Analysis Overview
SHA256
d3ec9fec4f73dcd82270934c04376a288db43763d4b142f0bf0b0a7cbad08900
Threat Level: Known bad
The file 2024-10-16_e0a8441493e12806acc53cce247292e8_virlock was found to be: Known bad.
Malicious Activity Summary
Modifies visibility of file extensions in Explorer
UAC bypass
Renames multiple (81) files with added filename extension
Renames multiple (64) files with added filename extension
Blocklisted process makes network request
Loads dropped DLL
Executes dropped EXE
Checks computer location settings
Reads user/profile data of web browsers
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Program crash
Unsigned PE
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-10-16 08:20
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-16 08:20
Reported
2024-10-16 08:23
Platform
win7-20240903-en
Max time kernel
150s
Max time network
119s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (64) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\aEcAUIgI\NCowUoEg.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\aEcAUIgI\NCowUoEg.exe | N/A |
| N/A | N/A | C:\ProgramData\AUIQcMkA\AKEIoQMo.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\NCowUoEg.exe = "C:\\Users\\Admin\\aEcAUIgI\\NCowUoEg.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\AKEIoQMo.exe = "C:\\ProgramData\\AUIQcMkA\\AKEIoQMo.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\NCowUoEg.exe = "C:\\Users\\Admin\\aEcAUIgI\\NCowUoEg.exe" | C:\Users\Admin\aEcAUIgI\NCowUoEg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\AKEIoQMo.exe = "C:\\ProgramData\\AUIQcMkA\\AKEIoQMo.exe" | C:\ProgramData\AUIQcMkA\AKEIoQMo.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico | C:\Users\Admin\aEcAUIgI\NCowUoEg.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\aEcAUIgI\NCowUoEg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\aEcAUIgI\NCowUoEg.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe"
C:\Users\Admin\aEcAUIgI\NCowUoEg.exe
"C:\Users\Admin\aEcAUIgI\NCowUoEg.exe"
C:\ProgramData\AUIQcMkA\AKEIoQMo.exe
"C:\ProgramData\AUIQcMkA\AKEIoQMo.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mWowEkYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ecMkwEMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AoEwkswU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gGUsUwYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\buwkgwEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rogAocUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zUEssIwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PIwMoQsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QGAgYMMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WiAosMgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\igwggkkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qUwUwMcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ywIMEUAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FkgMMQEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xWkoUcUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FkcUswQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XQMYkQIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mesoscUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wccsUEIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KiwAEkwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QAoYIUwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rsQYgssE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LCQgAgUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BYUYIwQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LkIwcssI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dqwAkEsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kmcsAQAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IooEYYos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kIkMYYEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\scAQIAQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RAMokogU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dawIQwAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TCgwwgQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmAIokgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ymEIwIkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yscQEUsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IkwYIEsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mekokQsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pWcAEMEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NUkQYows.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hQEIQwkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BMAIAYYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JiQcwIYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MEAkEMYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IiAUksIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uIAYkUMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WKwoQwgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FAEsgsAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RewcEYAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nAEMUIcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HGwYogwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pooQooMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qKQwUAAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aUUoUUEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IgIowoUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KeMYAgYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GCQswYss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RsAosMIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hUMYsQUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DWYQEQEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TygcMIwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\smkkYAwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cwcUgkkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OYsMQAQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gKEIYoYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cKoAgIkw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bowUocAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nSUEAoYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JSgAIYEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DSUAkIEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gOoAssgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kMoAQgEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EyUcYkkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UwUEQoYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BcMcQQIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NUUYMAEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BMQQEEcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pcAQkcss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\skcgIsMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kOgAIcYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\keEkwEsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QmQwQEoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SsEckwcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tMYkAoEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZeMUEMsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZSowEUQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RuMIkwQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IUgYEogU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KGkEEoEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aOIkUMMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qEYoAsIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tuEcIMkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jiEYYUUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\veAgwgsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nagsgUww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qGgEkMwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MiAQwMUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gMoMoUkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AGwccwEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TMwkYkgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TcgYcoMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tWooEQUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ywsMcEUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\myIwkAMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\asMwsIMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QYQIAQYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dcsscQQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DooQoQwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XYIQUcwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VSEUEYso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MGcIgcYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WacIgUQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QaIcwgUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OkoYgsgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nwMYogYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\laUIYUko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HikIoYss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HwUAYYwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MiUggkIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EcIsQsAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aeAQosMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qAwEIswk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WUAwgAco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZgEEcEwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vmIoIQos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hWosEIYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NSMoEgMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TGQAMkkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UyAgsAco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cwAIIEAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UMQkwEws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kYgcsIcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\puMQwsQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZOQwYYAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YCUUEMIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\egkAcEgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 216.58.212.238:80 | google.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 216.58.212.238:80 | google.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/2324-0-0x0000000000400000-0x0000000000433000-memory.dmp
\Users\Admin\aEcAUIgI\NCowUoEg.exe
| MD5 | f46e0efffa487c4a79001327aea01ad4 |
| SHA1 | 1c5c6033a36912bbafa7c3bb9510a5756dc81524 |
| SHA256 | 84f4ef485cf68ac13d4bbe1bcc5290071563c1da4f4406bea88dbab5d3cd8a84 |
| SHA512 | 3dfc5e6cb4596662b0f4f463f70a92796e1cbaf0374056333ac7e99f2930e6e777d292bd830172e72b4123bd0f8b7005f2c9ecfb991a3e530c1641e6a0c9eddb |
memory/2324-4-0x0000000001CC0000-0x0000000001CF1000-memory.dmp
C:\ProgramData\AUIQcMkA\AKEIoQMo.exe
| MD5 | 16b18b32a50fc74c017874bc63727b2f |
| SHA1 | dcb3f74b43a8c25cb1f2805436f6ce13fb5d64a0 |
| SHA256 | f37ba2b40919d55acebd02104a37331ff851b63ca525ff1fb309319217404687 |
| SHA512 | a12322fe969ee7a762219d2ba0ea406db3e81942837e8aa4b962fd7c9930810803c9adc5ef170388ce7cf40fa21cdc71b32c41ed0a3a2cbff7091231c969548a |
memory/2324-21-0x0000000000560000-0x000000000058E000-memory.dmp
memory/2324-20-0x0000000000560000-0x000000000058E000-memory.dmp
memory/936-15-0x0000000000400000-0x0000000000431000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CokMEUco.bat
| MD5 | 298a3a75f014501496e96d5eac1582ef |
| SHA1 | a7b5e83ada24f2b748296f4393712abb2a556102 |
| SHA256 | c1a7341cba69bdabe75628a53b770cad52afeac1c7aa1220c002e9385041c313 |
| SHA512 | bf3f356cfdbd6c5377ac4812bc5a95b71500659c9ed91677afd928913c7ffd20758cf5589d347c64a6511562571cd7e53ef9622f0dd00cea8c6ca91d091f72cf |
memory/2236-33-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2996-32-0x0000000000120000-0x0000000000153000-memory.dmp
memory/2996-31-0x0000000000120000-0x0000000000153000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\mWowEkYY.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
memory/2324-42-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
| MD5 | 38523dacb7a20f049d5de61fc1cf87d5 |
| SHA1 | 310f1c826385f858572a6c747688d897b851024e |
| SHA256 | 4ee4b1cd9eddbf7cdef2797a8822ddd7afc8082b9483d52abee606e8e99a2191 |
| SHA512 | 61d8bbc98b2414fa7311d1661c9ddd33edba50a5a1847a78b52429b819260d176af87068b10a0963f858e55a0ad5ed3fa2bcc0f02389334fd47894aae662bee1 |
C:\Users\Admin\AppData\Local\Temp\iiYAYEoA.bat
| MD5 | ab6fccd822bd465d8b75aa96f5e4689c |
| SHA1 | 6fecf5ac17bd1540db8bf9eb227af15d8d721897 |
| SHA256 | 6271f6b00125036bf3071a6ed83e6932228489d40b68ea333d14bda0680e6c0c |
| SHA512 | bed9241c07831aacf0102a5f3392d6f4122b37dfcbfbb976834c64e7bb52cf71f2f717623d430f0cb9d99087ed32ce6739798b2ccda898ab5b02d6d45da23aa5 |
memory/2632-56-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2236-66-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\yEwgIoEM.bat
| MD5 | 464c86c0f9c8a0b490bf9f3bf32424b4 |
| SHA1 | 26642edaa0bf8315886db83d69cb5388c239c9b5 |
| SHA256 | 5a31c5e952b1f5d84960db6095add53353ea2c4fa5d08d65fc059b10feb85242 |
| SHA512 | 0be80ee51d1f8cf4ff7e987cd5866b41d0ae4f7d0e21072747bdce87415d936f4ed49f5da29b2e3a53c558d795b994b2df735ee3720b615d9bf2d7a25b10353e |
memory/1096-81-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1796-80-0x0000000000510000-0x0000000000543000-memory.dmp
memory/1796-79-0x0000000000510000-0x0000000000543000-memory.dmp
memory/2968-90-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\SgckMYwA.bat
| MD5 | c9abe72fda4b7fb2b9693ac7ce0604dc |
| SHA1 | 5044da90939365f85414fccd564b88ee5b3b2d1f |
| SHA256 | 55762ce8c238c78ce69012c70686d8df349122f427d6f73134babd041e68658a |
| SHA512 | fbaf9bfdc716d2dcfe5ca576f1f11227080d05b00c23388bd7bc7c99af78d21c19e7dbacabdb838f3838084f1092a0e10e032cc2641ad1f259cda13c222e33cc |
memory/1944-105-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2420-104-0x0000000000270000-0x00000000002A3000-memory.dmp
memory/2420-103-0x0000000000270000-0x00000000002A3000-memory.dmp
memory/1096-114-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\bOMscMUo.bat
| MD5 | eedff60a23918f6fe618fd10e4af6591 |
| SHA1 | 7770e37f29eed1dbf5fba50745a23a6301d1324e |
| SHA256 | d7d7705261a636ac98185b45f6a64839c471eca0472e8ece53149ae88614b7bb |
| SHA512 | 0faff1990ae1d2b14c471ef0907839a3a081562c15362be1ac65cd7c35ff92f7a5f49ad2a47c65fda8c2848bb1b43fdef441e2e20b9cfeb8eed4f7b052aca557 |
memory/1944-135-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PQosoMYs.bat
| MD5 | d7ac144f46725ec78dd9556c68099114 |
| SHA1 | 05f024eb897c1af004cfd1b04a205ac493c0da2a |
| SHA256 | ba5df8e0922ac8423a0546f66ae2379f6038538955879907c934e72383e2d269 |
| SHA512 | 099a5d3420427e4209adf3b2a844c4aaa81a547200c3db64e6c9b25de1266bf0b886dad2c7d592880f57df51a15f80f06b6ae6a54138ca0a1c64edb56184729b |
memory/3064-157-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\bMEcgwoY.bat
| MD5 | 19c6adba5a4e339fba73c716fb13ebc8 |
| SHA1 | bda8be1b858e54b47de6cd4aac21f10901e720a7 |
