b345f33e3e2880a83292cc5b9f0e65171e4b060284638de6a6912da09d3191e181fd684f6cd896bcc6fec4311014d5641dcc17a6da41ef0d4b8aae7103ba620f |
C:\Users\Admin\AppData\Local\Temp\aUMw.exe
| MD5 | 5c444214ad9aa87cfa63f9ed75858a13 |
| SHA1 | 1c678fa47d8a471e4e33f4186b64ced8fe1e3e16 |
| SHA256 | 11c21d309ec860f5df6c63724cf74c02ac1593ae37558bc7b3e91c92330a7ee1 |
| SHA512 | 55c69195a78d403c222468d16b07a661861f8f8bee71ebedc6032748cc4c3013a1e0f75971162d0ea1318e7c301fe1a956f9fc0c549e361bb00a798a16634034 |
C:\Users\Admin\AppData\Local\Temp\wEEw.exe
| MD5 | 45854b96ba35fd4b77d5c4f8485ba336 |
| SHA1 | 646ab3bd8eca027e329b6110d80e7dd03aabe9ed |
| SHA256 | fa4e2e82f6d8106093772c868251b5741e57b526372393ddb018f41984059bac |
| SHA512 | 93b0ecbd0a82c70e80564332df4300ff28a3d783c074c3b92fc2bff0539474152eeca34fb1dff845e2e91272d19c811a2dc6d4d23ee7b781a7d3ded6dba2d94e |
C:\Users\Admin\AppData\Local\Temp\XIUogYYM.bat
| MD5 | 611b7d7c8b26c3e6f6e8ab652e0b5569 |
| SHA1 | 0d737f543e7bb33cca7d7337dc24ea7a3d8d0efd |
| SHA256 | 09564c15118df360ea32eeaee16bc40d306301ff132e86d8bd417b2bbd0d8f4a |
| SHA512 | c6c17291b22e436d40088809ff167c51256c5ec2938da5f82606419352bfc4d05a7d0b1c750daaafb4bc5444e13e5ce4b0bf1a207e32967ee276b642b6d18d99 |
C:\Users\Admin\AppData\Local\Temp\EsQM.exe
| MD5 | 287db629e54625a62ef11c700e15d4bb |
| SHA1 | 6d435076348bcef249906b5fe27cb55eae7d4cef |
| SHA256 | a5a4fe6f2ee2751eda3cee571c2a1d3d0989bcbb733c93528700052b09825674 |
| SHA512 | f65c525af92531114147dfecc3388f7f7d317a4fa5880d4ebe408dae532b1b88c2773ef85d4e92554329cd5e6f4ff6bb5c1e0e8ac4b891b76d00caf085d8ff7c |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp.exe
| MD5 | b38afa3894741d155540f080cd8868a7 |
| SHA1 | 4d9cbc8027cc57e20a425b019a2c73bf4a786183 |
| SHA256 | 4b7193fd31a6595358072fa21332fb20518812deb9cef75100fcfc161d0cf652 |
| SHA512 | 6ddac70798f39f5616b3a0abcff78796b503b0ca5d2f0a73db12c76fcfc5431bb189df4d6c5ad52a9b203b8216e13eabae03a541dc2a79a4e33f8477809e3dfe |
C:\Users\Admin\AppData\Local\Temp\NKAYUwAs.bat
| MD5 | 9a8d8c432ba1f935e52c1c3ea5b5b9dd |
| SHA1 | 418a7f8af9cd8f7852d529653e5b54f5329b86fd |
| SHA256 | 21aabf39cdcf3775c30a151be0960402c73ecbcb94a6868c386fb23699fd983c |
| SHA512 | 1a81af0c8ebc6e2a6736e871690dd1915ac435a49677f9b5c7222c4922e521025c76f11b050eb786d4b00909cb2f5c370e2192ded66cc89f7a11584beb17f79e |
C:\Users\Admin\AppData\Local\Temp\UowO.exe
| MD5 | 9081214d598d590f79e230336fda12b4 |
| SHA1 | ae4af3dc18a05d7cee709aaf8d059be55b7107a3 |
| SHA256 | 608079edd60905d039299a5ec625e35a111e4bd1e1a7987d24525cd90f56039a |