| SHA256 | 846bc7cfca468cbd1e3d033549f2da6f3d507744ea8f8ad4c340846bbeabacec |
| SHA512 | 517dd9decc5eeacdb27e11f055575725fedbbee1c962b1ca0851c1aac4a3a9e1c9015a77de4caaf05b118dc096a31e046c3a91fd67070745df1b4312ac2a77c1 |
memory/2780-171-0x0000000000120000-0x0000000000153000-memory.dmp
memory/2944-180-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\VQgoAMIM.bat
| MD5 | 5ac6252da39983a6e63098be8fcf8744 |
| SHA1 | 184b8e0f42103f16327026fa3b899bab9e580848 |
| SHA256 | 5494b4630fa1494f02ca4fcb69225a3b46b01303fdfb5d4ab0253a1fe5992067 |
| SHA512 | d51c9ae654493d3a91a8daa4eb552f8b3c1caf5a14e158e362d0705ccc02a94c71e5bdad13522569c12e51910f9a73509b9d68fba54c455e4c9c538a247148a9 |
memory/2472-193-0x0000000000120000-0x0000000000153000-memory.dmp
memory/1664-194-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2736-203-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tCcMQgAs.bat
| MD5 | 78c4826f70bc6f741a8c24a0c746e5b7 |
| SHA1 | 4532c93ead289999172a24e6db6200baf531ce2a |
| SHA256 | fde608742903afd61989b7400bf7dffbad697d15bcd1c7af96c36aa4c48e97ad |
| SHA512 | 3877b0247a3b27a74a4d82ba5ce8cb756766b160e97db549fadd3e01be8983db7ea323b037f4f6f0ef79636ef98fd5c8dea11fb1db089ed0426cbadbcd437359 |
memory/2032-216-0x00000000001B0000-0x00000000001E3000-memory.dmp
memory/2608-217-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1664-226-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gawIkccs.bat
| MD5 | 9a0ff4cd14e94ef2fa188bae801df2c1 |
| SHA1 | 273afa4aead5cd3df57028f90512ab19bdb6689e |
| SHA256 | 8783c45c8b61ca844476827a3979dcfcaa29faea0cbbe4d441a49d922752d5c4 |
| SHA512 | 905b11a6ee14badafea0aff507132f0a6851a962635566f297853a980088df91f05b2cfeb766453619d7efa77b8f19750ae85bd54455c925256ebc584419d3ff |
memory/1636-241-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1032-240-0x0000000000120000-0x0000000000153000-memory.dmp
memory/1032-239-0x0000000000120000-0x0000000000153000-memory.dmp
memory/2608-250-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\scEwYIcs.bat
| MD5 | 4f8bb220d0e156e9f89df014642f85ae |
| SHA1 | 72434d6b86ce83690fd5ec78a6b246a191485472 |
| SHA256 | 871c33bc489e8c67829f9d3507e2dc26f61376a379edf83bc366c89616d8dca4 |
| SHA512 | ca985069c96f17b33ef0b01b21daf33e97dc23f0ae7f4656fb33fe7b98925ca9765f745e15bf2e1a3c28fc4dcf41b2244b90d3a91c01852a22eaebd458ab1249 |
memory/2128-264-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1636-274-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ScgAMcMM.bat
| MD5 | 46bffe59633e132f9ad6330a9823ee33 |
| SHA1 | ccbf5b6d7dd5080be1ac00cf31093706fe227d35 |
| SHA256 | 5a88b3574cc2768838e638f97d3b936f6440af2877d679b68f0de83fb369bb48 |
| SHA512 | b93a8960c5f706149874bd6eb53e147a7fb6e1085014f61dbd07ab487a521ec9b692598e6c4ef6bf39262a6e026db421fbac949b024c8f922e4b8ab90c4399a1 |
memory/2784-289-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2692-288-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2692-287-0x0000000000400000-0x0000000000433000-memory.dmp
memory/580-298-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QmEMYEMk.bat
| MD5 | 20c02a62c7ee3f349fd27bcb9ad0fa9a |
| SHA1 | e965e23627e05fcdd7d12a76cc79b12bd57d6f0c |
| SHA256 | 67715f0917a43d51b749f535ce8c936c5a27ad7fd5ec3fc6dc35e1ab52acf27a |
| SHA512 | dc864191a0ec5ba42bd618582bd366505bf0b675f8159ebafd79b81b0f4c25da6a5f9b6a0de1a1fbac5907dc7b2293528b4a784590b16c99f20d50a65c3e6b29 |
memory/2568-311-0x00000000001A0000-0x00000000001D3000-memory.dmp
memory/796-312-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2784-321-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ROwUgoog.bat
| MD5 | 96fcb1f7c87e5f8b5d6812ec5ca8477f |
| SHA1 | 992f2c3393985c0bb6d3c289647cbb531e67c443 |
| SHA256 | ae0c08c53747ccca1d1034145f7379ae70927a355039a63eacc132c8bd598e89 |
| SHA512 | 3feaa93e5488687f037f32d9af2e0a382a87691c7b4158a19d634e4cd08a110876fa09a094313dd16f45a01d8ce204027e283c6c2416873d3157225346197c1c |
memory/2992-334-0x0000000000400000-0x0000000000433000-memory.dmp
memory/796-343-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\DsUwQMkw.bat
| MD5 | f39e4c271c14a18937d05bf17c68abbc |
| SHA1 | 90dedd91d8a0b0809ba2ee32a8cd42ef4c09a840 |
| SHA256 | 75b539face13486ef604163393095c654ed7e362a2aed6e9adca2edc6b35d361 |
| SHA512 | 55b7202d0e1b3afeac9d39191b11b1c60144c52207255f54fe3ea235fb3bc900e7c3ff70bc44c47ed2747e8dc81a9591ed72a9bcc28c415044d99f4dcd432e6f |
memory/2796-356-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1600-358-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2796-357-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2992-367-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\JWgwAUUw.bat
| MD5 | 1d1b58bd879e73df73d7b7dbb52de079 |
| SHA1 | d8c81c9e64f7283fb780afcde937dd8e3d8ff12a |
| SHA256 | 1513e0d96b0e2728c228e187349158952e4ab2d8e718652f8fee1975994e11cf |
| SHA512 | 7b895e979a2f92fb7ce6997a91dc545451f6873c35f7e356b16f101672370cd9feaa7bdce5aa86c99f9657381cfa940bd06513a8107f66b80617aa5a5fedce03 |
memory/400-382-0x0000000000410000-0x0000000000443000-memory.dmp
memory/1600-391-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fQwkUYkk.bat
| MD5 | 04353e501ed2f1a8256bfcfe3453a1f6 |
| SHA1 | 2704d16dd6cb583590f27da6c12f3990d5b872c4 |
| SHA256 | 0d2f1b07621bf34dcf37a0e7bd273e6ce7f5eef92c590bc190d3fa8541be6053 |
| SHA512 | de84885cdd3b9f285aa1fbdfc3a0c0f0b0d008f90f291cdc6c72b9a8978db108cb12393f1db72b7c6719f285b77ad722eb4ae8105f58449975402e847408edea |
memory/1772-412-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\wwcsQkYA.bat
| MD5 | 562ddd486d07055a47fae718c5ddd62c |
| SHA1 | cbafbffdac9c29ba6320212cd8340396d02e835a |
| SHA256 | bae92e0ea4dc78536510b6e0b48502bd8de965235cfbafde0a6e9915e572399d |
| SHA512 | a4967b69bb0b25030285e3b7b7cdf9811360ae1a6b1cda4c94ceec96cea4b4062cfa3481cf7d1418a17456342725f41250f5c12ae68daf174def452ba7b5b3a2 |
memory/2792-425-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2124-434-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\miMMgEMY.bat
| MD5 | b95fdbc9f76d0478a4d3a5411a595871 |
| SHA1 | 4084046230cb9e3aa90679a6e67135b81d41046e |
| SHA256 | 490ea080c5f8fda58165db46e8bc6776ed887f68c08dd3087ef4a75685dce01c |
| SHA512 | 33d0a8e01ff730fcd418c99876c6c6201a7e57e5461af9aa222c5ba92ce7e03a3184362052632e12db848d4925cedbb1c3e7ad22af2ccb828fbb4d7a55ba07e7 |
memory/2852-447-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2584-456-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\YaIkkUoc.bat
| MD5 | abb315bea2c7f1983eae31a6061abf15 |
| SHA1 | abad4bda9155d2f14b26ae5d22d7f3ee6b4a5bbc |
| SHA256 | 762e0788f1c384bb118b35f12193c2281643793c50c2326eeedbb6915dd1fc74 |
| SHA512 | 1da7ab61b794466fa3feeaa5506edaee5bb4e6a392f6820ca8668bf8a17123c5b45d5decfec850797cfb72fbe55ed9a29ef84fd112f56ea42b30b26f17679c72 |
memory/2852-479-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AswUkIYE.bat
| MD5 | f7374117e18f0c7b80b38afceb05167f |
| SHA1 | e8cd4c8bb95b1af04b1508e117a274e9808a36a7 |
| SHA256 | fc3c5eb74c88edca4f08a75c4d29207f8c616b3ef1508c090cd7313ec6a7c25b |
| SHA512 | 7ff4aa2e0a0ebf540e61e891d3ffb5913421fa78e11af09b6ca39244eeaf80ac4dc09bbb80f5716076d66b74bf3c1913db30fda766805b24f566e88eedab6e56 |
memory/1984-490-0x0000000000160000-0x0000000000193000-memory.dmp
memory/1940-499-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\imsMkIMo.bat
| MD5 | f133c61d1f39d21705ef0e399f0f1d6d |
| SHA1 | 855224a04a03fa3fa2b796bc91c4980e03c069d1 |
| SHA256 | 47281f3a300b6cdd9f14de32690b06781513d2a7a943bdf73bf30360fcf53482 |
| SHA512 | 8ebdb1a67e4c6f40c71c7772fb26dc7e4d4514cc6d02088649404333b69d4a62b95c79b14c8eb45e1ea7e20a359103998f1f418076305c46d66f50396a94a39b |
memory/2276-509-0x0000000000580000-0x00000000005B3000-memory.dmp
memory/2032-518-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fmcAkYkg.bat
| MD5 | 4b72f720cb2b2044f65fa97087c6fb4d |
| SHA1 | f9eb63a66dd465269b0a0ccdc1d52931e697eee7 |
| SHA256 | 1cb1e060620cee502a26f5f5daf85b5efc2314d4b7961ab1cb5776057902e38f |
| SHA512 | 48034c3adc057c037aeb0f5de94170006a4bb72dc80c2495761f9c7bd31d5feac56ffd16f8116a0cec19d6c89dbc78b3a710fcce17b61b8d39a1dc801840bcd4 |
memory/2324-528-0x0000000000540000-0x0000000000573000-memory.dmp
memory/1032-537-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\HawAEsUE.bat
| MD5 | d6754801ca2208d942ddf60105dd39c5 |
| SHA1 | 66ecabb7c056d40908090e9f280329f56d3455c4 |
| SHA256 | bcff00c6d52e64cdc0140a7e319d897f65c30254738f1db36c8b29c683f79c4b |
| SHA512 | 9862694d20b2843df0ed595463b675826cb1ffe4a0ed4d0fa0e64ee0afa861b22b211bb84a15ad3312f4081f120be174da66fbf371773b2174abcf7bd7202358 |
memory/2104-549-0x0000000000130000-0x0000000000163000-memory.dmp
memory/2284-551-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2104-550-0x0000000000130000-0x0000000000163000-memory.dmp
memory/2716-560-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RKYYsQUM.bat
| MD5 | 985f48754bf050b4c6a00638a9dfed2e |
| SHA1 | 80e249b50e1525c41896aff7f5d26cf214727d44 |
| SHA256 | 05da3bdd1dd89240e46a5784aac22d1e8e39b314613cdf7cdc44ce2d731d3caf |
| SHA512 | 71734b88f159606df2aaee08912546b5e8d646b9cb5e808f68f44310b603e5facf1e8841c6ac3605ada16aa0bea1d6c15fe1ddcfd20d951180d5b5052cdcf72f |
memory/2640-571-0x00000000002E0000-0x0000000000313000-memory.dmp
memory/2640-570-0x00000000002E0000-0x0000000000313000-memory.dmp
memory/2284-580-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PEwkMwYY.bat
| MD5 | 95e243b3464f8015ae49d3ebf1480287 |
| SHA1 | 2350bf41404023669e840f0aedeff5616d4ebe91 |
| SHA256 | 95f557a32abcd5a39c2cab38b79cfeff4d83d9781c2fdc49187784dbaa5ab385 |
| SHA512 | 89d004fd583b8c9406902b1cb78f63dc497c77d9dc9080ae792acb502e3b1c9f6e778e33c1d6d8d16650969b2b9dacd6d67218e70c9fa5cfc6139d0946443107 |
memory/1504-590-0x0000000002260000-0x0000000002293000-memory.dmp
memory/1320-591-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2580-600-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\UIMcoMcA.bat
| MD5 | f5a867e23d3dfa3683c5c7f08e1498d7 |
| SHA1 | 8f187e1294971f67257a128b1f3f6782fa5be4c7 |
| SHA256 | 28eac1e1c4897d9bfa9cd27af8ddcfff62d218bd9ca9af4a405c9fbe0ebc2ce7 |
| SHA512 | 81cf017262d4405165e82cc976d9e54031e97d91f4dfdb4eae3a015ec3f5bb146a24216805782badf036c0b0012efdf7c63bca7e949ff853d0844582552c8400 |
memory/536-612-0x0000000000400000-0x0000000000433000-memory.dmp
memory/916-611-0x00000000001E0000-0x0000000000213000-memory.dmp
memory/916-610-0x00000000001E0000-0x0000000000213000-memory.dmp
memory/1320-621-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WYcQQAsw.bat
| MD5 | 3b7647a9c518f60d5a7956af45b7c994 |
| SHA1 | 000b6ca785d416f8ab00696289e779dda841cefe |
| SHA256 | 2173890bf43eca04ab9a7207ec66585a81c6a1da6a0d8346fad593ec9809363c |
| SHA512 | da058cbd610da96d7d06725ace3f176dbbe8b0d5b4f8512e29440fd6c464dfb2106cb9b87e77714877352b8fb7acaa19fde2c139de7050624a054ea0e9526b19 |
memory/1580-632-0x0000000000300000-0x0000000000333000-memory.dmp
memory/536-641-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MioYsYEE.bat
| MD5 | 86ba6fe0473eb7b728872d0546b6a4b4 |
| SHA1 | 1ec0fe8bc1a482acf07c68501d107d2751b5e61c |
| SHA256 | 89c33abb836165f270046fa514ca45af692ecc64ae0dfdc4b0522da6515f2714 |
| SHA512 | ad622918187fb8146ac929ef1bd0433b776619923248967e130336c23f75f55598ad2a1f81074b46bb2b985f9b3ecdf4181b0e8f14256c2a865926d33ad5ba4a |
memory/616-655-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2724-654-0x0000000000170000-0x00000000001A3000-memory.dmp
memory/936-653-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2724-652-0x0000000000170000-0x00000000001A3000-memory.dmp
memory/964-664-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\SmcgEgcQ.bat
| MD5 | dd1a5a077aa9e79d43be406000963052 |
| SHA1 | 994b476a8cef4c3011cd3425e56188c7a4b3a83d |
| SHA256 | b8d2eecce68185dcef7409df039b514f6919879f746a24b70a4f299928eac788 |
| SHA512 | 988cf408267d393c282f98a2ade0434d9c01b464ef2b3f9f55abf0e88d14540cc5fcb056a7937941f1da6987ac00cafa19deaae65869de7643d115db62d6a041 |
memory/2692-674-0x0000000002230000-0x0000000002263000-memory.dmp
memory/616-683-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RmwUEsIU.bat
| MD5 | 10fe95a800ab102a09a8321fae33797d |
| SHA1 | 9885ef1b119cbc6e21f27f122218448aa2b4c745 |
| SHA256 | 898fe408cf55948c349ee6ec18313f373c08c72d608e5a4adc0198b8a8334f3c |
| SHA512 | 240670a677e82e23247fedde82540ba90e06b0b4e8e6e2a7321ba8de7f4e411da88ff37d2cc9e64636ce12952ad088dd005717f000225111ec68817d81b75aec |
memory/1512-693-0x0000000000400000-0x000000000042E000-memory.dmp
memory/1664-694-0x00000000002A0000-0x00000000002D3000-memory.dmp
memory/2568-695-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2600-704-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\pmAMIQgU.bat
| MD5 | 7e8e6f7cb79d1265e47517eaca56ede3 |
| SHA1 | 93fc6ebc270b00ea907fbf2bccd877f16a157ce0 |
| SHA256 | 3ef5b441acaf90318b930837ec50104523ce9c9b378980c940b315323370700a |
| SHA512 | db6434a6f7997db4e22bef7a1015334046f3c70bd10dd6eb1b534491bd611f35631ae8f2ee35c39b1286b364239d9e8df891c04b5519aa58d161455e275b769c |
memory/1892-716-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1864-715-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2568-725-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\UsIS.exe
| MD5 | 6a7836ab49143abf956a32bcccf4b8b9 |
| SHA1 | 52cde0d54fd81a2c9f6f65a26abb98adfa2a87d0 |
| SHA256 | 3c2c3afc94eaf4ebe4178b0822f695ab33fd8074c9825c40cd4e39e2818f0bbd |
| SHA512 | 4da545abbd796f4ab1f4d086277c27aebaa60514345378cc8fae95a305f1cbfafb438d35529a3e2360103f36ae3bb73d61bbf4918f8d33330ef55023e65f1820 |
C:\Users\Admin\AppData\Local\Temp\tqcYkUUc.bat
| MD5 | 4eb76cbaef5510a7b34972e7a12f2587 |
| SHA1 | a564602ef7c0d2d5c5ca06839a9367874b8deebe |
| SHA256 | 0a4e8b46a9ff8e7ac72faad1e6b7bf2c79493681c631cb6d338f8e2451503c78 |
| SHA512 | c256186329fbd582d95f772ea960ff48e41a15325ec481c938b5c3e9552f6572bdc081f47d071c07ba2a1088d5fb1e0d1265b18cd648959df0d80c2206d3e8fe |
memory/1984-751-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3064-750-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1892-760-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\hWMUkgEw.bat
| MD5 | b4874c664c4ad65e2b910ed1bd4ba986 |
| SHA1 | 161cf5375b2d6ec29c5616a4414b9a1b8d9fca49 |
| SHA256 | 1b9687b0069680a45ec4aea1c3e1667e93e8c695f91d46dabc3883c288d5ea43 |
| SHA512 | ac4417afa602ae58162df29018968d0b64c414c636a8a5cfb7d7138e369e8deae993bd7f6e35ed36206377ec2491a6f0d1968e715a025d76daf87f1cf43166ef |
memory/2068-770-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tqkcMsoA.bat
| MD5 | f2b8b0c2c64358436285aa9893f04617 |
| SHA1 | d858da513409dc2f873ea29a8a68c7aa1e746197 |
| SHA256 | c3051ce74b1f3517deacc881b98af060c7583b0fcf45aab5ed1c9f49f4f362ee |
| SHA512 | 98ca7a13490ecc62a307b0320dc5600e661da9e98d61cce80ba623362bdee18b1f0621a79d60a0362a903508570e9fd715f3769c6ec419b8ef273463fc28bbea |
C:\Users\Admin\AppData\Local\Temp\GsEIAcMQ.bat
| MD5 | 866c8ae2018373770d92c8b36e078cee |
| SHA1 | 7c124a5ec7d027f75c5f95f27050d660ff73c16e |
| SHA256 | 44af86fca59ea0ca409d9308af475c4f8dc36e0b3dd6acb80e043b00affd4dda |
| SHA512 | 133e2fbf0fa69a6be9fdf370861cef2164bf32dc65569daf0ae2f163bc2b7af07000dab03b52bdbdee747090652265668467422458b719274fa1b7f2ea54dfa4 |
C:\Users\Admin\AppData\Local\Temp\wIwwUcAw.bat
| MD5 | fe6a7915998637118b9e58b390bf7b91 |
| SHA1 | 04c6770d4f9d60756f2a573476b958b053d08453 |
| SHA256 | 3294c06641ec0608c07918421c0edc94c482b040b4e0237105cd572886543e10 |
| SHA512 | 7c62ac1404cc36742322ccd1a0ea9490519636c3e206b12faea629507d1a6c527e5bea6d9da0b87374657ced4ebf4c247206ea24fcdcb327caa50d1b37ee6b9a |
C:\Users\Admin\AppData\Local\Temp\gWEMkYoo.bat
| MD5 | 82d8a89da99161117d3263a98179505e |
| SHA1 | 5a7bd47970c5af79c5b6ceeaf0b8d153b89ad538 |
| SHA256 | 0466ed38a17b22ab4674cb7831ef688bc506d9bdad5937f4598d13322cb50308 |
| SHA512 | 8cd1a65678c00d2fd0cb4b2105767b77501e5ed6847efb7fddfe1b3d784a377efedfcb5332be5c53b7c7ef6a07e4b331aff8da7bfc0d0548f64062872ae0c9a6 |
C:\Users\Admin\AppData\Local\Temp\KGsIIAwc.bat
| MD5 | 94a99d10e65676ea99dfb727122e4e94 |
| SHA1 | 36d2985ea0b936ccbd81acda86ded171f74b00f8 |
| SHA256 | 579f4d4404332a2159ec53824cf8ec4b91474a4e0a87592cfd1625fde1de457d |
| SHA512 | 1d6bda4360c637945017e1b53aa42e62daf9edb5c9fb67d784d9ef52e664bc9aef9ad6d5c3d8bbfaa56da2979d5c8e23c9a4059a4ab2709aea99e6c0d7ebb513 |
C:\Users\Admin\AppData\Local\Temp\XqEgQoYQ.bat
| MD5 | 7eb98c4c497ab512d7c9941a3f7fbce2 |
| SHA1 | 3dacd6d392cb30ef6a13a415c619c0148e6edfb5 |
| SHA256 | d3585815105aafafc3b4ddfe997c8cba39883a683109fba963bf2d0c5a6bad76 |
| SHA512 | 18faeb06fe7c796bf4f76c78a7d4e4ed4d03e46226ba56591fce9e8f3fdaedd0255f60e9009b3d52b0b65b1b503138e406522ea76bdea5ccf43b7c4b55f1e4ec |
C:\Users\Admin\AppData\Local\Temp\vOEAEkcs.bat
| MD5 | 5f78d648f05fb3f0d5f5fe351daf0e38 |
| SHA1 | 5ebf005bd0f8d11209c63844dc70c0df90c3523d |
| SHA256 | dbccc169645daadf47674acab6e4e88007d46b0acc4bf1b78c2724eca52d0235 |
| SHA512 | 281cda3815b391514b6d339851f36c2673184a7eaf6c4dea3690bfdc06f2715971f150bc2dcb2472daada4f55cc339f58e75538b5c0f5f45f9ed7554f3048fb4 |
C:\Users\Admin\AppData\Local\Temp\TmUUgggc.bat
| MD5 | cb76d377c73c7883a5eab8814366fecf |
| SHA1 | da8a1aa152ef35d577134eb7bd5bb38ca4152fe2 |
| SHA256 | 6c03b9b4ab81434d2b365e2c4d651d825f925649f3a9f347c64cfd2fd474973f |
| SHA512 | 15a195ee140fe851684797508e12feb97ab76288082e5d069ea4cc84f625e582af66d11ce41e664fa763e9dc089c3f6c9e4164c14204c856c8050a0034c7df51 |
C:\Users\Admin\AppData\Local\Temp\dAYAEkUc.bat
| MD5 | 9b7cb39be251b998e90d5c9fc9886fb8 |
| SHA1 | a9e7db04a53fb5f66844a9ab879648d7d8568317 |
| SHA256 | 47b1ce557a5a0c26c665766dfe0a0b015094711f9aab9694a3553b9dd3485709 |
| SHA512 | c05db338be7b65b9c58eb65f19a80c9c4b84388e716943c073fc509c47797bd33f0de15408195b2be95a2f11114a498430578e9e4130e1862624aee6d4db4d3f |
C:\Users\Admin\AppData\Local\Temp\XoEcUYgc.bat
| MD5 | e703cc107dce933c25dffb277b4a8195 |
| SHA1 | 97f91e294cec5c525d767184d99e55e2269c6548 |
| SHA256 | 5b448812780681ea84bdb95e476b608b2c5c657c9c63c327d5af1611fcda784a |
| SHA512 | 5a556c46dc7f5b6acec9c630302ad8f426efa979c63f98ffdb8542383089327f637933c468ce4fa9e3a0d405060a8f44aa61218b4e72fc3c43d7b1a34442782b |
C:\Users\Admin\AppData\Local\Temp\UKAIAAIU.bat
| MD5 | f6bd9c6e91a452ae49858f25aa355d49 |
| SHA1 | ccf3403e15c644890a22de1c24da7b0377c39d32 |
| SHA256 | 70fec5e2a3af250052f55e2b58cab72ca8a3e1de02e091e6343c2a7fc8f256d9 |
| SHA512 | 134654f1de073d23b04cda12f6ab87744cb96bac2687c036fc50af4cb9d9df0a457970cc79b56e2028527dfc38a28f4f5f19bb98f939e88cfd075ae0a9666a65 |
C:\Users\Admin\AppData\Local\Temp\sMIkEQsw.bat
| MD5 | 602d22606a8e4c4db7feac5e40e88071 |
| SHA1 | 62e38ea998aed07b13f0a2248daf75e731dcc873 |
| SHA256 | 6877243fcb1bec6cf2e4d0cb1f6a4eff67fb214b33bd2639c4e5f70f4be70b31 |
| SHA512 | 8ee363d213ad1290793df6ca5474856e230356a2cfeba4ba30a302f08c6cc5939f01d2fe4ecb712cc9fdb3246993125c0958e89343ac1638264693782b8af9cf |
C:\Users\Admin\AppData\Local\Temp\ocgYoIwE.bat
| MD5 | 2fa4c7907d73173a9e77afec4f75e4b3 |
| SHA1 | 2698306104bed5626db5d62c698947dacb7d6bbe |
| SHA256 | 8924cd24110d861cbdf4830bf5215afac0a03e357eab726a666992d4f71cec05 |
| SHA512 | a75b35f14975fc9e52745ceea28ed71de5b51aa2f7946d82814035862fa667829faac12af226d418f0e3593b8f229b911b1737393408a7672f699e714ea113d6 |
C:\Users\Admin\AppData\Local\Temp\kOMccAAA.bat
| MD5 | 7b84072fbda90e924d2802ac0a099b22 |
| SHA1 | a5c16bdb2f07c312a6ec80a2f6c05b6728c8138a |
| SHA256 | 856288a1b046e76c25b13abb0b2bb813f5eb945563570b0a41d54474c4be63e8 |
| SHA512 | bc889359e6ec0e91e2e9f5ed661fc45abeeaba5281d08f25302c446cfdae072434e9c9cbe0aa372dba4174f7f0b72596a201063b2c79f0380a92a913e36fc52b |
C:\Users\Admin\AppData\Local\Temp\xScEgYkk.bat
| MD5 | 83c7294a90df8e7ba910ad6bad01068a |
| SHA1 | 1e63f90691ba45c25f4d0e9b70d38661bbf740b3 |
| SHA256 | 364f7363fff1fe4500f1781c3e27cfd6453f49b8c87882a716b5c000048dc511 |
| SHA512 | 53dac6d6e56e8898c924fc6aa2b801a35550888666e6ef9fad8f96c9cdf8bbb7682a408cab5b9c5c418195f2c262a84621cde6110b8fa62e911d9e4121d9023d |
C:\Users\Admin\AppData\Local\Temp\bcUoMoMU.bat
| MD5 | f0c0c463ea858bb122966658add0bbbc |
| SHA1 | 0e199bc9d09c27ea8fe95ee84ea29dcda1477936 |
| SHA256 | b3d2880b0c10f5ecc79170c1de5613e0e3518ae8f26c8a253f0f6e56329d5e00 |
| SHA512 | 770db910b26f3c3cfbd263390982ef9abbd6818dd30c87f469ffc225f72a3ab4bbebf5552a65084ee7ae76c4fc0cc97ee1ae293e432a3270cd0787087b1e6d4e |
C:\Users\Admin\AppData\Local\Temp\ZIgMAYUM.bat
| MD5 | 09bf2f7536e86179aa24503a0ad0a0bf |
| SHA1 | 5e6c99d945481ed268fd749911aa8444f94ae271 |
| SHA256 | 4022c9e05719b67dceaaa58ef2258dac43852cb452183f26ce552f15b88d4d7a |
| SHA512 | 79fa44d51cc0ca661eb9cc72a021adecae29ebdba3f67e2bfac1ae7e5e4af8d846be9919f4e1c7c73a5b0c6b453fadabf20221cf92f95bf08b78e1f81731bb66 |
C:\Users\Admin\AppData\Local\Temp\VGEsIgAU.bat
| MD5 | d08b396eafc29f163911159294c1c098 |
| SHA1 | eaa39ce69549ebe9beec7afa8070f84139300ce2 |
| SHA256 | 3acfda94c25b6476dd0d5367ec5a1606eed78035a889e67846d8c81a8e0ca6bb |
| SHA512 | 13bddb1c7ca20b127f635c8e6bd1c8d8b74061d3f05498afb3495d71b0f1460b239231285da076ad54ebb9e293034981e707c03c2e7f702fae6aa11ada8ef6ba |
C:\Users\Admin\AppData\Local\Temp\YAAkcsgg.bat
| MD5 | 6810af9f44145ec071b34d22b1976cba |
| SHA1 | e44f86f6953ec1d7896543286f59a57591ba370a |
| SHA256 | 3e2876484b0c4b024964081d5601971deb4d49a98d084e8517059e3e03035917 |
| SHA512 | 2743a1ad847668fcfe02587f09bf4c01f0e45d2918e66f4158233dcd97d108f1f5e41178f311e668bbc7eb8370552988d849131a4588d889fc8d079da381273c |
C:\Users\Admin\AppData\Local\Temp\gYIwggIw.bat
| MD5 | bf2477dcd8ff52eff492fc4e0eed3558 |
| SHA1 | 69e262cd963db5bd1f496d3d7733e0186190f35e |
| SHA256 | 7ae59730bfb6217a34681a8f0cd9e09ca7b997b7ac7aa7b7a345d241b245b391 |
| SHA512 | 2780a711b2289625307b3cbfc81f07c8191e6e5a74626f79468edb2ea00a597a86a78b3042ab59ad79d1aac6568cf5643c253b7dfe8071ce12554ee7e0bcdb05 |
C:\Users\Admin\AppData\Local\Temp\gcgEgQwk.bat
| MD5 | 22a8f42f1f30cbbeb5c820df9f23dd60 |
| SHA1 | 0d4813359cd7dd5a49cc7e587db782f78547aeea |
| SHA256 | a930844eb2027975566fccd568d76f9243fa2a4085a84a2554241bdf0439cbf5 |
| SHA512 | bb0fbf153cf57dd9693f875ed2dde1099bc0338f2cdf7c9c523760bad95a18f66081186f9f1d3e45fbbf1c2d8aa446fc37ad6d6897872437d654afe88d57780c |
C:\Users\Admin\AppData\Local\Temp\icQC.exe
| MD5 | 3d25007ebd0d3a4485629cd75e461921 |
| SHA1 | 08c60d46247f8d4cef684393486915f0035b1bac |
| SHA256 | 288052f62711e51aaf4b717eb2dc313dc883923b4a37ed51568e28ba94d4a6c9 |
| SHA512 | d7196f59b5d13e0197424eeafa0a2fbd47a20bd8dfaa084c3d56c32e7fd0cc8c62890f12faf3fdb6a19884d999b4f085ad76844d64fa815749b340c83898c7e7 |
C:\Users\Admin\AppData\Local\Temp\mIIA.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
C:\Users\Admin\AppData\Local\Temp\yIwC.exe
| MD5 | 8003ccc9040066163a91523996a32579 |
| SHA1 | b2626c5d39baa706341dacd44c87e6efbfeb4386 |
| SHA256 | 3019afc47b5da9a4794e0d87caba7b2d90c26bf815c4257a6da3cddc1a374bad |
| SHA512 | d0bef67c8ceebf9b283ea7433a89a2b443fb02a90857f3258be55620b3bd8e3a5e4586a8134452d88f9258bf019d08c0fa3a56a92470909e4b4187c3b045a953 |
C:\Users\Admin\AppData\Local\Temp\UQkY.exe
| MD5 | 45c70d869b3d6ef83ce73370bb7dc161 |
| SHA1 | 674c50517948afa8c9f95efac51515c1316fc4a1 |
| SHA256 | 12648ffccfe7ca18043d35cfe03e418f1ff34fd3efa2bea5c01df566d8ca60fb |
| SHA512 | 3c531b5c2336a70c0e89340a163fe7f0cb88b50112f2514bddfc36eaa0c649fe2f60604438532555cb573a5325f3a683f791c3a4100331a3c20492f8673aef12 |
C:\Users\Admin\AppData\Local\Temp\AsokMYYk.bat
| MD5 | dff50a59e14c8e85d319babb0bf23e0f |
| SHA1 | a3da1ce7dbe7b62e52043b599fb201c840298904 |
| SHA256 | 7eb6f8cc8d79a52b5126641a5b6be39578964c13ff70ac2f237c235c158a0cff |
| SHA512 | a9d03291e5a9274835741881cc6a2149d4fa90aac81d6bf9f41f371e757350a94f4f66a4d95067d27dcf3385c496a6c3856d8707fe7e052366fa89068ba4d786 |
C:\Users\Admin\AppData\Local\Temp\msYO.exe
| MD5 | 8881af5cc3e36a2a3f090c547eeb773f |
| SHA1 | 9377d875a6e0b31aaf47944882c6f95114470318 |
| SHA256 | 980233fbaaf6aeef6974ce1e795ffdae09a8cd8c3fddb1dd3e19e652a971312c |
| SHA512 | c219d30661e5676f95cf4ce94eea85b2b397b524ca2c6534779ad5460d5bdf38636318271511d249e7eb9516728e1fe9fbb00e6e510a088ac011a475a35fef9c |
C:\Users\Admin\AppData\Local\Temp\mAAAccUw.bat
| MD5 | aaab95028d8b38ea0f3748cb66aeb523 |
| SHA1 | 5ae2a4097456997fe53c06965e90e17e188c22e7 |
| SHA256 | eb37366b934266163c9fa93eef7057a12822b67312b3569a8a91201dcec36277 |
| SHA512 | 18697b10868d8d262f208ae7314115cc3cdd9a9d119e7be2ef9b6c4bc228e16631b4385a4045fe00a23c9592b9b474107589234e4a1860ae3bb5c5dade7d17f0 |
C:\Users\Admin\AppData\Local\Temp\UYok.exe
| MD5 | 8c73dc546610568b05821815b3ee9c28 |
| SHA1 | 80b46cb6767a600cbb244929028b423951ded840 |
| SHA256 | a9464d50c841ccdd9470da7fe37a186beeba57a053eba35cb7864e6aea456231 |
| SHA512 | ca7d2cf27c825eb0cfbe5f9fd41097064662a2769aa049558e5a713431b762fd4121f7ca69e30a836c7596967e146df1190e1cecaee97e813070fb752ce30fdc |
C:\Users\Admin\AppData\Local\Temp\QoMg.exe
| MD5 | 11d3f4bc90750c7fd3bb82cd0a26498b |
| SHA1 | 3b60460bccb0e25f949bd64490e3a19748a95e31 |
| SHA256 | 71e566c3c93629eeb7582435726201f5102afd7ec9fccbd6c29e7802a873b24a |
| SHA512 | 985cd77a4d548ba6a48c25cd9b81ef383777dc83082ac80deaf889997a29e7a2191e123edd37a169eb7d1d4401727db1dce5353787453798150ab2529d451ac3 |
C:\Users\Admin\AppData\Local\Temp\KIoO.exe
| MD5 | 8228a6248e4ea81d80166fdb15ec84cf |
| SHA1 | 094ef6e13fb29028f53e00d497941072aae64d97 |
| SHA256 | 913fb4f66f27639ce7289b6c59cfe38253b775c941d0ca2b10befa1dd4d1c6d9 |
| SHA512 | 4268a878ec49f0053a3f6db8806960748c9e27dde25dd74a621c73ac6935413adfd6003941b9d890984ec5debbbec1110bf304b5df9743f450a8bd243d71f624 |
C:\Users\Admin\AppData\Local\Temp\qIsU.exe
| MD5 | da31b6ca0a31751a57594450d9b01bc2 |
| SHA1 | b223b6627a7605f24ab74ce79d27335ff3d9568f |
| SHA256 | 92d7e03e942537492344d731d733959b72f74832847ffa5f8f1a670246750e5f |
| SHA512 | 1c8859f8ec3b7480cdd527dbd3b845f98549545a8cb3df8d1a220d64e1316bc9d6be1cfa345c75e3482b72e069520de1268766e21a251e52f38110a0b4143600 |
C:\Users\Admin\AppData\Local\Temp\sUku.exe
| MD5 | 140ed0714a5f484088da6520779bf60e |
| SHA1 | 4c75511c37e68b48cb1029a4ec37f6207f745f98 |
| SHA256 | e713a885ea7469ad982707b1d33a2c96788465b8238f8015a73bc41ec8c21f2d |
| SHA512 | fa91e40a95b74451266dec2a9da415ac9be3efd9c7ad2d28ebbc8b278021b0a8fe8b224a179c2d345dd7931ce7f9b25e3a201a7ee3e392e9568e29ee32223e40 |
C:\Users\Admin\AppData\Local\Temp\UcsQ.exe
| MD5 | ad8e6aa954af61deb00897d21e0c40e5 |
| SHA1 | cea43ae54ec93dda8a901315193c186d5afb4edf |
| SHA256 | 88326b10b0a9f30ea1294b3d999e46c7595e85f77749defa5ec3b074d856fefc |
| SHA512 | fe5282a4098245c4236163d48e13881f3967d91f06d76ce79b32a705b8254360056a356f2b1a478409b5d221b88f1d318f81f9bbd1c100fde25d98d2229e4009 |
C:\Users\Admin\AppData\Local\Temp\qkku.exe
| MD5 | 710275134eabd213bdf6d1abe511098c |
| SHA1 | 98491fa4443800dc14b2f6379a7a6c10eb6bd8e5 |
| SHA256 | 98bab31f7943d18f39470132cff52d8500a6439a50c632d7a11676f4da549efc |
| SHA512 | cd90ae20649d88fd2d082499d0aa6c2e8a0cdf184255516eb055a60ce0238fbd8629aba7dfb771d0ffe8b18efd92dfc039ba0c94a3472278e980dc6918a8741d |
C:\Users\Admin\AppData\Local\Temp\UEwy.exe
| MD5 | 3c7f8ae6e1f5b1707fc4f392d06ad7f9 |
| SHA1 | 515f4ad6756bcd9bdac5264e08de050b5f491be2 |
| SHA256 | 25c655b4c1ab71c6982acb9f2a23114bb639ec3ec33fdea0358d70d1ef7e9f6a |
| SHA512 | 019f732e2e6e32decfac9959becce2e48a92507e9231d23f64f06f32e28426e52477da2d92b53ab9b04ed46f979a05af709c0911ed17daa766984535ce6d2d70 |
C:\Users\Admin\AppData\Local\Temp\XSoIAcwQ.bat
| MD5 | 2ab5b2c6f57f90065e51e360c5928ccd |
| SHA1 | 22cb516c7e1efed24ea1c616003cdf2b1075c90e |
| SHA256 | e025e12b327b99ed8c44b213aeb05c39207eaae4a3a979838f2a5182416bce76 |
| SHA512 | dbf07e6cdaa697f4812e496ba79eb5ee2750d8f3affc649621019402bf8158a05a7d36232c989988dfc9864bc3eac66aace60f8a7c8b14b059f5e45e2dad67b8 |
C:\Users\Admin\AppData\Local\Temp\iEQI.exe
| MD5 | f372ce6068d802c5294f21e50d84f0b6 |
| SHA1 | 1249c0b9654946386a195ea2fbc08a234029c626 |
| SHA256 | b7be19a3952ea1b5ea4e3c21a94d485f672793638a0a88e7520bdea2bdc5b5f9 |
| SHA512 | 07989e095fdd2ca9143ca3ad84987c9030e5757ad372b7ba8f6d59a70c11a097001299875c3fca06354bf8f377d68cfe522731e28a7d47cb6c7f18956b3271c3 |
C:\Users\Admin\AppData\Local\Temp\cAkK.exe
| MD5 | 4beb9c6bf76ee0d8edf35ac0279d325a |
| SHA1 | 11aa18b2236b6c554360d8912e7b3884c5bce21c |
| SHA256 | 7066aa2b6d5f3a6a8032941d150e0a8f098866b3198470b59442e39bf295012d |
| SHA512 | 36a8722eef9d3742f74464e1280efac1fe07ce8dee0a67f333b96c3b80f3fa521d4c7f9919a3ecece117a61c6d796e282d84c85c963ebcf9f53660df02c9a2f5 |
memory/1996-1464-0x0000000077310000-0x000000007740A000-memory.dmp
memory/1996-1463-0x00000000771F0000-0x000000007730F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\assq.exe
| MD5 | bd04b59e2ced7f7ee3b0b45e5de7b959 |
| SHA1 | 8ad92eb9fb4ed9519a0af0f28da18847efec9a27 |
| SHA256 | 855ca897f80382009c43fecc7d4cbccaaa045cc0a857e38e53d69ad1b5c2e3f7 |
| SHA512 | 6061395a8daf14ba60a2bbe6a510834a8c2a5e35a775e88236776e6b16a8a089846a14dcfa33fb11d96f7bcb0c3b961562897dcb63ce99e699a10ecccbcb21df |
C:\Users\Admin\AppData\Local\Temp\osUm.exe
| MD5 | ddf2db3b374d51ff0e881523046edd73 |
| SHA1 | 9acc5f3467952740cdf30813df5c47658c8fc10d |
| SHA256 | 40d74ce7caca80d25de2660a745bbad368da546a097504b6057eaee895cd6480 |
| SHA512 | 813334717a62c11e0b77e057afdcacea456c5acb8853f29797d369edcc199fc4c5dba97672360b3f24d84c8c8e4352957ffbe4b7e7e5054cf9e61c769f7c4c45 |
C:\Users\Admin\AppData\Local\Temp\BAcEQMwo.bat
| MD5 | 08dc86b6ddb8db4c020ec277f8cbc0ab |
| SHA1 | 9810d066f5c382921a0468157f3ec95753724483 |
| SHA256 | aa162418f694b3eada526483f8b8ca7079abd576748e9d564b4275645252009e |
| SHA512 | 2d7ba00bd2c8b62cf17c5f1df6428250b7a865ac42fe6f1725e37cb7fa482fc2f27336d45144396896bcb8c86668bc5636775b06c2d3aaa7164af06904b3c791 |
C:\Users\Admin\AppData\Local\Temp\QEws.exe
| MD5 | 87abd85b8e35f89c91493b121d1259c6 |
| SHA1 | 3ed4e39229593b37c56573b7127804aca40b1486 |
| SHA256 | 703377eec3747a96897c31dd14c16a2f65a2a6967cb142bb4f738dd7117733e4 |
| SHA512 | 61b770cdc7f5fb70f5001e36f6429a2028181fe23e5185bdae1af3d65eb12dbfc497a92be7522110a69bdbf433603d2a90a84bfe9ce3d3a5d3d9c6d2c102d9d5 |
C:\Users\Admin\AppData\Local\Temp\oIcU.exe
| MD5 | c3989a975c1c0e79a3f930af43e5e50a |
| SHA1 | 3e97b1c513c66a5bc09cb721296b6f9eb9a79d48 |
| SHA256 | 32d481818264f1dd627523051b9fe1cfbdfba55045f9f6a6aa2b6b6b609e75d7 |
| SHA512 | d050ec0efa8b5f7a641865b8b8ab9ae902146fa8604ae12516a25b99c1d9c01be28872f93500a586f85ce5fe1828999917e3863380f59e0986a7071b827336f7 |
C:\Users\Admin\AppData\Local\Temp\SIQu.exe
| MD5 | e17db4e8589be45ee00a5d84f2a2b919 |