| SHA512 | 32edaefe5a53c2c085fefdbf6cca2847c6befa63daca9f25059c14ee2461f4669aa8d8ced059e698d354b1ba9a2bd226e7cd30143bc7c6a0ac3ac874a7d4a03d |
C:\Users\Admin\AppData\Local\Temp\JAMEYIwY.bat
| MD5 | cb3bcc1cc4302ad90be1dee6d6d68552 |
| SHA1 | 8f5e43022dafbd9c393527bbdc3db8bc8d1ea47f |
| SHA256 | 7e9fe82a9ddfb2192acc0d3190659c71047452c8fa2205131e7ebdcfbfff34c1 |
| SHA512 | 7d5cea366247203a5980e3fc5c39521e673ae541b6c2f11af250b8828c934adc5187b2d0d4cb82ef14d2b7f0dde2a47a494c1985d8ab51b4804797236e98b754 |
C:\Users\Admin\AppData\Local\Temp\lYAAAAIY.bat
| MD5 | 957fe6d4f4de1d8a477d8ae2f1adedbc |
| SHA1 | 49093274c088dd35ef3573af9d429cc94c7c5d32 |
| SHA256 | 81d4b269972b62c599bb4ff49a62df868efc7e2db7100653fca87ea7db167854 |
| SHA512 | 3b67d1c0cc2a22eb9974ffe86deb1b39b5838e6e5e44874971b52cc86be51d5f43a44bf43a0795eba93ccbd274373a6204e9804c6944e7ff0165bf94dec07d2d |
C:\Users\Admin\AppData\Local\Temp\ikgU.exe
| MD5 | c55997c0aa51f3742c733d3403c19204 |
| SHA1 | f202ef85d79216b1d9b892ae1353ba7bdaca4b21 |
| SHA256 | 9836c237a283345291211d5195d82e786b03f77da7fb1cfc101c7f1d06146db8 |
| SHA512 | 6cebbcab6e94c2acfd9adb4483b5d1ae787ee24b5a4a2698a338a4a44e7b6c102dccff8ef630b5eafa1071aa17a286fd44bfd2ed79fb99d710b05c403dcb699c |
C:\Users\Admin\AppData\Local\Temp\SMYq.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\CgQe.exe
| MD5 | c3de823faa669500534469488ae6a739 |
| SHA1 | 2871c82eff0415d126bb3f0a92e900d6b1f5c0b1 |
| SHA256 | 0a12b4a798aa0e65ad2a9c371902925f3a573d572968d5a2af3e7488cf94575a |
| SHA512 | 30e20b424fedbc75c699340e684829110bcdf1bcaf42b4b6ae5a8837296deb65329563f1cd4eb4b27967e5c52f44f784443c5abfba1701efe0b14b76069a3663 |
C:\Users\Admin\AppData\Local\Temp\KCEkgkog.bat
| MD5 | 6e062f6d474852e36a4532d330386009 |
| SHA1 | 667df7a21a2605fce0cefe03479440e30c6833b5 |
| SHA256 | d4fe35693afd9a83a500adf441c551967cc65ecb800f207d9550e3194b8f9626 |
| SHA512 | 92fd405a92a4ddccb3306be28b32bd399887f7e49f43eeb7c0bd0040b1f290adb54820f2dc0e5ce6ca44fe7932da60176a3abeddf171f1977e9956f86a3c562c |
C:\Users\Admin\AppData\Local\Temp\UkUe.exe
| MD5 | 85a1239f7d71a2156880da7bd1823a17 |
| SHA1 | c6c767f7386a91d09ddf5ae0547e3ff5ea82d938 |
| SHA256 | 195abe5caa0560c424ee37df9478bc6ab107e8cac3d3b38d05f89471a5b23b7f |
| SHA512 | 76b7a3ba6bdd23477e77332a736a72bd28f429f0bf4ab6c419f44665a85854f0c100d766304e5a7b507f8842bdf95ebe3a3c90e26f2a656ef5c25a8fcc77654a |
C:\Users\Admin\AppData\Local\Temp\mIsu.exe
| MD5 | 4bdeaabdbf0ee5f35c57c582e30b0b20 |
| SHA1 | e25fed6594db97505070aa5c511e164258d749cf |
| SHA256 | 52feb34325e5c40bdbb5c3e49da9c6556a95f9a56b4a4691381cef15e1ab25aa |