| SHA1 | 7566952cd73ba9ee0567643af27ef0a36bc1ae87 |
| SHA256 | f3f5b6ba21a9f5568819d65674171b3bf28ee425dceb3744422b53f3691eec5b |
| SHA512 | 17e4d4a960b87df83a72a120661ff096b501b537023aa08c6c32866306eb4a10064d72bfeffbdb27f390193a15fde7a7d7422247dffa98f3e5a26166067fa247 |
C:\Users\Admin\AppData\Local\Temp\OgMu.exe
| MD5 | b501e5e5b695914be6a5097fc464532c |
| SHA1 | e6594e461be66825a933ae827d5c87406eb66da0 |
| SHA256 | 8404b609b9c0df377ece12ea9e8544d09aebd838b9615dc0811375dd568accb6 |
| SHA512 | 994f62ed63117aec4f5b401bb39708636cfaf219305c4eefc8758e2b5bac7f97daef6b0dd834166682f39f5cb6b599f839be601378d963e70050565532c2ea97 |
C:\Users\Admin\AppData\Local\Temp\yccg.exe
| MD5 | 1d116ad37ce0cfaf250462ee667c18bc |
| SHA1 | 26d8ce7d649e7fd2ea9a05f49db0b98d1b16b3da |
| SHA256 | e422bd6648ea78054b0318dd48aacce8cc8426b8398a1e0167b015156b01b989 |
| SHA512 | 27de4bbe68a77fd8c57a2a944ad05569c7c68d3f4a18c52f7e535ece01fd5c3ab0da1822df27907132ababcd5101d4adf795538d4756270127c370d41e49124a |
C:\Users\Admin\AppData\Local\Temp\WwEA.exe
| MD5 | b5ed533a995f6441d125292e5d6cf32c |
| SHA1 | 2d930d5546ce505f25b7ff8f7946aee39912b329 |
| SHA256 | e89e1b5bd52f0c9e89004abd1399c2938d6fa214b194aaaa58269fc06972d468 |
| SHA512 | 02bb53e116bde60d8626aabd48984d8070483d6a2598a7129fb0903b8157666fd3f2cf4d0a7f8263383abb278d37a916ee61871a3bee157140c2b9510eb6896e |
C:\Users\Admin\AppData\Local\Temp\JgswsIAw.bat
| MD5 | 08ff173f64c7d0234523c7d1be9ba7f5 |
| SHA1 | e4f4dac39182c53935bd192a4cadeef81b1f2ea4 |
| SHA256 | 8a4975c8b26493812e032f43d678ab83ec17d4a5df90c9cdb314488b903b97e3 |
| SHA512 | 3634031d0b7511493097efc8aa763a45c819383459c622943847a880590879463080f812b0b9a72577e6f93afcffeaffe29686813172e911143aa3632c1dd8b1 |
C:\Users\Admin\AppData\Local\Temp\asAC.exe
| MD5 | 84c1e92a004162d6af73e6d5c530a330 |
| SHA1 | 845a27c062b526c23b68f7b90cf0ceac3f5a6a7a |
| SHA256 | 72fb09bf4b670a620090c22aaa1ebf2fe954f843f8b90d645a7309be6d433137 |
| SHA512 | 9e5b0adb24ba975456f134735d36336aaeb2809c3c54bee80a12839f664865d624545960b072791b644614c35dbf56af47132142e5455c0ecc3da8474d9c8671 |
C:\Users\Admin\AppData\Local\Temp\WQEu.exe
| MD5 | 134a1fb941590c7201e682299091049d |
| SHA1 | ebb50902fdf010487926440458e0d7e410aae7a3 |
| SHA256 | 53e2797f9760a4c090665b7e204649f02db652b7d05d67b3343f4effef43af14 |
| SHA512 | 5a2227ea0cdc2a78e8f7c1eaaa2e86a58abebcd79ef1420fc19442aba2b988377b9a9a479d7c43c027f894454d9d26aeec62ecafa5031ebc800be88acfc47f59 |
C:\Users\Admin\AppData\Local\Temp\cooC.exe
| MD5 | 52f6abc6b19cb5d5646168066b8f5d20 |
| SHA1 | 4d2b258eeb6c42524b69d628ad8a75cfca11b09b |
| SHA256 | 6b7d564b576aafbabe361b25538f80dcf9ee6093206474301218409b131cd161 |
| SHA512 | 2e6263557590afeaf879871f103abcae231b987990f5e5b9ae7ccbe94e3cf1b35a4a2379d076f2f2640fe371c6ed12f277019bd060aa961173db792ff0fe0dfa |
C:\Users\Admin\AppData\Local\Temp\MIkO.exe
| MD5 | 2f4cdad83213e790389bf72fc6904e0f |
| SHA1 | ac52a4f85be7a610063d88fc2dd32d1c978a2bff |
| SHA256 | 3e1ccb5d29168faec693287105c699e25baa4bbee4119dd9b77c81791c984dab |
| SHA512 | cfa0b07baba66f4a4de715351780ae35d9026ae9e9723bba6cfd786c26373cbb17a45d3c2d6bf545ff0e80a85381d250277c2a6c5b6c096d051410ab27e04a0f |
C:\Users\Admin\AppData\Local\Temp\eIsI.exe
| MD5 | ee168c6bc8092b7bc9824b01f62b9d7c |
| SHA1 | dd9d1b95e7de0b386a7fc01292cb68104af08451 |
| SHA256 | 6a09a740ee86ad106a3335f8ea485c1457badcb0978f809b2aee4d2b5c7043f7 |
| SHA512 | 7f5332dec47a8c0dc1c820240d3be8951d052a9bf16c956a25859b20c33a6b801d5bb1b08f6fb4fb5cf81400b56fd44cb5edb7f2a302832bac8ab907b52b66d3 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp.exe
| MD5 | 43829b0483c9dc9c3d98238fe1f12909 |
| SHA1 | 297987c80cc096c234a45d52b82686d55295701c |
| SHA256 | 9696385a2db883e8b0d80cbac66951abe0bd4a0e50f09649b8669cd5532871ec |
| SHA512 | d2882e5a8c051b4f84e8276ee03f5329e7a0e00099e34fd2ae864cd5883f3d4d8c99d17888112f92b1ee3e5adffc36f3dc40ddf9d786ce904c3435655028cd32 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp.exe
| MD5 | cc112989f9cdd88ded695dec92088731 |
| SHA1 | b8e82358ca9c6ba99ed2340580eef62ab525678e |
| SHA256 | 3b7de04e266ee7e657ab1e39dc9bbe747db1f38d849b12443751b146db64bf7c |
| SHA512 | 9eef65dffa0a3d090e59abae4394fe9d6f885fce4666ba59e93a0508f30726d6c50a75ab74896d14273a2d51727a39003434f246858b99d4d9df70b19b8476fc |
C:\Users\Admin\AppData\Local\Temp\DIcYwIQQ.bat
| MD5 | 8cd102f9218e2869e3e44bed4b6d114b |
| SHA1 | 114f8c013035065321331f53c47c3623ec73e428 |
| SHA256 | 32be4552df6c65037365b4bdea81fe2007a9ea60e0b34f1bdfac0e8a49820d0d |
| SHA512 | 6be74f040cd569370e4e615e1ffc0b5008a0bf21f7c8dddd7de13ebad56cbdbb19b45f9ad17295384342363b57ec0741a1a13680295073c93916a4104a7a8bf7 |
C:\Users\Admin\AppData\Local\Temp\WIgu.exe
| MD5 | 80488f09c5b3ef6e99da65ffa233fb11 |
| SHA1 | ae76ab506f01f0022a942537879b45a42470639e |
| SHA256 | 541e3e11432368dd306f3e64aace92ef0a422e0e9324bccf4e404696bbb6fd8d |
| SHA512 | b624cadf6fb2f35df8add042bc6f1af3648bd133ff8d486246c7d60ddb4f088680b8e058abb03aa2c62c0e9f0031aa62162802bec9b33e9126ca76af33e5a6ef |
C:\Users\Admin\AppData\Local\Temp\AYYG.exe
| MD5 | 0fb557ca2c47298c08102520980d7750 |
| SHA1 | f926db0e2b7f9db5fbd52ff45eb65a00af208efd |
| SHA256 | 5e8fc64f7e62b961eaf339cfd1696b970f9166b64d06b6d6974de9b3e516a595 |
| SHA512 | 6826f0422d551fcb1e241e297f3e894f71bf7ca24e76ce2b3c6b02cf934e641eeb5800babb76aa7bb01fb3f1121005b14167a8b1d111ac099512b1c8b47a9d0a |
C:\Users\Admin\AppData\Local\Temp\IUEa.exe
| MD5 | 84710b5e038a42ab730d0cad2409ed4a |
| SHA1 | f6b5a18e782bf71e564176cf7e1a7d91c5f645f9 |
| SHA256 | dd84adbf582edcfd43436fcc6fa2f4855388df699e39435d595324990ad80403 |
| SHA512 | f3d67066df0a3548a8a86570f3aadd6e3893ac4261a20be20f07af6eec74e317b43154c691c9bedc951d5621c18ab5c5b8e302f56cb0157df3b28fd039263a4c |
C:\Users\Admin\AppData\Local\Temp\QUAc.exe
| MD5 | 10eb6cfc6c10b1558a4ad4e55b23fb63 |
| SHA1 | b28fb1342ba2e118bfe01abcf22aeebf5a1cf87c |
| SHA256 | 18dc3d3f99e9cc884ec345e9a1fbec6931e77e357c50f3a446b7221c771ab9c7 |
| SHA512 | b74265f2b1aecb79a37d9cb82fa83860ab6481895b04ba5e25dc9fca7eb5f3ef1c39f218d80abda0a90ada83530deb37e82d4e0eca9e7dc5bed0d016c767534e |
C:\Users\Admin\AppData\Local\Temp\ucUS.exe
| MD5 | f35366b7ee6f7b923ff857a3dcceb8cd |
| SHA1 | 4f1c47fbf076b03b2fde1cd3cb614f95e547f3e0 |
| SHA256 | 7e43935e6860be8594f2fa8f8984f36b0eabad02505e7045b29d7850d3e9b774 |
| SHA512 | 338342f3356de89f4e8fa568b7e4dc56944ad75920170c473bb4886835be4fead620b4f6802d9bd3e6452d93dd6448173c3e33188d9dc2c61ed06fae1fb4a505 |
C:\Users\Admin\AppData\Local\Temp\HuQUwswU.bat
| MD5 | 5a7833b2d3d15de33cdc112418cae261 |
| SHA1 | d272d51d0811a5b52bc72fa4d44bcd3c63fb6bab |
| SHA256 | eec4e1fff81ef2962bc01e9e2747b11a3a03ecdbfd8b2116c6686b7fd553b99b |
| SHA512 | 7fd66bb3a841ba4aa059d605e90e1959a936798b9775a8073f23f00c5992aad9a31a786fb1dd7528be597f5f56964b502311c54fbdcd92ce86033eff17875ade |
C:\Users\Admin\AppData\Local\Temp\ysQw.exe
| MD5 | 599b997c3b4ce7d16edcfd90e1100e53 |
| SHA1 | 7dbefe6d1ebec282364702f6b58cb0e3810e60e6 |
| SHA256 | 86a6fdc8cd8a1280b7d3d24aee4aa9409f829e5c8807f9ab5b65a48cebc4f172 |
| SHA512 | e60575e77973d09bac3a411c0b321767050ae95786a25432788a2aee8e60b5c97aa5d0a36d459d9385106f3e80fd33bfb14d6d0799e4147abc77f81e11e16bb3 |
C:\Users\Admin\AppData\Local\Temp\gYIK.exe
| MD5 | a6eb9a983128e16c5ce49819315c5aa7 |
| SHA1 | 2c8832a1f620189c1b868b30e9cc01a771f4c2d3 |
| SHA256 | 69ecb2b71b9120ca0091070acea071e7a9c573085c7182e794f2840da711ca03 |
| SHA512 | 594b8cadcf2b086570e4e2904e8cfadf84b41e7e64b96bd521b283151576a7ac93dfb0b83bc3173654c6924c18f1681bfb6fbf157b7e9f9e86096f28085c67bc |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp.exe
| MD5 | 8b6b2b2538d3b6fd6816f05a4ceedb49 |
| SHA1 | 7e6648dc32d384bc6be5fdb57fe08524c1c2d93d |
| SHA256 | 1f3e4b3e61257bf68c82221d5f51870d506e9f9f6ccba2d35696faa149fafe63 |
| SHA512 | fef86427b9bf9e791a36ee8e6e379574f56c95919b53d21b0c9b5d6f17979946887b39e947b15b5c1507ba38f10e32f3f716ee046a0a8c7ca843b9b652352a55 |
C:\Users\Admin\AppData\Local\Temp\qUke.exe
| MD5 | 8ae18fe9e69a5036157576cfbc4bd07f |
| SHA1 | 882b7a936853792e78245ad900c9d47233eca7e4 |
| SHA256 | e0bf8847256a77a61eed41d864179af5f1947ecaa912d38452f0f018b4070cf6 |
| SHA512 | 3a509da4e27a5aa24108edda4527deb75069fde90c12ccd1a96555bd110b71a76ccb1ea039c7aebf236bf2be4de034e0714ff48062c668f0dd9ee29ae7f14c03 |
C:\Users\Admin\AppData\Local\Temp\sgwq.exe
| MD5 | cb95abedfd8724293019fe3fffbfda10 |
| SHA1 | 53e2c8864072067331d454b4a13e33659c433716 |
| SHA256 | 3edf489673a2d860c48fd213ebaf572ca4a6a590be7d93ab899dc178874678fe |
| SHA512 | 0b545c72fb901582a0773e610f39ae382a159ee839f47177cfbba0487326a0e596b064d4b6320ab545f4b037c257df3b16dd91cde83e04319557de44c473efb9 |
C:\Users\Admin\AppData\Local\Temp\gEYo.exe
| MD5 | 4d2f411f4d848b1e537fd257e2e45bd1 |
| SHA1 | edb8c847be1657e574205925d04df304a3505a92 |
| SHA256 | 08be96ad196365792c223fa933d97e8b78b48b7a9dc31c93898324b067ff20e6 |
| SHA512 | b62f73609ffd0ce4a98f7869bd0a274a4f8715e0d92a9c16dc63214331131d790be2aa6849435973d9858afe2293517c665a6d3f9c5625c75477759d2ac4e1ef |
C:\Users\Admin\AppData\Local\Temp\Osou.exe
| MD5 | fce86edf5b0bb649f66ee4f4130a42ba |
| SHA1 | ef8cdf49a4c302fa72ebff6af924fa6c3619aea1 |
| SHA256 | e23f25497061bec56645e76796845f38d8422fec982b4f60d494ef725980d592 |
| SHA512 | e0bfe951827b08c850fb1a650279cb5cb5ee86dae2d1de285e9f85b46b2b5adda2e68b4b3be6134bb55486406eb3156d43b5fd9f2c44b122a6d0ea8f7ef0cbd8 |
C:\Users\Admin\AppData\Local\Temp\wcMswIwo.bat
| MD5 | 50d6897384f4dc5c74d50347c482da34 |
| SHA1 | ca2b524ab00768d09ab03bdbc855b08e95a90c99 |
| SHA256 | 20373e48cc6b4c03dac46f6263b2ab266a46e652f35df09e991ef93ce0628290 |
| SHA512 | 5c7ee6d393277564409f67d735bf83d82574893ce25139473b0c31e2718f15429ed2fb07d216d84a135c6df91d15c80af5a914219c49e15c74d08e13a18a35c5 |
C:\Users\Admin\AppData\Local\Temp\WUkS.exe
| MD5 | 0c9ca593624ccc85393d7cd2ee42c59c |
| SHA1 | 7706f586bafd2e664b8aa4146847674702a44944 |
| SHA256 | ba03dd21bb5077bcce540db6a444850b522905cdb7ef0563525ab952b53776df |
| SHA512 | 289b62dd95f5426d2d212fc3b7c23494ec93dea08472ed3da847c78954fc2c91fd1ab281a2c327e3ad9474ad3bc400e5416d67d311b0f663d842594a7cc2bdf3 |
C:\Users\Admin\AppData\Local\Temp\Msoy.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\qwkO.exe
| MD5 | f75a51d9704e0c664ae0af128a598792 |
| SHA1 | 97ec5c9dcd9e0cf0a607b7ccb95b86b4f3c2ba23 |
| SHA256 | ee0c134a20c7c06b9ed9fd21cdb93537f31cd9cba184ec0e8f56df95cc95a1b5 |
| SHA512 | ba10daaae4b6cf7b9102691b42d8a157d87be2691727d3dba51461a2ab5229bbd6baa38a35036ad4f64d30e6dd617ff84fa7076f23bb3dc9dcf0c74beb5c7079 |
C:\Users\Admin\AppData\Local\Temp\gcQk.exe
| MD5 | c77011fc57935dc5ece54db4f974fca0 |
| SHA1 | fa1a08f3a587bbe1590df2d9a3cd1d69d70b8068 |
| SHA256 | d03cab7d41003480908042dbbebc9d981b85296c2a1fe9dc7a789fb9aa441f66 |
| SHA512 | d6a2a223b627332d030b538c7dd040ac8827c84f42bdbe82944aad48607ea2abb4c9f2f2b5266ec4e52a49ee2d9ef54639e707fe38611092bb5c238c4a03f54d |
C:\Users\Admin\AppData\Local\Temp\WEwI.exe
| MD5 | aa16a99af33b08397e765c08f1dcfa6f |
| SHA1 | 2df49be12bf5082b8802c14c109cbccce4fc0363 |
| SHA256 | f1276544ea916727cb36c40de25e3c9ebaba214ed3961511acd30f892a4b821c |
| SHA512 | 3660f64411892769b0b6105610cec369eb9475f95d176ee14344c797d50f72d159dd0f5b92373b8236296c2b485a851df8a650e51d75b5644b6dce3402adc813 |
C:\Users\Admin\AppData\Local\Temp\CucYkAQA.bat
| MD5 | 6ac9fd512f6f26dabd46c410f8de8377 |
| SHA1 | 12736634a0eaf88c12a75db84493cabb353a3dee |
| SHA256 | 2f9b2fdc39ec370d7c355496b8ae22722690da1cc7512053e4532a1405cb6958 |
| SHA512 | 0b83142eddd9e772eee0e216f0f58f1f93b69d8b6073a6c8644dcbfbe2e5b1d46f01081d40c7aee82b543d1d31ac47a07a3dfb9a94bc331e3bfe757fd57029df |
C:\Users\Admin\AppData\Local\Temp\WMYK.exe
| MD5 | 0b05c7bb6d361555e770f1e1c6f8156d |
| SHA1 | d0030d7c556f9fe631ce0ce60f547e03bb6c5a74 |
| SHA256 | b6b2a1ae4ee336830c279c271201058955eb4f61def896054c51ba2696a5a65d |
| SHA512 | fefccffdfa4841af06df5016d6496fe078f3989611a6549e5d9dbcb4f9e449939bb75138f3e20af541ac2c6c18ad15221bb5d594a6570e820305a1a9762d1da3 |
C:\Users\Admin\AppData\Local\Temp\USswkYUI.bat
| MD5 | 730524c74b424a5abbcd1a8fbc5fec3e |
| SHA1 | 60a30e2b7f93e7f6419bb84ef6cbf87b46ff31e1 |
| SHA256 | 700ad1e486e2167e1e1f0116570a6c63d26934699c9e8ab4c3d3a4944a9bb0b3 |
| SHA512 | 7440005c5ce7977be22ccf43133746edf42422a8815c00d6d25192f58e77c1097fcad20d15340ccbc360382fa7ef0843bea12b8535705763e91ba1dc15551628 |
C:\Users\Admin\AppData\Local\Temp\kecQIoUo.bat
| MD5 | d996b9d0999bc86f86b23e75b043c96f |
| SHA1 | f2d2d4ac9bc20b3992a0e787d121b18318f2bd56 |
| SHA256 | c0fdbebe9b56c70b7ecb00814761eccca791d93b818df34ae85d11228420df37 |
| SHA512 | e26bc0fe66d46597871edbe6736e2d5c9bd5e4a662119c3c601bb2d5b3bb5df156ef1bfc3c4806b47ee317e4cec544e1d320ea16b72261d4000c20d0d209ac35 |
C:\Users\Admin\AppData\Local\Temp\NEowskEU.bat
| MD5 | 4dc27dbec157ba131954556f49dd3117 |
| SHA1 | 4ddd6c6299265c78132412025d79352b3a287d0c |
| SHA256 | f5a83d8250a46d13eb921218a146d06f1d2edab95cfb3fdfb79d477a8d5a0c20 |
| SHA512 | 766bf9704c342dd653861645f37274590c7f3c52cf2f0cc61f4724a6c9dbf763d05d5bb3ca060a42cc42639d7ffc15dcbcb9f71bc1cc29afb27a2e373c8cbabf |
C:\Users\Admin\AppData\Local\Temp\voIoYAII.bat
| MD5 | 46ea84b747601a73dff67371af1dc363 |
| SHA1 | c94a7309d862a6f08cf26a281999df4dff7cb62e |
| SHA256 | f8b5f53d96819abdde68e4c58eb0c0239a556a805f5247af2aa07c90dcc3a482 |
| SHA512 | ed530257aa8eda6cfdcd00fae6c51f1a6c616b3518639aa3a96c9a1a0543830001f13329544e877153b5b27c539f5612fea14c32b7fe1d9b095ce5d7c70473b8 |
C:\Users\Admin\AppData\Local\Temp\XKAUgIsc.bat
| MD5 | 4516fe646939db2836c94efc7f9a2820 |
| SHA1 | 3594c52f5d500e2835966ae9822a011c38f8aba2 |
| SHA256 | 80909efe5cde4550e9d026b5d56a5c05dd27df16890fec9442bb4b425e1be08c |
| SHA512 | bc35768a26e325c36848f5b8a52fe1688057945f3608e8bcedd2bec2b75573a4fb6d63bb9160dfc6cdfe3e216202efaa55064e8093bd3e74d03403c10a6c68b7 |
C:\Users\Admin\AppData\Local\Temp\rwkAAIok.bat
| MD5 | ad710e37681d3d660600f26648aaebbc |
| SHA1 | 478fdc83640e8b027f64fbb8a1b50cfcb6732d70 |
| SHA256 | 32f2d79cf6577d2df9ca4241e8b74eeb9d5b4abf8ea3c7043f21cf893d077d05 |
| SHA512 | 1a0131e360dbac7ccf298fb2bef8e881ab71d60e29ab3fe71083d981a262600ebac90a35f977c29218be2293ec1a677a365fc98a4ac1b57066ede881e1ae489e |
C:\Users\Admin\AppData\Local\Temp\GOIMAAQM.bat
| MD5 | 0943b267d99ef1c1662d6daccf7f962a |
| SHA1 | c992d46b7f31ce492fbc34e450a0f91b5998f96c |
| SHA256 | 5f0aeed8c9308f9ed5442d0962fe70957a52d4d17fbab9491a39ed38a8c7d553 |
| SHA512 | 01b9fe4532cbd7e48fb14e0f5952609d71181e41e2a1a0ea5dc3ee948e6da26ebf40d714b347b4d998d720f2a3d18d8f9cf70bd27c937072639f3fdd4db4bdfb |
C:\Users\Admin\AppData\Local\Temp\miUwcYkU.bat
| MD5 | 323b7d6839ce121a469c039f4b2cdabe |
| SHA1 | 56b12e3ebc83d4fc95aa23e8fe9eb42ba056a915 |
| SHA256 | fe0ac3e1da9d3abf3f42f0f0ce5c650965bd1de8b69f49f517bde9b50b0c93eb |
| SHA512 | 0e3502cee93d2439fc43b71a8dab1dc77fb5c0839d3e28ae4465319b81062b80cf48703252e49eedd3911205c79e7543846feb1560753119e758211c57b6f43e |
C:\Users\Admin\AppData\Local\Temp\kYYwAcAg.bat
| MD5 | 4185d2e759928d751a5fc49dcc021dac |
| SHA1 | 8cb198a9b071e6c3de8eb3f3160fce4de1acb6c8 |
| SHA256 | 4429c1f994fbc0f19ade29c9a73f4b38b0dd0ff35ea9c62cc94ab6a1400f2fb2 |
| SHA512 | a64116701f6d8a477349c4fda3cdbed4c58847a2502dd4c30140709fb11b473cf4f1fb5c7f6c4ccbef7ce413dd9a6b534e04f5ade3f1f17421752bc20ea3882b |
C:\Users\Admin\AppData\Local\Temp\IkQwAYwg.bat
| MD5 | b2f08c15f84f772ac586d66c9f834240 |
| SHA1 | 2b650508e52f04ddcca86066337e2a6d31b3387c |
| SHA256 | 671e69c03f1df562227f1e7434ef3c641b1ef6f455e61579fc16aa16cff10afe |
| SHA512 | a56e34f22ba7269f6f5f7872590d653309cd1427f55738ca1c2e19891acdbd4c52fc5ea375cce41431c523d00305aab1eb3a6ac6d169b4a773e2cf2b56d69435 |
C:\Users\Admin\AppData\Local\Temp\jyAAoYoA.bat
| MD5 | 99601da94872bdfad2c71bb70393293c |
| SHA1 | 1779f1ad75e034459056646fd285568d8d7cf2d6 |
| SHA256 | 5150958e6dbbf999e063114961321df92e08a905320055d59e6bc9149d341bb9 |
| SHA512 | 187fea2749464523494fcfe874ddb8f65ada5b39135e406e52add4a044d48ea2104e89a0b420525cf12c92f22e5556c9ac86bee4e2c355d0b52867666f5e76b5 |
C:\Users\Admin\AppData\Local\Temp\TogcQQsU.bat
| MD5 | b3cb2bee9297343455eba0bb7e7ec689 |
| SHA1 | feac0c7833f60084d5c5154f06e7158a40b2eca1 |
| SHA256 | 66c9b0e3ad0db49892e16f2ef29064fb8af2c76adb0229c34f69e5e2bba7cfe9 |
| SHA512 | 7ecda37f84df961f80a11af97fefae7883eda73a00ee31285fde631091b2f9910698a68c48cd6ccdc59bdedfe207eef69d117a8da214381f61ba130b89ac5076 |
C:\Users\Admin\AppData\Local\Temp\fkYEEkco.bat
| MD5 | 8bbf360baab782aef520a8e2b3719a8e |
| SHA1 | 94d3d78af9f1fd57d6fff60983b0cc640c094e33 |
| SHA256 | 6a5ae384478d44425b875b11058ea53baddc2ab0a309bf375dd8246a7bfc5b0a |
| SHA512 | 477fa1299d614148c0ff811b4c98adbfc5f6dc78b2c104625180c79ae95b4888cbb0c45fd4e26c0c132cc8cd56eb5101ddce845dc491f80c3b8aac2df2c9067c |
C:\Users\Admin\AppData\Local\Temp\eAUA.exe
| MD5 | 0d3748137cb77760fc98a0be2ffb9679 |
| SHA1 | 8b5809fccc2118610a66dd2c572bbe995cd15fac |
| SHA256 | 4cb970aae244e9aad1473a29cd341685b36582d5bdeceab9b02f8968f97a3635 |
| SHA512 | 58f311371bf421d6360e3378b59bc9d85236a50306eb6d85d02f7d73a821fb930033bf1dacf5bce47806edf320d20fa538bafbb59010ed65a75c916e3a338d1f |
C:\Users\Admin\AppData\Local\Temp\eEoq.exe
| MD5 | 04d066020aaa755d3f57295076fadd37 |
| SHA1 | 34994c4abb21498d12ca20aa815e4c68f22cddcd |
| SHA256 | f692b5af0cb9266346533c31da6c04d7ff8ede41bf526bef622dd78e7b040505 |
| SHA512 | 0d45717527a140df63c1bb1c62c5003dbdf963a5d7e511ac1a41f749fbfe9cc4d325e4c3734b7706ec68a38f55c1861e35e7406f5838460c262b22cf3bb0ce46 |
C:\Users\Admin\AppData\Local\Temp\kssE.exe
| MD5 | 8cc0cc51cfb539dfc3525ceee06a4476 |
| SHA1 | 16019c8263dc008b48cbe179f794a7a0e4292e26 |
| SHA256 | e274a2610be9a3baafcfb2658f362b156d6d92b23065b28acc406b3ebea9f656 |
| SHA512 | e6f3ffe51b4c75248c6cdfef12f748b105ae05c8369352ebf9376ac532f557f06aba6b9b5dc941cca31a78dce4e661e8bddfd3c53d4509fe303c3899f0a22875 |
C:\Users\Admin\AppData\Local\Temp\mkMW.exe
| MD5 | 883716f2a4fa19c3f734777a8d25f91c |
| SHA1 | 216b22531daf380827849bc5b58949b1268df903 |
| SHA256 | 5dc1f6122bf368265290d0fca3c24ee6af562f0a144c3dbc3dac18bf136b33b8 |
| SHA512 | 4c1bf1e4e32787cafb76049150ef61c2efc14c98acc88f5cc408eed498ef29eb289a9836c4059c7802fd9a6c55a1ab0d4b2edf371abc1a8e38c18fab4cbdb7ca |
C:\Users\Admin\AppData\Local\Temp\Qswa.exe
| MD5 | 30f181e10891a142bfc2e08dd802b78b |
| SHA1 | 8e9d36de4806a873ec29323aefad1e363e9d59b9 |
| SHA256 | 325aafe7df9d5996d4ff504738b38d38aa59e1ba5b7261395d6c8005b18b6679 |
| SHA512 | ad371741e39a98e0fc8696e6ee7d28b08dcce9a1914dad976fe8091ef310e97d91941f46b5aaf8c8f4e8589a98e1c78224dc619ca18bc2c80d7293d4430f88e1 |
C:\Users\Admin\AppData\Local\Temp\fwggkMcI.bat
| MD5 | ecf8e3aeef3c5127f8fdc30d0ec42982 |
| SHA1 | c3122a28923755673676770471de32a501d33140 |
| SHA256 | 06079153db68f33b11a7fcba8e7a1f96107f62c0eb38ca5383a4ee14a86d4106 |
| SHA512 | d0fded7fdea58132929d6dec900e237efbde736bfe30edc461f394ad9f03474da538acff87c75a1168f55b002efa33d1802537044db65d4296cfd3ffef7b631a |
C:\Users\Admin\AppData\Local\Temp\owgI.exe
| MD5 | e7077da1e16375f14058aa5d6bd2beda |
| SHA1 | 61c427c624ed6e267b4978826b7cbef38273ec71 |
| SHA256 | 567d3db5937b3ecc87c230127c095a0c4565beb9ab1e55abb6482753f455007d |
| SHA512 | 9b3d913d67ddd1ca5679dc795cc35744c93754b07b41c40d2efd6f74bdae8ad156627125d051b5b1fc5a292ba19cb1244aaafa3e6c15754f18ee358b025280f8 |
C:\Users\Admin\AppData\Local\Temp\IEsS.exe
| MD5 | 8a3d8f0b88fc1e7d9a2c2b51229a1a84 |
| SHA1 | b5d02dcf55c7b2689b7f8489db7083fc8f6af6c3 |
| SHA256 | 0bc167466c118382906ddf251e2336427b9befb657a5a50498af0d8b1d41a23d |
| SHA512 | ce882febe4fc331fd57a0e53aaa298c094ed62df3f515679b676ad07fa298c0a9f824d6043cb564be72a21424775dc32257718b9dbf038303244222abb56bd14 |
C:\Users\Admin\AppData\Local\Temp\AUII.exe
| MD5 | f768f12188f3c11e6d61a36fd9dabeeb |
| SHA1 | 55536608704b740040c554d0d848a20db52f9472 |
| SHA256 | 791b64d7a074e1948910f2a82131b2330e1dd7f3e9a8ac08057f88fa48c8110a |
| SHA512 | fe6f7d31ac30a8addb9c6d976f8306c4ac41e5d447e8de7aeef1310b2c548d986c03eb6c2189cf7eed6d1c653a48a46584ab82162026b10bbb54ceb597c801dd |
C:\Users\Admin\AppData\Local\Temp\Mcgk.exe
| MD5 | c45ef3aa30b6956f336194947eeba60a |
| SHA1 | b56d0137d4b3faa6da1aedaaf36aa82b2ccbd54b |
| SHA256 | abfcc59128026288d132ee22717eeacd8882c959d3ecb13ded63efca07f36b95 |
| SHA512 | 0718aabf0d81449c2df6fe6c68c7bf8104c4fabe3728f81053987eac3d53c4a5786dfa8754e362fdc3e88e2430049111da77556f735dd7a8825029343f5856d6 |
C:\Users\Admin\AppData\Local\Temp\MYYo.exe
| MD5 | 2232aec98e43ac3e42d3302ec85d79f1 |
| SHA1 | 46d41c1d2acf9f7561153b2cad6734f3c80cc899 |
| SHA256 | fa799cf2a1693d6fdf196b08c770b7b233bec1e1e60e0bdbe1afd0fdd8c53a17 |
| SHA512 | d269c01ab13a5c1995df3124a936df738e9404eb9a6b02152bf5b0cb788aba5b33722cd208d224cc0fa413c4fb2e9a31e7173e54b61e5c0612d6a20ee315fcae |
C:\Users\Admin\AppData\Local\Temp\woQK.exe
| MD5 | bbcaf60fccf908785d6a4b186317b3f5 |
| SHA1 | fb24c7d358aed82134296af293ad8f7cb31ae341 |
| SHA256 | 52510bf252d3a7fb24ba97575adb918d61dd58feb82c6af1bdf3773cfedd398c |
| SHA512 | 5ac1a730aad821e2b8fd9958b725d9294f4f109d01ee46b832f185896b5c09942325c441eb5c8fdddd8be960f66d15e6c8214ef0b7a437f8e713395bef156c8d |
C:\Users\Admin\AppData\Local\Temp\DOQMwMgc.bat
| MD5 | 0b4cbeaa13eefed7ca45d846ec77fd3f |
| SHA1 | ec9f954163399d23fdd753d96e547b53429f1097 |
| SHA256 | 7161ed603fb9ebdc080b2df0fb084de694c9f21f23ccf01ec767b646a167abcc |
| SHA512 | 0130aaf6ed36bf48e46cfb775b0601fa27e849c8ff61913a165b05c7b22ee3970219101c682bcd202fed3c67dc240601db6ff36a0e465bbc53852704b7dcd0e5 |
C:\Users\Admin\AppData\Local\Temp\qUom.exe
| MD5 | 962036f3d8b3e73205ed1b626bea2fce |
| SHA1 | 24f222c771657ece273d8cef2e6e9b1328b3f973 |
| SHA256 | 5aba612d046210e1fabab12222de6babf4fe455ead033641faa39d157b6d629d |
| SHA512 | 7d2b3c244af10d16819992c0f7e183f1c3ad2ec216712fa233cf6409af5e5ebc943aa1002cd97ab14b4245986f3b596edf2e39664462c5d42b899432711b9ebb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\96.png.exe
| MD5 | d7d1e96371fbe40e4a6b1c417c0495c5 |
| SHA1 | 7e25b49693afe0d63f71fc0dbab4e6e006c2d2f6 |
| SHA256 | 2d298403a0e49fdb2bf99bd465c113c2f801cc85c979abab5135e9def65452ed |
| SHA512 | 07ded9107da5cba7dcd02d8ce7fd543815f5d0c7ca87a2935603022177eecd959292b7b0b371f65fa82dcadc48010ceb5b33e95930e039b2ce258865d5949233 |
C:\Users\Admin\AppData\Local\Temp\WYwE.exe
| MD5 | 02631764d63a6674ba82fcd7b2d51a1a |
| SHA1 | c9ed85490e72d32027e3445fcf9a8e9131e5e1f8 |
| SHA256 | 0f35ce509d5b63a569aa5ff6fff2aa20e120f54afdd59563460bb7fae11bb982 |
| SHA512 | 898491404777db8409acc8acb2211327d4a7337d677f802eba6f45d9114d32de41fa2de56d07f80cc8efd62ca84dad404175d73024e831b9229af9a6b53b5249 |
C:\Users\Admin\AppData\Local\Temp\GEkk.exe
| MD5 | 6c81353843dbd5658e88db4cc478f96f |
| SHA1 | 28101ece491e2681262ed28d22b478872e02d3ac |
| SHA256 | 1b2b0f7db2e50ae9d77c094d70dafd12ea79c6109b7d6674929877c461f55b82 |
| SHA512 | 169029e7ac9e013ca54570167589ade04715166a34d1757e11b718ebaa1bd377fbea30bde5ba3beab2a73fc070b7c7f29a32cd690d12cb83235db96d3152ec10 |
C:\Users\Admin\AppData\Local\Temp\yuwQcogc.bat
| MD5 | e61ca284a6c4ffc012cf248eb910dcf4 |
| SHA1 | 472f772ef87b0bc58450ddc74dba4d151ac6d883 |
| SHA256 | e3dfadc1c9aa56b061fded5e05e0a2fbd590b1d3a1bb9bdebeb8acfe94a75165 |
| SHA512 | 5636f862a3c79782de03600a48d54b25c1b9fa9af6db15833ab10a9a9a3c2fdf28e0e89b0234e8163357a0335531a4cb4ac519dbc9eca753c633b0271c9aa1af |
C:\Users\Admin\AppData\Local\Temp\MYgU.exe
| MD5 | 67ed8ce520b7fa4d6a744fdf9ac230fb |
| SHA1 | 1861fc940ebdbe204f535df156a68f9c8ae4b8fb |
| SHA256 | d390cb0f23ecc6bcfce8438be28cba6c9817d33d6650c843ead38a11a3d58527 |
| SHA512 | 1d75d6f3029945368c6b81926545061b7bc97d4a6a8783ca68f2eed763c9aa2eecd6fe5df8e4a334866a4015d71b649d3366dba2ba072954c7c91bcbf6efe15d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\128.png.exe
| MD5 | 0f0b35f228959b9745660f25183f8f1c |
| SHA1 | 51d4963e47e7dfc6276727286072e76471f1f484 |
| SHA256 | a293061f7968f5e5ad381c922cd77811c05053aaad86c66cbf5f3792509836e1 |
| SHA512 | 13984f9f068b671e72361c7028e7450396c486c90a1a6c1d5207bc2c81e3ecb148a5fe8d5194cc8cb07bd56a988fba3ec949566f4c4c972fc0f6899c08fa0f3b |
C:\Users\Admin\AppData\Local\Temp\GEAm.exe
| MD5 | c701b7a72733a88ca4777985b0795134 |
| SHA1 | 40cc4ce916d705efa1894ec3bdffc27861745ff2 |
| SHA256 | 48ec45369c914c53b37c9603688050092ce3a76f4b5a4a9e88abf4be57c72135 |
| SHA512 | 1be3cb1f01f25b35753afbdc57f97d1514e51f605364b41fbb728261c0d707c062e6b3fbdf424bed1d105f23e92ae2958c9138de5dae174e5b9d59286b698811 |
C:\Users\Admin\AppData\Local\Temp\UysgwQgI.bat
| MD5 | 0c512ae4bd1fd71d8a7ab719bb3283e3 |
| SHA1 | 7900561f51c228737a8ed57ad19010a8c04e0ba4 |
| SHA256 | 4465997f341cd4001a569b40a65908a2cc9f27b30c5e9f6a994fe6ac91707e88 |
| SHA512 | 0c641da16b09e7ac847bd6d756115fa434d526e6365f57e7ab7a847408c419c1845b3b037a3efd9e97222d06ac20bce8abfbad37def681db48dc6f7f0085ab88 |
C:\Users\Admin\AppData\Local\Temp\sMUA.exe
| MD5 | de5fbd5453692ffd7d2bfdeacca96a4e |
| SHA1 | 43a5717335a541b1b21d3e9e8e9687297d5ef740 |
| SHA256 | 25fd6078690f20b6681a778ca0c932a124dcf8042202abfcea52cb35971ac667 |
| SHA512 | 0454d6b4ff20ad25d9c3be5b7b543ea8f5fc7ddafd483435d73f06ae08bf68847f735ad92bdd7ca76ca3149524a2eba7abc257e27b0eb23ba268aea7570a4508 |
C:\Users\Admin\AppData\Local\Temp\QwoY.exe
| MD5 | 3d76bf204beeaea93bedcfaeda11fc82 |
| SHA1 | 72b232a677276ee63423463e83e71e4555c4e229 |
| SHA256 | ac58605e4929738804254564f831b2d1140d8399ff797fe06aa0bb9ef507f98a |
| SHA512 | 0f43d2f84d096ba9bd618a178901d72fcc6ff1b61c72a0067ccc2be55070e474cdaa1512f24f36f44de46973f799286649fb60cb050f9f15ada122fa3a6b64b4 |
C:\Users\Admin\AppData\Local\Temp\YsgI.exe
| MD5 | 07d429452ceaf1346c52b087b41a66ec |
| SHA1 | e4cf06abc40533ccb0fdd2736e2f65654386d7b9 |
| SHA256 | 82e4385f4b23ab09848e49a90e19cfedfa6e5379c4317411c1b7854f69919f12 |
| SHA512 | 9257c60839b005217ad912d040adb3362c7444413b29c0cc3d225019c8bb3491c88a91d0e5fa5d7cc800574fd78df4bbf474dface131b9e78763adadbacd8eff |
C:\Users\Admin\AppData\Local\Temp\IgQE.exe
| MD5 | a3ec8da6e496bb97d67075aad68a8abb |
| SHA1 | aad45a51ccca02c3aa117c1e6dbedcbc58b6d101 |
| SHA256 | 682b9f40fd401a7a50399b8a22d29b257646830e1aba0af4f42248e50b7d54ad |
| SHA512 | 934161e72f5a55d20604a05f29699c77c55fcebc911c96451aaa003604f658473c22a42ca3523be0180c7d882d86ddc5ae2b56ddd834c83ab934be7f311cddbc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\96.png.exe
| MD5 | b11e75693f8bd598f384d2ece593eb25 |
| SHA1 | 84ced7e4ab917300c583653216e923659e444a94 |
| SHA256 | 809069802354236002a0d644bd1be5b6abb71c481ae477cbd76b5ed67c835f50 |
| SHA512 | 9b72f6624dc8a5f67147fabbd71a50b0ec4913c567179c84da193ca52e38f2a8c26b47565c238afb7078b3ead1068c732b3ab44b192ea8a3730a588651062a15 |
C:\Users\Admin\AppData\Local\Temp\aucQgcog.bat
| MD5 | d2cd33279d10f9aeee9c15559482b5de |
| SHA1 | 4c8203573ccea89117629222e4d9ce08f7347bbe |
| SHA256 | a5a05b9c834dbf4dfae82be755a661a874145a87a3e1486034328ead2c33eacd |
| SHA512 | d771d663ed0a1f6dfb2bd18ff56aa7704c82277803e91cef874a646c4ea234383ac77f4ced18eeec99d29e39e8df0a0e94ffab0487aadef6ad1457cc4c255209 |
C:\Users\Admin\AppData\Local\Temp\oEMu.exe
| MD5 | 27fccda626de1e784d705610180f0c67 |
| SHA1 | 75e641781722145a5d861d23ea5d83702c445e32 |
| SHA256 | ee644cbfa13bde306334e4d8dfe40dc16d63678b05a5d2a12e21b4663f1848d6 |
| SHA512 | 7ff54b89ea8fe7adb64775d9a7de3b195fa7d936512d834c6825225998470d7a65de70401fca8515048ab0fe086aade14f5691d5c88ed3653a821fca18e6a43c |
C:\Users\Admin\AppData\Local\Temp\skAU.exe
| MD5 | cde5990b1249aa5abcd8a10aa6ce74ad |
| SHA1 | b64945ff121063f590b85bfd614db79ef9763df4 |
| SHA256 | 29b0dabbe68e1af916001e093b5a2016517eacaf84b58e5c74f56a4ccde6e0dd |
| SHA512 | 4aec08a4659f858767a36575f20ab18eb8b18e91966b02ce280044df8477287bbc4cbcc7cbd7cf6c626e8948d1e22a93574fa4e2d8a32351ea3a2c14cef4a057 |
C:\Users\Admin\AppData\Local\Temp\CwIUwAkw.bat
| MD5 | f31c7b19d0a38a9e93c9092fa0f4692b |
| SHA1 | 3a62c2333a9a660efbbf8ab1b698496279e4de52 |
| SHA256 | e5199da097c3b6de02c77f35aec4f75a48f4fd689f0c1570bf82c01c9c12722b |
| SHA512 | 7bc942ec9ebdf896a1c0965e09f1aae91c61332a8412dcf598aae4e23ce1b16d61d0795f95f5d05130f4e6e21e1c98b12b02baa1dc13e1c8ea45a5e61d6892d6 |
C:\Users\Admin\AppData\Local\Temp\scgq.exe
| MD5 | 661847fd4a53a1661c85962079c0333c |
| SHA1 | f7157ed09f7b08c36a3442d7de0c9c5954f5dcf5 |
| SHA256 | 6f9d98c8f9bed909216e8cdd853c5fe311170165e34e8297de56384b5218fdaa |
| SHA512 | 6f7d4642ea7088f56a68b76bb5637f563fbf802102f40a017fc3394043d57286100a5ad0824adaf4ca13e9eb219e13a10c369386c6e201e93aed3dfabb306789 |
C:\Users\Admin\AppData\Local\Temp\OgEI.exe
| MD5 | 8976f51fb9bfb7232adb9d7683910495 |
| SHA1 | 3b06d95da770c55a507f09a9fe52777ae492098a |
| SHA256 | be0d395358db3a584755e5d94cbba007503e036bee6227c0d80d41d345057c4b |
| SHA512 | 1ec35599eb60595c235b77c1bb5f54abce9ae3a8378bc8cfb730ad358124d39faec2f16ff05646e4329dae532e919c960b4898d03992f16b40ed88924bdee6a6 |
C:\Users\Admin\AppData\Local\Temp\xaMIMYUw.bat
| MD5 | 5e770e5c6bc16e893b3adb7fb593bf3c |
| SHA1 | 6e61c9e576ca65ea3910d8df3375c851c71d31cf |
| SHA256 | f36ca5e442c7e4998e6e9521ea0cd6cea23f500aa4ec055a248cc0f24d25426c |
| SHA512 | 42c769cb7bd36e524a2fb426362e9196b3d8d34721497cc62baf83e97f173c8572f53b772a0beb779221cc20553f4954a080c9d952a521044a024004bf8219b2 |
C:\Users\Admin\AppData\Local\Temp\kgQm.exe
| MD5 | ad70b342516f5a3c31fa870c3dfe9c2b |
| SHA1 | 9f19eedda954478979f717a0405cb4f45aa005ac |
| SHA256 | f878fe01e932ac855a1ba001304b693569a6386ada9a4974d4a60e324b7a421c |
| SHA512 | 8bcc2b43892cae5ec922fa38fd395399f5fdeadb6e5aed0f0a1ff7c710c53f1e135dbb73f34b4bce088cb7093302628c6549f41187af28b5f556b4d7a2817d0d |
C:\Users\Admin\AppData\Local\Temp\xmUoUkcc.bat
| MD5 | f500376087fe20753d489bd3a19da2f4 |
| SHA1 | 13fab47ae597bcd45c5249d3e9cecf420e958aa5 |
| SHA256 | 27735eb517eb19a942117e20a5e4469b9ebfcca9d6f0544036f230ab4ada53a0 |
| SHA512 | fddbadec8343b632aff197438e0cc5c780a449546198d85124d1d85b78fcc28d3558ecde0353d2d1929871f53071a2c0ee4fddcb76f6c11268875ea672a49fd0 |
C:\Users\Admin\AppData\Local\Temp\aQMy.exe
| MD5 | 30cd8941a16817b37f1aa7228023145b |
| SHA1 | 05ff46d6b2f43cb1237eead4a75e14fc054b1720 |
| SHA256 | 0775562ade207abce168644b41d69435c0a1be724a86b0271960c3466eb17969 |
| SHA512 | d3f06d108f46c06523e522919afa841371639e081777844b83756161a14cef830b28bd13c6cdb161f0b3237ef02aae6a597177b7cc4c4f6d9595e9aa7cc11ba9 |
C:\Users\Admin\AppData\Local\Temp\QAoU.exe
| MD5 | 04c97caf340a6ddf1264658dccf25948 |
| SHA1 | 4deea40f9789a6dfcd8cca4d39848e71725851eb |
| SHA256 | bacaa864c289c9e0828ddd4081a3649ad110d6d81eba4801310b561422ce23c7 |