| SHA512 | 2d2d6666f831fba256ca0bef55df0b19548c6949262c76cffcb322a0aa6fe1a369c17c598e99086e1386e755a027e7e24d2e9f424293fdbdda42f8ed6980a9cb |
C:\Users\Admin\AppData\Local\Temp\IIsU.exe
| MD5 | 6bfc8f047480bd4a1653d9f54272bc6f |
| SHA1 | df1ca40b4c69b1090f677a4f749f356513e6b670 |
| SHA256 | c032c53ce5cdae327672902f2afb3ccd00f7e6b4c1f0601eb83256cfb63e1ee4 |
| SHA512 | 4cafdd01444defd5f65027befad7e8f68fe304a9017ec0dca71e38ed4e4b0e3f976fecdc216194524bf6f2833638f48752b5bbc370613632bf8648a5eaa2f715 |
C:\Users\Admin\AppData\Local\Temp\qswG.exe
| MD5 | 3318d32c419b4496336d6a2df7622997 |
| SHA1 | 5b23d8284c095f0d72480903916d3a85c2c362b3 |
| SHA256 | 650530dbf72c9eba051f6d0463d4b4fabd083996d662997fd464c65a70d1c230 |
| SHA512 | d0349cdc079b0833b2a4bbf1978f7ccc390b80c70b5a2df99bdad52d28b3a9d0082e3c885314faa380ff20f93900688ddbe196a606b6368a8ea079c411bc0ee5 |
C:\Users\Admin\AppData\Local\Temp\kksM.exe
| MD5 | 8587fe392a19f5d278e2ca0164d41191 |
| SHA1 | 0aece8ac88fc37c72617ef9874fc1a2e90741046 |
| SHA256 | 8a4b25adea8cf4e9d1c151bd6acbbde4ac9f0289ba42ee42ddd2fb9f13f8500c |
| SHA512 | 2906209fcdb777ad2a239f42791375933324608a55a1d4bbddc1d2132caf0e9c3eb6dc995b450d73de4833f9de4341914face111cc6fa1235f2aeeffdf1f7be5 |
C:\Users\Admin\AppData\Local\Temp\mYMm.exe
| MD5 | 2b6d56483b63eae887ac5002f9f70a8a |
| SHA1 | dab9c5e39ef1508ff113edc70a187caf0e41eb2b |
| SHA256 | d06f15d2e54b3c7745a78165df9689e4311f9d48413c81d2ce30aa6c05c608f6 |
| SHA512 | eae2934c92c195249546de07962cba95c55952646466b673683303264f4ce5995b563516938d49ff1250dd742fc87a3510c7494b6957c56b2991a0d131c6c752 |
C:\Users\Admin\AppData\Local\Temp\EsEk.exe
| MD5 | fa9f24f86fa5413237677f77bf838d54 |
| SHA1 | 07dc4dc9f0121b533d65392c044863b3be72714b |
| SHA256 | 46af30353983a2d38ea603e04ab946cbfd01f86662b95f43216290f63f68abe1 |
| SHA512 | 232de692a8bc43617422d49a10347e36d1c04cf0c7ee146f50aadc27a0f5fa75677db98bf8adec7f37d692efa804a3f9c3763966f15f8fd315540e2bdb9c2219 |
C:\Users\Admin\AppData\Local\Temp\EcAU.exe
| MD5 | faefa22d02b03adfead5846aede51b11 |
| SHA1 | 798b359949179ee43fab05de5480d18f7df0ae9b |
| SHA256 | c04ee1616bdbd40e2bef4e066065418e25dd5cc94a28af91b044556f1452dc63 |
| SHA512 | 2fe1c51b4964fc3ecbc4fe0bc18e78d1c362589e27b4cbe718eeb2aaf25c42e732755314cbf0cf5a19e68e6bbbe7dd73f833c0e10480bd4d1e814a1872d44d7b |
C:\Users\Admin\AppData\Local\Temp\AOMMwQQc.bat
| MD5 | 9a23ada12e82f72a8f35a12c514fbc3a |
| SHA1 | cd2ed78b7e55a2bb775113d15112a2af02652092 |
| SHA256 | 137cb73d0f19cc9aab565894043f1afae4c919d99082ee637a410b78e1adfbd5 |