| SHA512 | 6e98ec9977e42a8a9c413012c0dd0bd1b694a7a41982a99e0d96c4ae672dd20fdaf12ce9e236c18e0343646984fe680e026e4ec2d5467de5bfd446acab6332f2 |
C:\Users\Admin\AppData\Local\Temp\YYUw.exe
| MD5 | bc8ac12c4021c0c768fdde662777b1bf |
| SHA1 | 7c05f4774db7d27ba12ee509993ecc3aabec2a41 |
| SHA256 | c46a32485d556badc0f8966f14cf6cac9db556e826b228fed973a1d61983500d |
| SHA512 | 3b0d7f1204785c45f68be1291bce3f3247d213e5491d8d58aa53a98a274874194f215e6cbbf4dc819757d29e03a7047d06feb9e1edebc332555d9e4d0ac06521 |
C:\Users\Admin\AppData\Local\Temp\WUEO.exe
| MD5 | 2cc675a2debc37af9142a6da93114367 |
| SHA1 | 3eab0a45a604ef4d52a6ac6c271691209847dd78 |
| SHA256 | d7fdcd3123fc7a74076ecba001887b02abbb794644dcfce8a7a660a26eef048e |
| SHA512 | 73f5d24cef54e11a9c949e0ff61bc7a6a9f1d3fcc6203d90c2ad42c3eeeb97978624656e0b9c1837c7aa1798b045112fef31269367f3f7388f53f299593a53dd |
C:\Users\Admin\AppData\Local\Temp\QskC.exe
| MD5 | f0a24632e31e1c319c7b548e5a04bf5e |
| SHA1 | 89e5a7a2c69205edbfd51b394bdd1eca48613bc2 |
| SHA256 | 5302a1dbeeccfb8ca99dc123fb202dba8e1e68d5aa5fed6869b49843654a80da |
| SHA512 | 891f0866cf40cfd1ed5a974c412ae28be225cf2529db00fa641c7d30795129aa0c95115ba63ebeb6007bf392fda82fff829b109abdfbe781f1af5a15e8a37a99 |
C:\Users\Admin\AppData\Local\Temp\IYQM.exe
| MD5 | 06c83e6622d8cdef7e0a1d0ef3173956 |
| SHA1 | d440cd1319140b81d4736e7e6d9d926f359059e6 |
| SHA256 | badc9cfd8f5157d4faba4e3e76ebfc2f8cd78c9f5fce4b87723832524f821cf8 |
| SHA512 | 4f50983fffbbdf7b4c6ad8ce66cc4eb09c8dec690777294fbe3a8ee87ca67af41015a3e1d706e1cff938d6c6d40f23296a518f38c77b497b879544cdc53118eb |
C:\Users\Admin\AppData\Local\Temp\uEIk.exe
| MD5 | cbd56b3bd72c0d933fb0a6900e7b5d5e |
| SHA1 | b248320ab75d5621099ef0006547e8c14e037409 |
| SHA256 | 3d2706ed4e8f6fe798d3485831f7f95b756161ead35bfb986ec6eb62d317c714 |
| SHA512 | 5d18d961b6b4a985e9a54b366156b2cd0751844a031b163bb8ba8918a0a9ced957848a06d5ea8af614f82be41999595ace24c8d955c76642f6572d282069cb81 |
C:\Users\Admin\AppData\Local\Temp\KwEa.exe
| MD5 | 2ad1eca9d5430dc9911e00263082a235 |
| SHA1 | 3d1ce1dde1328891dabe90cfe4f92f10f999f974 |
| SHA256 | a064bae909ebb94b88805d87a742bd8fbbb6986d3c9bac0e3e9e6fd267073d51 |
| SHA512 | 84310e46d2c015ab1d2130646b4506619d707c8314b282b33df5d43afd53021d16f4a271414bd6d93b3b377a16d9c462475558cd3ddc60a149c41c883b899779 |
C:\Users\Admin\AppData\Local\Temp\SMEk.exe
| MD5 | 63f7c62ae8a250799942ebfc39e98188 |
| SHA1 | bd72063ec852b6f9b3d42da1b2f250e5794b92a4 |
| SHA256 | 20c510d38f9dde50359c7f41c174f9b4545f251955bf40b243bfaf1eda8d15f6 |
| SHA512 | 17229adc7f511961529e33f9e539de75a4c1ec49130b1b7d0bfaed220975e4e63f3050a6fbd285c765ce76922dc252397573fc19f4ca514f73b58c8397ddf878 |
C:\Users\Admin\AppData\Local\Temp\ZuEQsokE.bat
| MD5 | 93ca85a9e2cb09220dbbbfff0c64a3c6 |
| SHA1 | 734db0a7ac79ade52850360f96f5e1e892c74091 |
| SHA256 | b0063496d7dd00dc20fc2384b9c9a5c6c8fadb7fd0614a700a6154a107a2b56a |
| SHA512 | 79a6e4e5cdaccba39ba3e708e2d97fdd375d897e4b789aa949d5956312129e678c36ae1d07fd3717f89b5e4cbdcfe67acccda9873d909fa2614dd3e7db9b3dbf |
C:\Users\Admin\AppData\Local\Temp\SkUO.exe
| MD5 | a2faa90f1473f826c65f5a201c4335bf |
| SHA1 | d09b2f64c61c8b1c8b0755c3b0d501724c28e989 |
| SHA256 | 84964c4ca970c45b98b912afe7db32c298ac13fc995b8d02e366b8dd649dd73c |
| SHA512 | fec4af3e41d9f782ddb718f42af246b6cb1932f3eae45e50685f4038292eb2cce2add89423540f43d0997daa86c0f0245972ce60cb7181b62b6eb601034b4b0d |
C:\Users\Admin\AppData\Local\Temp\yMMw.ico
| MD5 | e1ef4ce9101a2d621605c1804fa500f0 |
| SHA1 | 0cef22e54d5a2a576dd684c456ede63193dcb1dc |
| SHA256 | 8014d06d5ea4e50a99133005861cc3f30560cba30059cdd564013941560d3fc0 |
| SHA512 | f7d40862fd6bf9ee96564cf71e952e03ef1a22f47576d62791a56bdbfbff21a21914bfa2d2cae3ca02e96cd67bf05cade3a9c67139d8ceed5788253b40a10b32 |
C:\Users\Admin\AppData\Local\Temp\mQoA.exe
| MD5 | 9ccdb68c7090115281e3199c7562a950 |
| SHA1 | 0dca07d9b38a437489dc76e7947e8554f8f937ca |
| SHA256 | cf2898ab310597cc51470485c5669863f0febd79261c1e5da239793e48812b5e |
| SHA512 | 6b9734785e99bd1f79a42260820be56f10e77652d24e0d181f615a3138d302a497f02989adce2e2e64655b84a093b16ed65c1d600b150644b34f6eaeddb9ca27 |
C:\Users\Admin\AppData\Local\Temp\Kcge.exe
| MD5 | 3d4fa11850421d0224426e585d0825af |
| SHA1 | 569f263f2b0ba5c386db016a2fb58700a57c6dd2 |
| SHA256 | 1353a488caa88ea12024ecfef4d4170f2a95e729749513923868202b354ea380 |
| SHA512 | 387bda9f962daf140f18378e2e64386c8635dd2c0a8ed781866085c8e529cdfa731fd5d9a9295b255145e8d04260576c0449c4d52922eb164fe1487fb5f528b9 |
C:\Users\Admin\AppData\Local\Temp\AwEw.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\eoUE.exe
| MD5 | c5b39e14417486808b47af9842fb980b |
| SHA1 | d9200369b43a035c7875e443c6ba0c25ca2d0c7a |
| SHA256 | b1aabfc5e479be59cc81e17b96f9c8b590c22ff43d15feda7f3d1806a445139a |
| SHA512 | a243f2f956edc0dd2b98cf57f8d3a40c80f37c5148d2ee3ce209e46ad2898ab66252efc586a22d59eb13eb32245aa1946feb5ca75e4d3c410ae5f24ffe35ffbb |
C:\Users\Admin\Music\TestWatch.pdf.exe
| MD5 | ce8a3823a140a42a1a195bc87a389cb3 |
| SHA1 | 71834fa427264f09566d5eebe096177adf76ab3c |
| SHA256 | 8e3dba1085aa04315483b0fe0d8a3dd83deb6e1b3105b9584c5d6cffd1c514b0 |
| SHA512 | f1fb0382b2fde939613307ec4c99779a81ebd3aea58ddce139234f1bf0ac500cbb407f061796eec22174db48d4d11028e70310b7ca0d80aa0f1f75b1291fca76 |
C:\Users\Admin\AppData\Local\Temp\yIcC.exe
| MD5 | fdde89702342f739c3552bc313550c2f |
| SHA1 | 3d3372a44f0cfd8443ef9de7c09234a84738e040 |
| SHA256 | 9e0040a48a2a3d1cd99f3dde01b9fc638a50aba133b7fb6f32f58b2cf141e2ee |
| SHA512 | b3e1de043632cc8c44d7ab2062a58e2e96533bfb75cb4f36247a54f4f0a36228d15a8f69b66d803db2021dc4fddb6c273ff4e230d847308cf7baf9f4ad5c8b35 |
C:\Users\Admin\AppData\Local\Temp\JEQAEcwM.bat
| MD5 | 2c81baa94990829ac166d42cfc09fa2f |
| SHA1 | 6f418e0e2a6dc195ac989637b20a566eacfac15c |
| SHA256 | 6a605c639fa595568d5f4ca53bb1d3bd101c25aa19004b706c7cc07cac31a0b2 |
| SHA512 | fbe0b0d794c99a640df1cb4e46afa64fa70974736f8099dbbae99a217217bf8e568ebd5c97d66eb998ba80c3e9c35803827804b9fc1b7ec7ee8cbac3b44247c7 |
C:\Users\Admin\AppData\Local\Temp\MksA.exe
| MD5 | 9943dc22560c548692bf0365b9bf3047 |
| SHA1 | ae6d0cf6e78e4ae9581acc199b149c4363190a04 |
| SHA256 | 3c411ecdea552a670ba3c0485322f8008700daa9720525fb0b43d16495ed6777 |
| SHA512 | 8f5f263c4f45befc9782ff481c851e71b77e9e355922e61a4a6a321141e9df436c82edbdcaf7d3c43f3687227693a09b02dfff59af02682003b92546778096b7 |
C:\Users\Admin\AppData\Local\Temp\GsoY.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\Pictures\PushOut.jpg.exe
| MD5 | cde461272c1e562349765cc9877e9f97 |
| SHA1 | 3d8a15eb8c3d47387deb73bcdbea9220b3503222 |
| SHA256 | 8b1822c6d37e699f1b5663be920227d9a660654ddda06cc754ebc93be7192b9b |
| SHA512 | 6fa8a7ab2f9d9c2937aad568534a40610de14e750bcce5173e16de7f02c5aefad0f0cf7c6113625d3c4c74e7f03e7730a794df5b3db25a5f8a670aa7aa97bfd3 |
C:\Users\Admin\AppData\Local\Temp\YIkE.ico
| MD5 | 5647ff3b5b2783a651f5b591c0405149 |
| SHA1 | 4af7969d82a8e97cf4e358fa791730892efe952b |
| SHA256 | 590a5b0123fdd03506ad4dd613caeffe4af69d9886e85e46cbde4557a3d2d3db |
| SHA512 | cb4fd29dcd552a1e56c5231e75576359ce3b06b0001debf69b142f5234074c18fd44be2258df79013d4ef4e62890d09522814b3144000f211606eb8a5aee8e5a |
C:\Users\Admin\AppData\Local\Temp\qEIK.exe
| MD5 | 09be2a44aca60f94feb5d2b4f69173e1 |
| SHA1 | 2fd03d98975bd5c11b35d4261ef523c665a67f31 |
| SHA256 | d686abb42f624f71a0d00fa73bfa943d334a6417b0819ec35a62f75179382389 |
| SHA512 | 77c95a02b1904bef66b6e861f2adfc7415e925db7fdfd214c426110f99433908738b3d0cf5e8386c8a6a1e352120795cc2290ff7791058213bc121fefa29bd3f |
C:\Users\Admin\AppData\Local\Temp\okUI.exe
| MD5 | b1a3d74ee126484df6f93267902c87d3 |
| SHA1 | 4b9e608a33c4bbe7a5168b662ea15150c456949f |
| SHA256 | bf30084275d375b64b40e4f4c69232c1edc65ba72e4d6045a44fa55fc154099b |
| SHA512 | ec4ed46e72756108c3f520b1c1139f48a45f213e606ac3daf40483fe314643a78923569d3aa4019ba6a0aa32cbd6f04f0de0fd37f03493c96f5981237014612e |
C:\Users\Admin\AppData\Local\Temp\EYIm.exe
| MD5 | d1e2f0ecb978c7cd8fc30184acc7ab6d |
| SHA1 | 0f9edc204441970af9a62030b371beba49801ef1 |
| SHA256 | 43facd38a03da7192f8936053a90f7695c29aaaad18b2d1ad8fbcc90ffbd0a3b |
| SHA512 | 6ed80983c55037efabaa775302608dfcba486c4806331452800d7dbe6f1c74dcbde18ae07cdb238a379163ea2d32d414510d05b6659642a86059d96ecabff3b0 |
C:\Users\Admin\AppData\Local\Temp\MsgcQcoc.bat
| MD5 | 33eec06c3919de5187743c34daa015cc |
| SHA1 | 46f84ba4a3d076e0dbfa3f3047ce1db93e6653c5 |
| SHA256 | a6bc6c661c52454d29cb46821cba122037913321b7803a52c5ed59f0e5cc657e |
| SHA512 | 823e780fc49819959fafaf5d4ecc70d5934a27ea31af8806181d25e8bb76f99138d3f98052f0cb3b8e9e48bf39feefe3fe4a1baa0a427eaa2d2f980d886ea699 |
C:\Users\Admin\AppData\Local\Temp\YMoy.exe
| MD5 | 28dbbbc58b4af0e93faa43b3c6bc8887 |
| SHA1 | edba7f95d4cf3f5207f6e76d1977bc7ef4b8aaff |
| SHA256 | 525bd5cd9e99dd97f1d4c9f3be7087684b4cb71dc3229a8d3c098bd6079f0df8 |
| SHA512 | 49c7d0d6ce52e509054a04dc1dfa1a0bc92cc0a2df87ba5a3f0112b8f418fb8be7dea1d0dc3286d96b2684aa5b0575078abf9b8e300e7a09e2b35988511581b4 |
C:\Users\Admin\AppData\Local\Temp\isAK.exe
| MD5 | ccb6635e3102fda2be4d766c8d4d8838 |
| SHA1 | bd1486db4f66e1d04e8b2942d007ea1a3ad4e636 |
| SHA256 | a24475d4ca924ff7b2735612b7a46bddc8f9a5a0385044a999b029c7b2e9d93e |
| SHA512 | 9227c569c45caf8eaed447e7cbf1d40eccb2281ef8e6d7b948c9975d9faeee9ab409b2efc62e701142db6e4d56fe213a74c1575ade265ee871f9bf8a820d8875 |
C:\Users\Admin\AppData\Local\Temp\IMUO.exe
| MD5 | 93badb100d5f0458873dc62c0da217ab |
| SHA1 | 2362fb6ac8264cb515678852211ebc748f9f2fa1 |
| SHA256 | afdf443df0e86df9461969aa2fad26243e41a318cf22dfabb5c0566314764125 |
| SHA512 | c81d9fc9d7eb2ded61ac034d0a562b1937f93b71fa6b0a89ddc9b82c658b603cc5a1fdc6cda187dec4452ab67b2a8ff39b4b20d803ea8df92e221aa2d17bd611 |
C:\Users\Admin\AppData\Local\Temp\sYsY.exe
| MD5 | 3b0f3a3644d5a5c357d954fcad1722d2 |
| SHA1 | ef9db5f9f0bb6dad863a8ef08614840f826255ef |
| SHA256 | db91d74561f0a2ffcd326231c592bfc9597bea3a1f277eaac3c0803c15d8ca94 |
| SHA512 | ed6d0da07586abf0d8367bcc99c93f2236eb53896769ac9f18086e89fa80c5bb9695be8970c3e600d7bc7860fd6905f81b2c1e9f675f3c541d570f9c15d85a3a |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.exe
| MD5 | 3818c359abfbce75467c5eb05d0121fa |
| SHA1 | 4d9b0a061aeb607763a210d8cd9eae868b9997a4 |
| SHA256 | 93ba2adfdcaca353614e4ce00dd1c6e4a3c3063f0a2f7a21b3f3e478046325c3 |
| SHA512 | 61aa331938ed79e52c83a6a324eddb090e3009bc64f893bb93d90cfc0cf21cc0ac1c4d2a92b1a1f451d7389403cc26b25a6a278bf1f090e18f5ea2f3569bd04f |
C:\Users\Admin\AppData\Local\Temp\wOEcgUcI.bat
| MD5 | 93b27b2ae7ad8325573ebcc7eea3526b |
| SHA1 | 01f7efa799da35e1f50f44a7eb2f979534c30c08 |
| SHA256 | 4cca94e751959159500b977e27648fbd3c05a63b1f6618fbcfce78e4237f6e79 |
| SHA512 | 861666a0f31f61030d733cd8f8aa4dc0d9457d3893b9d36cd7ce4840e935bad9c566de3d9c0377eaff6158c96dea068b31bce92d19e62bd8928b13a18f09eb22 |
C:\Users\Admin\AppData\Local\Temp\gMwC.exe
| MD5 | a89a16f0cabc9e4708c27fcd61e44bae |
| SHA1 | 63673c5cc3e28ae4916413181a03b7c3c188201d |
| SHA256 | e85d28d559450fd10e9c0aaa8d928022ba0fe78b81126313686aa008fbb5eae7 |
| SHA512 | 5c1c5848c4fe728c5eec364e6a7fd87973dd737d7789ff087b20dbfee3e58f7579f3241e89352c965b92ff8c704bd87ce886843c41951f0f087b4ab6dfe6049b |
C:\Users\Admin\AppData\Local\Temp\UYkG.exe
| MD5 | 67b22b12de293a0d4cbe0c2b34a6d678 |
| SHA1 | 8e5989f7cfe5eaf422c4bd1c0b04cc05a4896c5e |
| SHA256 | 84da3dc67dff96a20bc64c2ed0e010c2e4cc077c14c0bede9e422cd2de8c98bd |
| SHA512 | 6506beb1785d470476226c8d8bd8026c6533c5993af0a7ea4098b17802a5951e46d3a8171bc9d6877a8eb7cdae35756e72e54f9dcf970e9266285056694ccd9d |
C:\Users\Admin\AppData\Local\Temp\eIYi.exe
| MD5 | 12281201783fa52bc94f69ba4a1d8fb7 |
| SHA1 | 5fbff8d06300b328c64a329f334462ab8bf62a16 |
| SHA256 | cb5b270118e4e56c72e5b959972a40e89fb7a63d1784bc41b0730830683f5498 |
| SHA512 | 04d186178cede9441add70299793fc9ea44e922f61d9091e3b0ead3b7afd842ff8115bae88c530fac2d770039797d8ee09624173942fd1776f4a19f5ebb8812d |
C:\Users\Admin\AppData\Local\Temp\KaYEogsw.bat
| MD5 | 18439f29f1b0cef22e3b07ea56f9a864 |
| SHA1 | bff1141b8dadc61a4bd8dc16d01f393cfe6ab7e4 |
| SHA256 | 35d7889fc86b9cb952390091461501b7ad0846723fc6524479e8bf0e871e79a7 |
| SHA512 | 9799f3ece9409d270caced3f7a806904269b7f2a3adaea9d64bd2e59002ff476468d7022dc7050a376ac52bb976bcac5e6ba876371ea793e2a0f7543f32cc30e |
C:\Users\Admin\AppData\Local\Temp\ScAo.exe
| MD5 | 256f57b17bcfc1368391d45729041b83 |
| SHA1 | d3159ab6a46d4fadf2a5513e079745359fda5519 |
| SHA256 | 2203391dabb770a3a7dbc38899959538535c4caf7c95c8de3d2784d12125673e |
| SHA512 | f9606b5009d1d625252e45ef3385a307125aea3111f981e0693004e12081f1735ab3d6d9b33e5f3fbace36862c49e24702d675b5ac169205eb75ee248fd0aed2 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp.exe
| MD5 | 228e2b5994817a018cf826afff253ed9 |
| SHA1 | e1b43baeae35a116e7c14a15191d11fe8ccd40d0 |
| SHA256 | 4a0aff16e391711fba767d9c11a83ea61ab5e18fc7d1d8668e39b8b0cb788d3c |
| SHA512 | d208701b88aedea297c0e775fffd2f086efc4c0379c3aa8b74f02c6c618d9b12ea6bd3af45e57803cbb118438dd3a33cc3959270396952693058a7768e000f1a |
C:\Users\Admin\AppData\Local\Temp\wokY.exe
| MD5 | 95249c527f735e8d35ca7b0adad5e48a |
| SHA1 | a880b556499bacffe05456b8564876afff704d7c |
| SHA256 | 2bf1eaf418045d0ba94811609b1334a2c80063c05856d17c024361d38eed29d7 |
| SHA512 | c01dff75bc00d3ab70c0a78e91de56ef2dd399ed2931d47956414064310bd4f34531cc12560a8871f9817ed41a74d97f442f9e83eb8d9f6bc22ddfcccaaa8418 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp.exe
| MD5 | 7ca51efaf05b0c003890fb7e7d3d093d |
| SHA1 | f9207a76648138815f84f6084ebe5b79d8cda628 |
| SHA256 | 7e849f4a1b2418871d6f5ccee63a5c5e54afbca72fd501231d248a543a3bef65 |
| SHA512 | 00028946057b40f7ad7ff3fd40874deafee51ce720ce5beac4c1b9413f1f4538484e95c0743ee0e26bb3b7c68f4b7d764b813b304daf60bf1074c47b840121a1 |
C:\Users\Admin\AppData\Local\Temp\agAAIIkI.bat
| MD5 | 93a0cfb7fa392e349efaf71726b77a76 |
| SHA1 | ff80bf7efb9cbbc4eeceb19d2af03e0812e67627 |
| SHA256 | 09b77833393d24f5d808e2c8a3ab3102195515bdb167c241b6520b2475da9bb2 |
| SHA512 | 4bf58f793e891af830a057232b8951148c46fd3f94264ba6dda331e80b80981bdf2e3e9b35b405c9c84ae34faa5fe212a2ca72bf415bc2a4cecb0012076dda99 |
C:\Users\Admin\AppData\Local\Temp\usge.exe
| MD5 | d8d4d9410bf463d1639288a50e633970 |
| SHA1 | b9410ec1504916ce1b67663db8236fe3c85862be |
| SHA256 | e6b2a8abfdd16410e29f4823040a4f49c16d99168fce966e87004576efc37372 |
| SHA512 | 7d9685b01e85670533cd35ea53be9741c38160928bbfffcae73e3e53a6816dc841369bff89b453bbe008e42da38d6924cabdabf95c82a0244833b5de8f19e02a |
C:\Users\Admin\AppData\Local\Temp\yAQY.exe
| MD5 | 03288831766c7fc69667d51151e7ea29 |
| SHA1 | 358b70eabaa808f772c23d123daab5a6b70d668c |
| SHA256 | fdff16247fb04089eb5a486f0c86dfc0b8ccb1377682c7c6c059d9688f94bb94 |
| SHA512 | 91a7a843ac12fd2c98effd5f4096b3fa6c118dc08ae6c27afa07a7ee25c53697325fefa45506371d0679d1aab75787ba18d156179cd354198c2bd7f8094aa528 |
C:\Users\Admin\AppData\Local\Temp\qswU.exe
| MD5 | d493024336952a4c03214844aa61b45a |
| SHA1 | ba88b5d29ada4222f97807a6575004fbdf5b156b |
| SHA256 | f2ceca57ad7053f27e8a7e30ad17f0c2d9b55b7e5404ccf0313e1bc699287e4a |
| SHA512 | 0361b0c7b9a4bcd97638175d8075952b55014727802a16cf543c33558ec9ec5b80cb03b483ef244a2f00f4ffbc79155a13c0484fed84ac1b8f320cc6c2a6776a |
C:\Users\Admin\AppData\Local\Temp\iEMS.exe
| MD5 | 089cd6d1f8f01700b0bdb008574e57b3 |
| SHA1 | c49f174cf3f006224b5a6457ca8758a74780fba5 |
| SHA256 | fe637ce9eb23c7757ce00056585892fb927904cf56053c1adc87453750f41e38 |
| SHA512 | b21199b302a49f02d6780e858bd5720852d6120b53264344e067c04ef99b9a4d3a19a1917008cec72ae1db1ec56a550c789c7fa7a8260e79e0a96291c08dc018 |
C:\Users\Admin\AppData\Local\Temp\hSEEoYQg.bat
| MD5 | 4bd34f2889ce472421ca470527868651 |
| SHA1 | f72b25f4f66b3186741466011f17ad8fba3eb964 |
| SHA256 | 1a68fc5efa9a9f00c5bf5a4564bc61ecfa00ae7a3af2d2a2cf73fc6127d2c4d5 |
| SHA512 | 7f1147ca25cfa56d8df5d75a124234f03d66614b602e872a68c17ea6d21c0d3489345eb6f8f3d1722e41060c42409cd134fbf931e9a6c4035ffa2a5b7c8cdcf6 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp.exe
| MD5 | 8138ca8341bd0af9518dc8773573ff3d |
| SHA1 | 6dffa50e2f7fc50f39f6d5a8c8b93316027218b7 |
| SHA256 | fd16c2b3428ca764ac50752b37b1ef4a02342ce17ce6c884aaf159c4dcad92f2 |
| SHA512 | 737cbfe1f55753498c4f96aed28823779086fe8648d59715eeea4dfbb2cf22126c21332da9469434ccaa25898b1b06a10b99542c84920bcec992d3c0b488a8e1 |
C:\Users\Admin\AppData\Local\Temp\ekog.exe
| MD5 | 2bb8e751894e98c4dab5c44b067526aa |
| SHA1 | 59dd0a52baef2ee0ff41583df4e144eab5aeb184 |
| SHA256 | d2e3afd9f5ddad1c8156547ddaf545d122e4a52e5519b5d7ddacef40c77054bf |
| SHA512 | 6d27f09fabc34dffc78c937dd444e9b13ca67127331e3f94d92252cd26abf6436e383a4a3c0430dc124367c1178b64d4bedb8fe374ab8473e18edfdd2570bb22 |
C:\Users\Admin\AppData\Local\Temp\NAAssAgs.bat
| MD5 | 3beff8489583fab204c484908ed389d7 |
| SHA1 | 829292dff7b7b34c0cdc7b0e73839af4caf64829 |
| SHA256 | 926a137756a43c94c69a239718a0c0eec363033e03e2920cc5170e25efc52c9b |
| SHA512 | 6158cc9b7dff2f62b25e348641f031383c1fb0e8678dd95ddb55a65f77b6a74202c4028d30d83ad4b31539f7ded5a554abaa14d41f7fc74944f59eb8421315f9 |
C:\Users\Admin\AppData\Local\Temp\EcUu.exe
| MD5 | 3c3385323314617c1f2c9251e1903aaf |
| SHA1 | 94189e4b15fe5f070da0daec698c4a41008e949c |
| SHA256 | 575573fbca29424ef39897bf72a2a278836833285fffabd831caf497d42fdfc8 |
| SHA512 | 31150d648ba405b9cc87ce50bf56d90494e3d9e2d4649938267a7a993b13b4511f83ff8af9cdc20519cddf9488b64ebcc9cc605d18ddb2e9be7f4b49d20457ea |
C:\Users\Admin\AppData\Local\Temp\KgUe.exe
| MD5 | 1787472c67fb9e7657f08565355d7b0e |
| SHA1 | a35693202a4122b07aa4a7107f72fd91f43ed0f0 |
| SHA256 | b87a782c9709f59495906a91766fbaff294cdccf1a1c841505872f73c26f0926 |
| SHA512 | f7d933491126940ead6a8d152f8a1145fb5ce0e82f4366b6cd4db923241e8c8bdd99317de2e58c9b9def284e8385d623859ceb10f46ac62eb53866e9b168b637 |
C:\Users\Admin\AppData\Local\Temp\mYYU.exe
| MD5 | a63149df94d24a7fb40df86c54093d76 |
| SHA1 | 43777768b437c443765ff20e70b71bf7a0a80df7 |
| SHA256 | 41719fbeddceaa18ee41449706a8d6d3ed10545524a76e379680d37020bc4c6a |
| SHA512 | c12b58bc8a08fae1e3c41c857bbdd9162b2da9cce2574ff416478ab5ce0f4e1bd5fd0ac5612014b155db98ad7889ec34578ccff560be5fa9f530531a7dd77fea |
C:\Users\Admin\AppData\Local\Temp\DYMIUEwc.bat
| MD5 | 29683ef507889785fc04fdf191ac4d36 |
| SHA1 | e1ce07817331b21a03d461b6505d2f9a2349f19a |
| SHA256 | d2aedf34226c6d5f5c875f8c18f025c34d0b76a4f83876c459e0a0ac4fa1c56b |
| SHA512 | 246ece676849f97e8323059dd05b4629779d75ed184975351180bc3a16b4fc96938119a692f518aa8a35a97e96936b5e453b276a82efb0aab3e92f7c8ec56a1e |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp.exe
| MD5 | 76063c045b421841a581968ad4bf6b72 |
| SHA1 | 9a7987063ec52fe9e8be492a611d7bcab3828ee3 |
| SHA256 | 64bf910182bc39c1a96701c109c517439f4443dadcbd28da78b6572222b7c8cd |
| SHA512 | 10d8ca9d701fbd17ff3ffbac4b5d8efabc62c8b45bd7d17a780f66d9ff29abd6bff7a66b734bb7b59bfca6949904b645f66bd7ab2f518ecd1516f3673aee9bed |
C:\Users\Admin\AppData\Local\Temp\GEwy.exe
| MD5 | 1a64b1e4314b573ff8bacdb6b6b2fe7e |
| SHA1 | a6f06f1dea8a6dc4f8602daaa4cc56c7d74f8782 |
| SHA256 | 56381ccde92362bfba20e9c516470645a29b8d504bb7098d522a48831c2aa9be |
| SHA512 | 7ec76d3443fcb2be73761620a12cc390d79b29a72a3ac8af36e97c7e356d0ce0d339c087de28e79d87ca030ce6b2f3092486e67f75c737ad8e0a1c46e4291b4d |
C:\Users\Admin\AppData\Local\Temp\YwEi.exe
| MD5 | e222839f659d323c8dc5989b38ff533b |
| SHA1 | 2b401558113f986cfab575a70370d827b25e5636 |
| SHA256 | 7a9780cffa89e0730efcfed98425eeb8ca32a30ebca57d00c67557824736076b |
| SHA512 | 25eb1b720dc48b4b6164bfce340b140241b575726d6ed944535440eab8bf3319db531e7a178f24aa33cec323afbcb0dc50a137914a35c285c9f87e9b28c8abf3 |
C:\Users\Admin\AppData\Local\Temp\GIYy.exe
| MD5 | bdbbdc6f59cdb7cb6f6f61f43d77d65b |
| SHA1 | 21bcf03d56691897c7cc3c7abcb1070a2eb36521 |
| SHA256 | 68540597f1e865cb4820d8bb44e5ad976bb042db7c484ade6f34410a8f132f1f |
| SHA512 | 399d96bcaaaabc9ca30e69bde81811848cc8792f3d7aacf057bb5f097d6ce0ef46d9e46c9b704d17d835573c8bccceb75fa8bcef4ee3b42ecf9af6954208c792 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp.exe
| MD5 | 264ac1892845ba0d4bc670c9874e8d3a |
| SHA1 | bcb9b7b5a6117144e4a1cfe03bb9693dcb572131 |
| SHA256 | 3e487cc4d7244a080408a7c5121be5f4f40fa9a93290d3b61b4c653367f43a8c |
| SHA512 | 19f2035d6899615a3b75d9124c42d91ab3060a4ba9ea36e0f5921814edafc197c46ae78b101438e3ac6ea732f1fb9a721b06146e9981a52774fdacc55caf52a9 |
C:\Users\Admin\AppData\Local\Temp\besEssEI.bat
| MD5 | d0b17d113e1c8fea400dc30fdc9820e5 |
| SHA1 | 9911e4f9a2c0ea443c4950e27ebb78cbbe20a9b6 |
| SHA256 | 32b7597e309577efbb58de45f1a1c0cb6cea47a25b7738836830f0ac813f683b |
| SHA512 | 594a126fd69e6b0b62eda5a02ea4c20c5a7dc427447a732bde22edcb1f2fe80980007a4b1f91e5cee9b0230e8d9354ecae74975b83c6c5e1b4fd9deb8d47ec6a |
C:\Users\Admin\AppData\Local\Temp\ukkU.exe
| MD5 | b46da850ce0cb3d0af8d78051089e984 |
| SHA1 | c2b233b16c998d95ce7cc21a9ec20837174bd32b |
| SHA256 | 1d604fb090bab7e2e09c22f40db311c36bd4ec5e08d4963e8ee25e88e99ee1fd |
| SHA512 | 154b094df1b3bdf85234907293d5603a277328f72b4fca6a1085bef1fcd6a424cc48608c9a013865ea87723eeb98eb55a62b3bc1a2fb45afa23ee9b6712e0641 |
C:\Users\Admin\AppData\Local\Temp\AcYq.exe
| MD5 | 87a2f164a886e8498a59aa97fa16bc3b |
| SHA1 | b001e752d9c4395cd9b7ac3bd5a867246593c628 |
| SHA256 | 11ab2758156932a3038c15b48ca42abf7135c36fb2958f4dcda08ee1bf6a3f6a |
| SHA512 | aca0069067304d558c5a5ee16b088370c7f54f7136348f1e9d586d4b7d3760c2e63bc6db14618d1946601908988f0e169f8a45def817dfba9e008ff13dd331ce |
C:\Users\Admin\AppData\Local\Temp\sAQU.exe
| MD5 | c98e597eab00aa8d956046a092b06c91 |
| SHA1 | 4f07f6d535b8fa43c6dad925f92ca14e9a618852 |
| SHA256 | 25b0b75ad0abecba2c5fea8e716e9504b2d6e368a482432aa46a36d023faf0f1 |
| SHA512 | 9795bc46adda74cb9f1aaa1489a323c20756f0823ead6623ec34e375ab0257f4771db56dcbcef6a00b7afa71ec30a8f99f593e00842f09eb85d6cf8ac18a5c59 |
C:\Users\Admin\AppData\Local\Temp\ROIMwEIE.bat
| MD5 | 31c575338afdab6025592ceee36c2e77 |
| SHA1 | 9a33b7b08c28d0b0e2a3d10321a574df47caa74b |
| SHA256 | 1dd0cdc8ad62e8911682db35edc9ac3b37a07c3fd5655df839ebd4200fbc9d8d |
| SHA512 | 03eee463df0f5a014cb79e07f64997c5563e8831a66159b21be1ef9d662b77204512cd5c130ed7e34f422fc71845f32fa520d6bfbf13a024fefdf74477c42839 |
C:\Users\Admin\AppData\Local\Temp\KEQk.exe
| MD5 | 3f0299c5c8bda5bd658c0687acbac7e4 |
| SHA1 | 4d2ff31ad7b874269e2378c059e572ccd92bb240 |
| SHA256 | 9fa716a6b1a1e0576a2c5df27f1a7206acd9059881130653c682648153177b42 |
| SHA512 | b3a75d12a49cadedb824f7f126730c27e2935e6a44853250e8952c7b7b02104b4a8d1117dc7c961540b9bab5a2d872459a33ac67232de32942181d1c33c16d25 |
C:\Users\Admin\AppData\Local\Temp\iwEo.exe
| MD5 | 1a7a882126aee57a27b5d350b0ec1542 |
| SHA1 | 061c76055b9293e1850e39a871ab5d6a423cecde |
| SHA256 | e487fc6413b2ac7301765605d1385816a3f3e21eb2788bb3d477bc9efdb50cdb |
| SHA512 | 62ebf8c7adae14647725e0ca736340a672077dc81082d31dcbad24b382c549c619153ebe5297c201cad7f4555e6a8f1e7a65a5318984882a8f36fa2916006fb4 |
C:\Users\Admin\AppData\Local\Temp\eQoY.exe
| MD5 | d75587d368950fce13e1339cabacef7b |
| SHA1 | 08a441e04385ba1bf65989d957f9b3dfa1004f0d |
| SHA256 | 8d68e1c98b664565baa4af15fbf6c6554a93fefb8378c98ac3b77357edb7774e |
| SHA512 | 59f22255f2c7f0624a86b5cafd36c679578d6e0cbd4037dc64156c0d97e2706053ac164eda1a49bf9b83056ee58712a54613ca4dc1c982c2cb979945a2f66dc2 |
C:\Users\Admin\AppData\Local\Temp\IgYQYcwY.bat
| MD5 | ea4626ffbd61030baa99b3ffc23d0d9e |
| SHA1 | f987a30472eff80743e884f5338d116bdfd0deed |
| SHA256 | 3c90070299aec128e8fee98ae2e2f78572d93d048df385c6be89a74b94f1064f |
| SHA512 | 0546be2e135a3cc995d93b173d8ed4aadbc706d45937d2ef22b370745c0cc93f906e5abb9ef4ee3ce35cd9409730bbdd7534569e59f18af1f7f7aeff3c4ea8d2 |
C:\Users\Admin\AppData\Local\Temp\AwQs.exe
| MD5 | 9f67836f41e4db9839ebf7e178c3b7ae |
| SHA1 | 0cbbd8065968adcad808f0cef753dcd76e9aa1d0 |
| SHA256 | 81223ffc281b678229252b4de296dba058d8bec3d777be5052b7cea8019733df |
| SHA512 | a4f306442707e8d172b01bf2f1fcfbf624a79814aa9b74c70b0a25c33cf372eb49ab3b1dd3b45bf4b6cdb2dd29caed9e9ea76f79e30ac78162c23906959c119d |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp.exe
| MD5 | 7b014010caa9270d5de920be333382b3 |
| SHA1 | 154fc64b65ad947257c1d2284451b0aa739f9502 |
| SHA256 | 9ee6dfb40ccfe1ed1e64f50e495bd4509b980a6acb4260a1caa5f01b00076828 |
| SHA512 | 7a3cf329f3352b7040882259f9c36344eea80d6680673d72f3cbd93dc17a2732c8859890a43df41419281a4209c06395bc4257458638d512e26838001a6aded8 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp.exe
| MD5 | 6333acdfdad08d6fa9a0f6f4e5c09c1f |
| SHA1 | 6d44ebf7cfcac5f7a6b1539ec717fe32edaa4640 |
| SHA256 | 51408f62b29b6ed065ffd98f5ad8f1c8447acf0b8602395f0a9c756c62150f10 |
| SHA512 | f9f72362ecaa603de995afd8f590810436f8ec96be1c52ac188c7fe03f0acab0a3a27fc42bf4aadf660ee801b5c63de33e092089f2051148a4d6bd656349c89e |
C:\Users\Admin\AppData\Local\Temp\ekwg.exe
| MD5 | 091b985cdabd9960cceea9f212540fea |
| SHA1 | 1aa80ab959f34264cf3d7d123b22196b719400cb |
| SHA256 | 99043324dd1a7dba97c31868c514b311cdb66cb9775f1f47e0499e39c9182422 |
| SHA512 | 17dc8dc8cd00c77360515686985aedc0ddf4e890c6a668945c426253a0ab259acaa51ac5d6e941ed4f79ea5b7c2d703dc033d56fe14fff25dd1242e6dbd8f330 |
C:\Users\Admin\AppData\Local\Temp\uaYgkQIA.bat
| MD5 | 927b0bdb903aa2dcbe88c83af04fc3b6 |
| SHA1 | dde8db6512b1c0b21ed230382ea6fc7e028bfaac |
| SHA256 | e22787c31420fcdae056f87625761d6cc0b503deee5269ca2f5e1ad5e01e1f93 |
| SHA512 | ae39d4e6c4c0d021d6435a6f5177c023e93ccf169aa1be5e8b54dfa56d72bacfcace6154d5f0efe23d2355a91cd1ef7edaf569831c91b2dc749eefaba38d911c |
C:\Users\Admin\AppData\Local\Temp\QkUe.exe
| MD5 | 8af1fa766c505b693eb4e4012c828edf |
| SHA1 | a3e7e686379757af543134cbee06e76642bf2fb5 |
| SHA256 | 2a44a05d54eb506ef2e35bb3551c7d13731cc4827e373b740f356a1c6bee767f |
| SHA512 | eded368f275d1e763528ad2825e30f072fd940f81dafacc1b8f71056005e91b8bbb4b1677db285178e9f171a0d6fb4e72197a5f2ce8ef7723e9dd31fedc3fb21 |
C:\Users\Admin\AppData\Local\Temp\koYk.exe
| MD5 | 3353e6253de193d5f7e33e1286e91b3f |
| SHA1 | d0274993bb278d9945b99c0016d9b4fb81df5fb5 |
| SHA256 | a4e9ef694abde289ba1ecc5124de81b0301fcda55fa80044eeb93591f19711db |
| SHA512 | 2f50694b522834a8cf37bb360986b264a729c0308f539c6701530871b164238243be53a4eee8326d8f0a7ef2f84dd263da734602dc48b3ca446efe29fa9f6971 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp.exe
| MD5 | 742e8a1dc4fb49e7cb0063671fd23318 |
| SHA1 | 1923d197bc01bfb98f4e370139b4f7f534ebdf31 |
| SHA256 | 24e2c2855296c36f0cf5c535798960c9834f532927d75346632a3a0ebb05f489 |
| SHA512 | d0e5c0ddb0714757478b0c1266387eedd9c0ed2f58fa1b83c8a416fd30879d0d3521430d915b4b359680abf8af3e2ab0ac13cd65070be4a0f32e8a44f6292705 |
C:\Users\Admin\AppData\Local\Temp\OQAe.exe
| MD5 | 1c661d49672e93fa0b5eefbc31b87ff3 |
| SHA1 | d97fb82f1bbdfc367e2489d56552d32f5451b1ae |
| SHA256 | 566030846f1b2e860c8278f8a3276138736dfd80b55d3e096402dc39684937f5 |
| SHA512 | 491592d342da3e959a76a9842d8d5622357d016d23a8db450435e7b4555feacef5533013af9ea171f10fe6daee6911878a685ed2cb536d499ae19af89dc2d539 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp.exe
| MD5 | b07f60c34ae7c83714fecbcf6d96d25b |
| SHA1 | 329754776e123251050e04ce9affdc936533ff8a |
| SHA256 | 27b44af7bbf8e6a92e0060e2c3f34fa10754afb090d473c5f7df2e3e1b2ef52d |
| SHA512 | 9b82084ef19b3f792849a7b7f1e80d1c4aa78b70a82a692b30a7e2c5a5cd2b49a740fb5feb4d2ddbed259b11a6475c2f14a3438356b7a3de97cd09d1c8950b71 |
C:\Users\Admin\AppData\Local\Temp\MOcooQYU.bat
| MD5 | 6eb3bd280d5b33567da3cc8e1eb92990 |
| SHA1 | f86fea8a855f15bb182b0bed895504c108dfc502 |
| SHA256 | c0303ff92d58fd33ee112a704b2040083dbc57e155ab142a03ceef9d871c5983 |
| SHA512 | c9d6988365a14ce83dff03b791b52e736dd30caad0a10c37ce2918b47a404da0e7309e79a2d6dd4f69e052934eb59c368c7e9160f4b991a61c9082596ce66fb8 |
C:\Users\Admin\AppData\Local\Temp\eYkY.exe
| MD5 | c8ed017474770d59ec9337bf32b7d540 |
| SHA1 | 4066c598ff402b62d93a40b27d26849e2841763b |
| SHA256 | 41ed052bd22505847c005ce55772ed6844e98b8e13e4e30f89f8af06c18201a1 |
| SHA512 | c34b9ccf500617b9035d87f9beb492f6c79bb9cbc39196d229808951b7fdeb66d61c37c8395535543570f92dd090ba031db6a28507982e5758c544f6183fc13b |
C:\Users\Admin\AppData\Local\Temp\cwoc.exe
| MD5 | fdd7c402fb32f0d5e0439d2de7e6b837 |
| SHA1 | a97a520c93a6e5cc74d9c16f7445d7d51a42e8bf |
| SHA256 | 8e9c0cf8a1d24470cb0d5b081dde2febcff29a2dcb47c5682e0981cf7fbd5286 |
| SHA512 | cc83258ce60f0cefb6f0cec572477ed1a1fb0aaff22b21548787ee19a8a57927d35e496eafa931799707b33edd69c84d2b339680a12d7b31a01dc52cf1f4b261 |
C:\Users\Admin\AppData\Local\Temp\kkki.exe
| MD5 | 68be3185620dae717becbbe8da19d923 |
| SHA1 | 5a1efd0a13c118b064ffbfdc3331049e9bc2c6ba |
| SHA256 | 78331244d2f2c49ea2c8edacf891ac1a460a2e26d84d0cfd0c35f4159919cdbc |
| SHA512 | 59ba383ca4229c0dfffd24113a17415084e8265666ac82a52b6069f69d5eeada6b7949977fe0b8a1867ce9ad1dcfb64643305a7266c7ce8e0bf7ea285b7dfed2 |
C:\Users\Admin\AppData\Local\Temp\dsQsMEYs.bat
| MD5 | dcd1c41de5cf2f3f3e481692db0be2f4 |
| SHA1 | 120abd752159d26d2be2322a3aa149d40a9a5920 |
| SHA256 | 52e31a1137acd22cf56b3861e9976911cad1edea6a4b20a85b9cd6a72e9f1e26 |
| SHA512 | 3e4c3ccfe5249310bf98e2219ae6b7794d123bae73d0db750f926f1c841aa68fa5bb18380a01a453a1ee3e192ffdff9b9c6463087137c77507c822e8fc077b36 |
C:\Users\Admin\AppData\Local\Temp\XMUwkQQc.bat
| MD5 | f2674f3ed27e2268520c36c261b9dca5 |
| SHA1 | 709a01a3c823a66bc4e7f5c9ad075009ce27e82d |
| SHA256 | 88c6e6dec70acdd00197accf45b3981b2828a8e0a276047d060df5b0627195e4 |
| SHA512 | cd40f24df7126a630402a22c0c9441d0d28efb4c51e16da540cee564df3f28f2ab5381f623cbd633975b0a1ad081b044cd7176c877dfe8bb0cbb5acb233fcf25 |
C:\Users\Admin\AppData\Local\Temp\KMUO.exe
| MD5 | 84c89f257e9096b85fd569f8871af4fc |
| SHA1 | 168673b28cd91b81b14e0f840e5a7ab5173b5308 |
| SHA256 | a6a533248fb597ff3b09ca2c2af59fc9647029627298d50ee5218fcf559a2e25 |
| SHA512 | 27227c06e9bf1c40a1b4e8787e53fea5e0e5ef12a2cf9da77dcf2c4b3ab85093e155cd3c040b40a4a11bee7238b46381d133da670bcd504011a79e70e3bb70f2 |
C:\Users\Admin\AppData\Local\Temp\tsEwkIcw.bat
| MD5 | e22bf10cfd09762729443eeb90f3dc5a |
| SHA1 | ff8083bf0bdd3280d6709e17e9a256248847d6e1 |
| SHA256 | facb51e73ff58143ee4d105096c47db1e9e74c193b7c76fb65d7be299568ddd2 |
| SHA512 | 522462b6aab651d0f684da56ec151bb7f6b1ae7a5b78dfbd53a0d32957e39b7e52c21eee606c30992e5a764ce5a19f0fd0843b2b16426fb0ce5df31d258a00e7 |
C:\Users\Admin\AppData\Local\Temp\sYMO.exe
| MD5 | 009ad4663bbab7259465618759888b74 |
| SHA1 | b210c94695f6714d7e4ee0f6efdd2f6e5e2f356b |
| SHA256 | f62c4b1900bbfe48ef5e5f272b82c50cf76a353270d41993d5a0d4b1b75c5f24 |
| SHA512 | 066c0c7b5f621e623d054e1771b99dfaeac1d6f746f0fedf11d31ac7460fac10e96135a1fe51e8d19cd59750a85e61177f87e7ccaec8ebf707781eebe8e6a749 |
C:\Users\Admin\AppData\Local\Temp\Cgwq.exe