| SHA512 | f01ca2d164d3d34d1f9d22ce8a1444af904530f62beaee4354ba0c1c16c4c4026a1bd9324996cf205a1d12c68471c04d96c1ae1b8cf90107b0a1dddb39863099 |
C:\Users\Admin\AppData\Local\Temp\WAMgsQwk.bat
| MD5 | 43330b70bd3f8ad64e7172f3b5459d28 |
| SHA1 | 0dc12e048cc3d4c494a5fce62c78d1ecb0270da0 |
| SHA256 | 00352230f81fc02f80cc0963726d9827ccc61f1d1168b1ac6d98d208201a3cef |
| SHA512 | a3db9b826368330731f5bd78d83021c1c323bab61d5db72ce4b677e736eda41396849f0d789123cc5a7a00dbbedcb7ce6277b3578e1b2eef247772e8c7e5bfbc |
C:\Users\Admin\AppData\Local\Temp\SmwEUAYM.bat
| MD5 | 5cb96ec436d398824cc55f19b4f47fc5 |
| SHA1 | c31b7bba256cf4809f4ff7be1615ddcc9cfab7ec |
| SHA256 | aaba2ac73e9e1dbe5e25877900db3a56ee434634d1133d639faaa5843e024fc6 |
| SHA512 | bad0749a7f2a25e9e65dbdb6e22dd0626aca2dd0d8127141cc11a9dc01e8f6cb0955f48197ed21f64b5f7098e9800c769040eb463e113d3bc6d60fbed27dde55 |
C:\Users\Admin\AppData\Local\Temp\vkYMsgkI.bat
| MD5 | c0cb5112224c305480fc3023403dfab5 |
| SHA1 | 61e663ef4dd97be0b450807f835898b1cd4348e5 |
| SHA256 | db420022cfde4a09d3c60cd20b598a40be7da24f803c0a9057315d5de5ef5494 |
| SHA512 | af210298d89a534de715b83cab34a8fdd69a2f1d8b2b7df922a36c3d523e0802c21d5ca7527b17dfba0dade32ca57bc60465c1b8dce50c01b431fcd136e995a4 |
C:\Users\Admin\AppData\Local\Temp\ZowMsUwI.bat
| MD5 | 6a62fa5f099031e6ea5d303d90b12a5f |
| SHA1 | 21db0cfb69e53cb0833a2867bc9f0f7d5286323e |
| SHA256 | d50e5cca27619de45ec13dd3f6d124d4e2f88c6a975b12e65c30e5600ad25ddb |
| SHA512 | 3115ac0a986baad284935d538b62f4f186c1cd23adc412b50df01ecf5b7e256530175a2eadcbae071b03d6fa86f57fe7023a1f42589a2e6ec0618071aea77a41 |
C:\Users\Admin\AppData\Local\Temp\ZuskoIYQ.bat
| MD5 | de5fbdff99bfec4f00766e96b7617859 |
| SHA1 | 47f16654df3157961d9e9fb8048f904aeabf26a7 |
| SHA256 | 06f956584dee01e4ded7abe455fb777e9916eb247fc6338c86e1278cb60bda4d |
| SHA512 | 9472969194cb0e4c610ff49122234453a7d28744704ee0fe8fdef60997f3bcd75d8d6f516185dd977bc0626bbea7343dd2f9ae81893d023a2ffcaebcb1c932e4 |
C:\Users\Admin\AppData\Local\Temp\WUQgoUEU.bat
| MD5 | c2b2246f521cc5b91099ac169e6c8538 |
| SHA1 | a9a576c392eeffda060e027facb508611a9e6d87 |
| SHA256 | c490b1da8b970436ecc2913fbe199b59346834a17f3a6c03f9aa63f97332ef89 |
| SHA512 | e8a8f21a887e958608f451f5cfd6453bc3f075bf09628e28c024f2a1a055482a0cce10b0d98a070141c27aee733895a612d587b729c63cf37ac74b62d8465416 |
C:\Users\Admin\AppData\Local\Temp\sMMYsAMs.bat
| MD5 | 8152ab9f9b69776e0e122607c7c90ea9 |
| SHA1 | 94fd312fa63af0aa4c164eaa71302da3b836d55e |
| SHA256 | 5856b41dfb4d3b93f978e6336325159b78dc18018d4e5071c2e1b7d6577e8f3e |
| SHA512 | 56faccfd805853e8119d133b13e43dc224c84fa3abce80ac34d440ab9a2047ec5b97067f468c59f7d5874e504d85bbf39cddf40c31450a8186b4ff8abafc372a |
C:\Users\Admin\AppData\Local\Temp\iWoYcMwo.bat
| MD5 | 3feee856313a5f7aaa5eae467998efd3 |
| SHA1 | 02d39c9c85b01c6e47375d53950ddff4409ffd61 |
| SHA256 | d53c9cf7e4991c0f9a2da9d977461234c777236a53349feca7a8785fae7c0ce1 |
| SHA512 | f908a21aa45f92f7a441a73f9bc26fb00a96fd68e605553c2d57ab87572540891df610807a0626d8c25b4483af8c558e9ab7965a178178764f80fd06c3b97834 |
C:\Users\Admin\AppData\Local\Temp\qOQIgoUQ.bat
| MD5 | c0211433fe0f3edc95f4fc3d7ad8cebc |
| SHA1 | db8d2d8fef577206922393cf62235310f6d956bf |
| SHA256 | 4fcf21005262029e4341c811ec254a102d6b812c8a00b7f1e80bc126f4a97cc6 |
| SHA512 | 730d8f998609c5943793025e50c2ed60dce5ec4513a256ae78102e18f650131b16ae2d939ec92193dcc848af9fe41bc4f935b7cb03075b8427e9204bc9d650b4 |
C:\Users\Admin\AppData\Local\Temp\vSUAUkMU.bat
| MD5 | 70290c518fd72735cc81c547a6da2995 |
| SHA1 | a5a12ad94e1ce54107a78f9c8608bd23e1df02f2 |
| SHA256 | abb6380b06b8a405f92b15f5be72a2d2130b657213b3393e80faf89d2711e3bf |
| SHA512 | f3077ad90381594a5f2a552a85e660429dc0843726c4339ac43e06d4283d58a3ec9b7959edd874736e892fb0cd5e659f180a56b304239fbd6b5da054aaea2fd3 |
C:\Users\Admin\AppData\Local\Temp\vMkowgYc.bat
| MD5 | e11523c2e318a177a67209e7b3d93b50 |
| SHA1 | 32928092570935d161c56bd2604aca88dadce684 |
| SHA256 | f277d76dd17ec0c323d54dd42b39f4d4a620ac54d51e540bf9156d0cd00711f5 |
| SHA512 | 0cbf14a377931290ce1503356136cd69a2d298a5414ed81538089309f42f4571065d1884b9f744bed5262bff24a38b1c42f2703bfefc0e206ba9ab190bcd14e6 |
C:\Users\Admin\AppData\Local\Temp\rWIwMQIY.bat
| MD5 | 89e77943ef17e23d67a8e45366ae8105 |
| SHA1 | a7426913a329e8f3ded526cd371bd39e8aa29c9b |
| SHA256 | 2f73967925fba608ed3b9ecb557ca9032186b0501295f74a6c751e280931fe02 |
| SHA512 | 729b9beacb329136aa597e56190ead84bdadd1b9c933212a07a919d82ab92f638bddd0b5a141ef8552a46df2d80d3ee403a26ff417cdf750077ff18ae7f33996 |
C:\Users\Admin\AppData\Local\Temp\DyUIAksU.bat
| MD5 | 1a4e063ec0aeee8732664d8d93f963d9 |
| SHA1 | 7ab40afd1ef3ff4480b3bf286514aaae51647087 |
| SHA256 | 231eff3c1e0c8cdef981010eb16015af569965ccb21ba9c7a3fe40b4263e2c42 |
| SHA512 | 7ee1b3fa8fdcdd75c610cc28edbc067651d01d274137f5a48ff1a76aa5e5984cac7913cbd8ac3ac17e483ac0645eddb45018cbe93eb679e5187f2229e6932692 |
C:\Users\Admin\AppData\Local\Temp\BaYoYcMc.bat
| MD5 | ba0188432fb4c44eca69ba5b260a6576 |
| SHA1 | 9d1948d968cd492e0e0d2fd3423dff531ed62c7d |
| SHA256 | 2e6db9d4b30894d865a736aea3cd9fa024ab6b47fec409bfe9e43d7feba54c15 |
| SHA512 | 22a6c959d3683904a8d45b9ed22cc03f9058a38b3fe0b2140a37820156c3f7d80454590a89b18d70cb515308ae1a22727689fd75739bd3b5dfb7846e84b209c1 |
C:\Users\Admin\AppData\Local\Temp\KKEcscgo.bat
| MD5 | 137b31480619fb8532d55a012c956dd2 |
| SHA1 | 9a9196d7089883283b143e08d84f54f982e09d0e |
| SHA256 | c10bbaf4854ea158ccf87bed626ccad2d01c518bbd268523934ee04b71e2c14e |
| SHA512 | d88af25ed86585a9aa83a4a7951f2a5989f7e8d6b5fe21421a3d905ee542339dad295b79b04129ee7ec4fa659e6cb9a38312ec70b3f647c610ee40d1ce7efdbc |
C:\Users\Admin\AppData\Local\Temp\ocsoUsAE.bat
| MD5 | da32c87d23fe6f6dd5f4b2e3843b43a1 |
| SHA1 | d0cb03e438d957cce8b9c563097665a8cc07a5ef |
| SHA256 | 28885e0726c4145e03b790c2d7621868e1f5ff729dedd2cbb5a90d553aaedb76 |
| SHA512 | 1726ec973aa983b2b11e4bd2279395cda6584e8ae142134bfbbbf37717e623d03797e2ba9f67f6cff8f837c9f81cfe5029f9c9940b5c948c8d91b35cccc1c6e6 |
C:\Users\Admin\AppData\Local\Temp\UGYMAwgQ.bat
| MD5 | f4e7b838bd888d4035d4a74e28857810 |
| SHA1 | a5fd240ea5a6e8766c670dd2088b28154d7684d5 |
| SHA256 | ba0ce07830451c5b403795ea67bc425d474376f8ae636a8fcd0bb2c23fb2d9a2 |
| SHA512 | 40ae83521c7f352a45e730def988ca9f8b73f03e3a3276359a17475b36926caeb02fefe3e04e48686ca9ca13a0cdd7e5bc68cbc5c0667abddece13c5075d336c |
C:\Users\Admin\AppData\Local\Temp\IiAQgQMg.bat
| MD5 | 1b91dd079bef0775cb450d537aa5cbe9 |
| SHA1 | bfb80b6add3a1aad74247e72ac223877fbadd4b9 |
| SHA256 | 2679f936d149befdc439d3b5a1a82c22f1d9849b5adbe8c303846534183081ba |
| SHA512 | 04fc92aaa194ba02b1e4fa50833d4bfcc8d60c69e6aadd354411c52bdb897e265f440e0cb17e6d5448e60f55152229281ccf86504392822c8320535856b189dd |
C:\Users\Admin\AppData\Local\Temp\NwskggkY.bat
| MD5 | cd351b1d7cd5e139dee189c05a5165e1 |
| SHA1 | b2ef199bb8790e7a0d37a6b352d7974144a85ea7 |
| SHA256 | e050667004f9c6e9ccc90534fc13041e5e83158c21d6b273f1107bfe85cfbcc2 |
| SHA512 | 478d8a7bb2e1a20743f2bf9d84a9292eed0ec4d98367d039dab9971973af2a1e18e5f80e6c834b6ec23359d45262419b3dd87eb14fb4d6bee01f9bad1fc4d2a7 |
C:\Users\Admin\AppData\Local\Temp\ViwYMgkE.bat
| MD5 | 332ed5124312dd2db6e80ab1e3b6830a |
| SHA1 | 8f2efb033d27211637f8c27b8ef2d811bacdab61 |
| SHA256 | 49291b4f0aabe6fed00f06afde9506c2d45177bae75c04bef6d8d4580cfdda63 |
| SHA512 | 07840e906b706050549b24287bb71a785d3619960b2be524ff60b3cd21a3b4da4506a1dbe8d053dbf6509cd718e288462184aa0dac166e9a516e87edb597107d |
C:\Users\Admin\AppData\Local\Temp\TuwYkAgI.bat
| MD5 | 01374698b726745b3a44a3bc4ee84fc6 |
| SHA1 | 4e097b7a3566fd71a74a610c7b4e43991f4785eb |
| SHA256 | 6468ec585fe0085908aa4008b3363f5fb61f3aa793a46ddf9f865d05af0c1520 |
| SHA512 | 44e6215cfbe7097aacb63ceba91df8a43c601e81c561fa2649381d51dceb39858d5f9dcc8f2e2dab14d1eba0a2c5d217b8701f13448a84160bc3c3cf0c156905 |