| MD5 | 296651813aa206636a09e518a2f9cb94 |
| SHA1 | dc1fb71b23358ad1d23f36c8cf253157ca90813c |
| SHA256 | ccf0fee27224cc3d8b7816b06746b9e9efe33c67e51d445bf04057b2eea2ca9e |
| SHA512 | ee96769116291dbfe6d7ed56b76555e48a7a38df424c6ab139222cac6f8437073dcfe9cdfe72e63d4c9e31516b5fdbf20ff23d47f0bc0f344fd758dc4891d3a2 |
C:\Users\Admin\AppData\Local\Temp\aggc.exe
| MD5 | 746f9d978cba6f8ac291b93506455e20 |
| SHA1 | 3d38c35e3341174f49ab52151c76953b22caa827 |
| SHA256 | fd0a3a3809d9d9a41efef1819977eb588ff17f29a8baeacec9972e4dd210468c |
| SHA512 | 19db38d0049f76fd8987f0ef177418e3445ec823e4e66f6851a5431f29fab9d710d6ddddef0c8bc39a33e8392c18e49da7631edcbc6351235541b5fb135c6eb3 |
C:\Users\Admin\AppData\Local\Temp\YAAC.exe
| MD5 | 7ff78edae9f1decf0ff63040125e1d25 |
| SHA1 | a639ff7a274c3509c3d4e8bdf1d16fae7cc76e4b |
| SHA256 | d1f7b6d63d67b7f715ad1c033d148d85ae39ccc5234090c4f2d45b7cf21b09de |
| SHA512 | 9a56898711e87342c559452909bfcfdb8c65d2662d1bfd19d959f2aa66e1635bc23effeb8c69c7bf4f00a0b138151bda6c08ed4ddfeded12d9533c65b0e67d7e |
C:\Users\Admin\AppData\Local\Temp\QQYa.exe
| MD5 | b968c9512d39ea4f4c8972b60702fb4e |
| SHA1 | c4d0e643d58efe9face5d6459ce4f76bd66609bd |
| SHA256 | c408a1ac9a0701f184d6d9c1e52653b4a9e05a7d0a773020df12097d22c46956 |
| SHA512 | 47dc3184ccf14b47a1464a14e27079c4166225e6ab940b1268c393aa68aaddfa2246e9db806047cc84baddae4ad8272d58c035b3c284ba533f80cc11868f20b5 |
C:\Users\Admin\AppData\Local\Temp\eQEq.exe
| MD5 | 94c7c6cd1fab5a7a5a6e8335edd53114 |
| SHA1 | 596d0352fece8ccb6c4198233e75ceb8a7e9ea8e |
| SHA256 | ba42c26e7412e605e534d1dd90f1bb860144c70aae451126157c0e52a878a066 |
| SHA512 | 9da5a0c9b3102f9f66c58fb72817baf8451938d009837fd5fd5daf7cdb244164ac400d7e77263fe6807303e5dc9367defe92fad0e97321003d5af432ddea7bc8 |
C:\Users\Admin\AppData\Local\Temp\WIkS.exe
| MD5 | 6a5681e4dba7458b4f68e6f2178dca3a |
| SHA1 | e29fc68d4cbd578e369da185d4d3278e47f501a1 |
| SHA256 | 6f9cbecb94ef913c0a8ccafbc20a15d4e29b62132d581b3a55fc37967f2d8519 |
| SHA512 | 916f262dfb69c84186b88a763da3561246db9375a606144c65be2605e07c297fe22f3aea3d17327ffced0b7f7d1bf8210986d22f45795f95b23f1495a0c4b500 |
C:\Users\Admin\AppData\Local\Temp\UIQk.exe
| MD5 | b8c46801dca3fc4bfa58f9dffe40f711 |
| SHA1 | 68b42f6bf3c60f12e3de7c72b1748df3b58015d6 |
| SHA256 | 7bfc5dd35bcd872effa104fa6c82b4679b852ff6cb46ea49a49cfbd04c5260b0 |
| SHA512 | a24fb18dd02e7ab95c296bf0f3f1dcf1eb4a73f3f0ab1177b5460244255e4b5435912809be6dba74edaa1794e998fc8637e796afd0a68cf3afa3664b9a0046b7 |
C:\Users\Admin\AppData\Local\Temp\SYkc.exe
| MD5 | 46aef26a65b4e4669b3ea77d69a544a2 |
| SHA1 | 090b4e79471bbf4d51ea0b6bc611b3209b1e54f5 |
| SHA256 | b3dace2573fcac97d6699e4acc1b52208fde4c71573b971571f1e7a98eef9db3 |
| SHA512 | 3ebed3c3a3e3d5e26eba687ea187414aef4a49b73f3f66338bbe28670cb8e61ba37090a4458caf27ed50b787309fc66b549f26e5a208700a5fb0328e97898a1b |
C:\Users\Admin\AppData\Local\Temp\gwQs.exe
| MD5 | 55413946d799e7d0cf22e9aee7f8225f |
| SHA1 | a5cc974040d25d9507fc6daf7fd2332d80d9bbf8 |
| SHA256 | bba433f530bf650ae748f0f4b9010de862ec2fbaf2f0692f07137279505f71c1 |
| SHA512 | 5ec8e351b2070672bc800d9ab73615d502675b45fdb3c1e3de8260cf407ce06b36002cb849b4877569599867423b07013ec92e49ac3108a0a0e7b886a37eb367 |
C:\Users\Admin\AppData\Local\Temp\ViUUcwsM.bat
| MD5 | ed03b7f861106075a3035d620b69eb9f |
| SHA1 | ca3b47f86925b277dfabdc18c8502e2f2893a142 |
| SHA256 | f109177524d8fd1ee5d3efac2a306d998a2c198dd3d68a22df005e83e14f6624 |
| SHA512 | 1b56b4db2669899a0aaa8f19b73bafa99a2c01f69002cc10cfe264d6261c2e16e4d60d42fbd27322557123e589b8df4beebfb2116973582864ea818b097c139e |
C:\Users\Admin\AppData\Local\Temp\eQkcUQIA.bat
| MD5 | 0cb8fe10f79222d13a7a57c56ed432ca |
| SHA1 | 834c5c5e3fff0ee9841673abf07bd211a7a64d0b |
| SHA256 | 95c9ee7c8561e91c7900231b4b7ad823a953703978208488b906b6c5206d950f |
| SHA512 | 93b3707accee8bc4312db467f6e90d4011f55619a3f3dafcde11991bce7c226427a00e64024b4c23e65cde7459c810cec2619f142d919fa93872e3efd0cfc394 |
C:\Users\Admin\AppData\Local\Temp\iCYYkIAk.bat
| MD5 | e0cbef22d5cd63155d5802f470261169 |
| SHA1 | a1a19a193898a405d1af9042c7be14335099c1fa |
| SHA256 | bd0538a3c418b855005d30f0a12f661504ef58916b4a841cba567865e866ae4c |
| SHA512 | 0a32286eb57dc5e03f3216bee7fa421e10e018d492b413576406b75f22b6ce5c60f68b82c42241804a5d6dad7c4e5b3eb07e452f2018f7fd61dc18938d4a438a |
C:\Users\Admin\AppData\Local\Temp\kugowwkw.bat
| MD5 | dbc0c47d3fcc72a428c86fbda1466a55 |
| SHA1 | c86e2ee94cca04c1d045c6661e04dec971e0755f |
| SHA256 | 65df7ec53f1c99eceb15829c9f594339c43e175a1a73752b357ab20b1a0f8369 |
| SHA512 | 705e5a4ac04b7b92217094315e0ed427e2b713447c52e4505aaf513818cd0f25ea14c164b7ad766a770178fd90b84152a5bb1edb5a3dec2ac621b929e1e92912 |
C:\Users\Admin\AppData\Local\Temp\bSsAMsso.bat
| MD5 | 44f81f233bb56b2242be05fa11f92436 |
| SHA1 | e7be5a0f4a330eef719fc6b17ddf35f36047b526 |
| SHA256 | 2664f62390886047e8ec7ad6d29c27f8b4f60e859ea251aefe5187a5d42e1f06 |
| SHA512 | 15676b825cb542a67c93240543a39bbf0e95ae590a0422cada4f3c001919c78cddd14c8bda6569da1b53b39ad1b30bf8c6efd6152bbc5b49cbca204e29d41dc1 |
memory/1996-4378-0x00000000771F0000-0x000000007730F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jeogcwsk.bat
| MD5 | f47a58886feadf08cb5cc2118a7cf881 |
| SHA1 | 80f1230adc091f777e86dd57317dc6543d2292f7 |
| SHA256 | 74e03a7a26353066a927bfd62db182cc1c8a51eee01bb9e3be47592108b441f2 |
| SHA512 | 3149947b25cecee1b3e60c7c2b20e7ae7fa148075309b52932c475e504c44791776abf351474230c5f2402cc6a321427fae04ce684ea0c21263e22f0f6100d63 |
C:\Users\Admin\AppData\Local\Temp\bsAcIwwE.bat
| MD5 | 9e702c579ba3565ce3ac5fec6a37dae9 |
| SHA1 | 2893073728fbeaa1d7d052a65e30f2d0d0104f92 |
| SHA256 | c2e80ba939b91996b3303d16493cad71637cfbeb26a00079d02ceb13472d0fdf |
| SHA512 | 24e6bd13656e5bc5cd3b10becc75c3c27d5ede3f3f8a2be53aa2d4a008171cec974f9f1c76ba76df13e162f8226aa39593e3fe9bd56de7c97cb5218a9a439da2 |
C:\Users\Admin\AppData\Local\Temp\jcYMEwcU.bat
| MD5 | a742974889ce6eaf92aaea4d6f7b2637 |
| SHA1 | 9be4e3f797fdb6f808d39c1ef3c62386152317bb |
| SHA256 | a2db63c00cefd4d18d8d004e360645e2a01bcaa13ebdad3bd93451ea92f50265 |
| SHA512 | 7b89536ac9e4ffe029e33b64c56d2fa1fc82436102ebc7ee642a52e3f6a36becfdd2976b98704d4c17805ca4862d076cc21c82c211a661b948b1bd46f9200f39 |
C:\Users\Admin\AppData\Local\Temp\coYQMcog.bat
| MD5 | 2196179301f915f1046b357de427368a |
| SHA1 | f0aa80d468954d4ce487303b2416feceef414204 |
| SHA256 | 182c109f9cbdeebeedd6fb026d2d78646292aa6b3eb253dd0e74677d98f3ce01 |
| SHA512 | dea3d708be54a52346efec718a4df925ba1c74c7f2047aa189c5214a78a7cf0177a222bb1eeb3ccb5b0289d3699be62f4035ae300c8ff01e793b7a9dc799eb1d |
C:\Users\Admin\AppData\Local\Temp\UiYMIMIw.bat
| MD5 | f1e45cf98f886f80b51cc5ed1ea7ee12 |
| SHA1 | 283de2a965f80ff45f50dba86b9bad4647a07c8f |
| SHA256 | 52e55ac54d96513d12780eed30f546d2b506c020d081ee5ebfec0cdfd469b456 |
| SHA512 | 32efb0f957f0eef35277b54f220fa17dadbfbc18fc486f580cb82698ce92d6fce518f415e2becc0f284b6f34d56597549c62b1c060ebafcc4d6a9a7db6e91b60 |
C:\Users\Admin\AppData\Local\Temp\sCwUAcAQ.bat
| MD5 | f7567b096dcbe1ee30911432c0d0a467 |
| SHA1 | db39d453a0d169e7c82f852c0eaa08e9bfa4debb |
| SHA256 | ebb141a1be380df8a6337feb20e9221c005ec0f6839f54137bb0b10c70c8bed8 |
| SHA512 | fc257c7241cc2a6c29ba9ffe02103733207f199978e4ee7797af5eec2dcaff66b2564301fc0152562babc90e3c9bf87ccf06efad1c092d08a4f88a8e93ddb345 |
C:\Users\Admin\AppData\Local\Temp\cCUcwEAk.bat
| MD5 | 58bb93e22f1a3d9d294b0dfc21b4d0ae |
| SHA1 | a49e0ec6dc61536e413b043d548b1a3c0c3830a0 |
| SHA256 | 38d77cff54227af20e4b5a6ddb39f646aff7d9ad0c248c9c20eb1673b364f3b1 |
| SHA512 | 7100ee28685453ebf4a9d88f37314175d21b2983d8467cbf17cdf9990546e04c0f34391b94182774b214e9c54d9d17d80f6a538214c2fffaf1f5bb7d0c21d040 |
C:\Users\Admin\AppData\Local\Temp\OWcIsEwI.bat
| MD5 | 0abe3287f90e69429af350ab7fce8133 |
| SHA1 | 201b98c8da768cf5db723ea3f5a354959cc5e4f7 |
| SHA256 | 2279df70e3e45b20cae17afd210fe0d1f159458422ecd19b1a37b92417cd6091 |
| SHA512 | 0ca523ce58810ed9bd86fdeaf1a8d8dd557e15c456be56cae00e29a704177d84171c65bb10c13fec2f46c1033c690c7fbe0678e0afda28d47304b448033860e5 |
C:\Users\Admin\AppData\Local\Temp\noYgYEIc.bat
| MD5 | 6a03352f464fb2d5cfe4ae25631ecacb |
| SHA1 | ef1ef4c4f757bb78c9d57eef737fcdd268fba558 |
| SHA256 | 683d3b32746ed961950ce7e34d23e02f2951f65a8465945d8f30c2c78e8e9044 |
| SHA512 | 6363610ca49fbc8f2512dfbcbd2b74877be7bef44f69409242502ce2f86def6a43613cd2af154e3fcce0ea856a38cdfe148c339ad8b02b2c3ce94a2d09145e16 |
C:\Users\Admin\AppData\Local\Temp\bUswkQQo.bat
| MD5 | 120139dfeba5524055c1080cfe1563ce |
| SHA1 | b6a9b5d8da354dd9b3179aa66dba0b772779d1db |
| SHA256 | 866780642a508aa29a385646b0f69e9a36d807766176225f22b8178b96b885d3 |
| SHA512 | 1ff9e7377170778d6fbee623d5014082738d5680f89372528ad68d5db8ba5c59a4120a6df3ebdb8e3adfe97bb6e41aa9b71c2b5767985977d0e029afeec27040 |
C:\Users\Admin\AppData\Local\Temp\LeowIwMo.bat
| MD5 | 551b3d800d0928331edac9626d971cec |
| SHA1 | 2d92ef7d50076fb12a0b2cad739d9630c6ed30a6 |
| SHA256 | 72f5f64d0a825e47f992671abd1d76d3966807d3ed35c31647c1c2d204d58cbf |
| SHA512 | fa7703519a22de56ca2e862abdba61f5530a1209904f682d834df807db836a0e7031f6a122c72f194a8c707e6f188e85340c1ea93510207bb6333d2deca2d5ba |
C:\Users\Admin\AppData\Local\Temp\HKgsgYMQ.bat
| MD5 | 84b756b84f31dcefbda332ede2abd208 |
| SHA1 | f45aba0b5a13e6021a6b4f26ea851a086afbba8b |
| SHA256 | 27237d81044ad56487931a4b786b5be536b4c45375bc0fdee517015ce364d637 |
| SHA512 | 7e1f2fe9c32b4c57f05ec12f4e61ee673ddc07bc20a560f6373f9887f3b5ced7fe68555d39ccc36fc1e69894ce81fdc6862bd7b5520de8bf951e654c10a84426 |
C:\Users\Admin\AppData\Local\Temp\CkIcMEYY.bat
| MD5 | 75ef858af32eb95bf4e20269de87d808 |
| SHA1 | 3d8d8d0445f0e537b53efdcae284776c2567a56a |
| SHA256 | 176c689bde825d1ed258dffea81ff80f85211036a70b8718f4407c99e51f4635 |
| SHA512 | ffe0c70762fa39ace4fc426bc85d93714b6daaec899165ddf33c53fed989151a120974f429861fcd9e52965fba17dda4f7676b48965029e8276890be7a572a40 |
C:\Users\Admin\AppData\Local\Temp\CowwEwoI.bat
| MD5 | 176ce2b35ca59f645989bf1c22ebe0f3 |
| SHA1 | c53f98771ac030f7a5fcd8112571a83511e5026e |
| SHA256 | cd458e95338a8b804008d97d74273c6836c489124e55a2ae7659263a1575b11b |
| SHA512 | 0d3f91843d8b3341b1f117c7d9e744bbc33a437db5a6739c52140d3f25a3257f21f4506528b62e1d299fa9ff1270f414d985a9664d0aeb0ad1efbc8a9586d31b |
C:\Users\Admin\AppData\Local\Temp\uucYcMUw.bat
| MD5 | a05e391840b46106ffec0263eaac1890 |
| SHA1 | 98a289497a810b23adfed637710f49fb6a4efba4 |
| SHA256 | 945134a0a94431bf92d76ced5588765f80649c446b5e5a32f660bd7a5ce2ca36 |
| SHA512 | e8cdc820e48d648318cdb84875a6076037f6b9df787b384104a9d1c0f91dc99955186404ed08d14f9e164725ed9ae2bc0990e924d2b5d7bfed9563d3542ae478 |
C:\Users\Admin\AppData\Local\Temp\OgkMQogs.bat
| MD5 | 9fa433ead31ac1df78cea5b208c9e2f3 |
| SHA1 | 243ab511d8c92ec719aebb284eb045023fcf0e3b |
| SHA256 | 55dd17d8f6fef871f38e8e40ab92a90aaa9c585fd2c06290dc9bb1239de83ab4 |
| SHA512 | 22ecec743038fc4a93b893a09c0d03dd21ac02882b6b7dfaed9a0b3a362f3e4148e2cd1e780d08df62bc49dd827b2a9c822339a5a1429764fc319f3ee0f5792c |
C:\Users\Admin\AppData\Local\Temp\qSwQkEsw.bat
| MD5 | 1539712b383de6add369e57b71355a5a |
| SHA1 | c8199177c397192f62b9c02472fe23c26844d2e4 |
| SHA256 | e8c73066f7df11e5f380a14c225765b06a0496cbe1a8c348e2f060f8f634e2dc |
| SHA512 | 3ca4d3bced21bb2d89c85f533d381ceab60dbac843472103e2afc78803b36bef47f2400eaf9513ed0ad3847fc4467375b1c635c9047645810f64f5afcafddd3a |
C:\Users\Admin\AppData\Local\Temp\vWMsUgsI.bat
| MD5 | df470fbf392ccc60e33729e96754ed61 |
| SHA1 | 1a3a83d9e9c0c98ab1a395d876ef9c6ed0514b2d |
| SHA256 | df645a3399690b3f4ae6e9e26004bd9cb47ac8a35faa3eff444129ec9a7e368f |
| SHA512 | 03da2c936a405994f29016d978aa1a5a7d379a6f285d3b27d4ccbfc61b89cbe934e0db2045be4d8dcb91ab595181380b4952837ad6554fb91fc989131afc0ceb |
C:\Users\Admin\AppData\Local\Temp\fOYEossE.bat
| MD5 | 65aecfbbc6f817e7c926845dc090c1d8 |
| SHA1 | 90a69023a7e38cf499c29dc7680e8a4c3b95c2a7 |
| SHA256 | 0b6044bf39137ed12e833e5bc492220a48b35d09f21afd72279958ffa4cea717 |
| SHA512 | 27c1f4d17dc41a5c6971c93d657e179185125a9e86cfcbe205497ffe9aaa9cd2b064d1cee55784fec788e1dbcf823ab0fb5d02729a74aa0871f260de50498c3a |
C:\Users\Admin\AppData\Local\Temp\JOkIgogM.bat
| MD5 | 0d450c9d93f077c05569fae1f3f4b97a |
| SHA1 | f367712dab05c889d91aa997e07306ddef80830f |
| SHA256 | 89e934c24b0d9c6b374b977742d105b2efb1a720bc7a5dfb201407a93535e8d7 |
| SHA512 | e4ed510f1d5e49d54235169e2d9311e33127a7b3f6a9eec6bba48d4eb1c13150a34c4730f702cc2debb8331df5bb09e9339911562e6b93e26cd63c9b29542581 |
C:\Users\Admin\AppData\Local\Temp\LEMMwwgs.bat
| MD5 | 9e9131ae724db93eb26317637f00172b |
| SHA1 | c04d71dbd04159fa21ad8dca801f81fd5905e7a8 |
| SHA256 | 724f10acdf6866bac847d6660eeaa098b737805ddc6e983690d7c5b95c961437 |
| SHA512 | 2d9a0723ccc29373d7da1d6aad767349ed90c77ca83f96bc0b8a1a5bea46fac673f01158f304ea50bd9c14713ff79a63c914b35511f5f6e9699046789fd98af7 |
C:\Users\Admin\AppData\Local\Temp\sOQkgYUo.bat
| MD5 | 5d3be08ff7e40a77457516c11028fa22 |
| SHA1 | 7860cd71fdcbc7e4bff542dd0c31d0da13f27382 |
| SHA256 | 168072d7a8197ec2bac117af33b8c2ac5cfd7150da94ea69e61743833d5c10ac |
| SHA512 | 547b7d849332bc3c51d00aecdad3e02255553f5a38ab329b0f7ca99c8d527dd3904682024879c6852b507f2b6a687f2f980a164db48a717144bfee2596d7992a |
C:\Users\Admin\AppData\Local\Temp\ekoQwYIY.bat
| MD5 | 5ab09caa0b8b7e40c7a9e58204ee8f6e |
| SHA1 | a844e6e43fb7e8adc9b3b0fed34bc22a8e3a6d9b |
| SHA256 | f144c0b23ef231f5750e1060d8339c441ed75d0bb8225175eb7c861db923b2dd |
| SHA512 | 7a60b2f6cee2a062612f7adf8189659af601f3fdb0beb576aefb08f073cc0e2d29cb9b9dfd94dd5c4a98ac6e8eee80f94455310ced71a75ec8bc701b18ca2207 |
C:\Users\Admin\AppData\Local\Temp\qMowQIAo.bat
| MD5 | 9fe5d3bcc29e24262336b1521e2e2b41 |
| SHA1 | 95b51dfce0ae7ed378f106caf6f52c8c20a182a5 |
| SHA256 | b5cd38eb4d1d20f741d3d5d1e0e69777ee97ffac81c32a9f4b4e248e56bf05f3 |
| SHA512 | 1fc3a1a4ba62971b0f9d9c14814e31642eb089ebbf3d56e76635e478226a4871b35585189d2558a2ecc194744fe5f136ecd2d2270a636f2ea4c3988f49f6e109 |
C:\Users\Admin\AppData\Local\Temp\WQsMYkoE.bat
| MD5 | 0f0b3c8aca20b5ebb68eca88a6f8a8bb |
| SHA1 | 07fd29c78453498cf290efc4f8c57acc8dad4adc |
| SHA256 | 2a58959e5265ecf03fff1a4f2fde603188dd63fc658f3881950a446a7b737fc3 |
| SHA512 | e8d501fc3952cd41c653b255d4173cdbe4ab1908cc6e78c1d9f69eab1ed1e85abeb184469fa1535b3c43e4227e8cb9bc1e850f17c2f997c94d089cde0e36308e |
C:\Users\Admin\AppData\Local\Temp\LsEoIogA.bat
| MD5 | f715e13db66601cbfc012cb22cf31760 |
| SHA1 | 9ca5f2ee4f0a31b195a295fd2eeb0ba72d79258a |
| SHA256 | c48d01ec3aa4999f8eee98d566d3a413525dab131279f0d372d56a01d9d478a6 |
| SHA512 | 6a2653c59227723f2ea279e384164f4190794e4f9e9d78f0387c4994cae3f1b101a50b1c7130c9eef1a5027073a847560c23d2dbb6b6a2711f74ee90131f58e7 |
C:\Users\Admin\AppData\Local\Temp\jUEgssgQ.bat
| MD5 | 5ced9e293c7ac12c2b901e640ebc3daa |
| SHA1 | be0f0b93871708ee5fa13d1a7ab8892bb5d84c6f |
| SHA256 | 709e26c69a8a427f93fc013b84f4f456ce0f07353dc2a284a5294714139b2923 |
| SHA512 | 7af2d939e768b31219050445685ddac5f298ee060d55f56c51e51a96c30f48e214c40b78c13d58085dcb9d332c30acecd83ae12ec811168c99a07a0b3acb5a66 |
C:\Users\Admin\AppData\Local\Temp\XEswEkss.bat
| MD5 | 24c25299a8fe2788ead18732b71be7c5 |
| SHA1 | 74ec900461888eefcc0a5b107a20a18866e8c247 |
| SHA256 | c188e6a7efaf2951cdf2e2eaf2525e2d13219fbe5afb5d7ede79d4a19c587664 |
| SHA512 | 95dbb6d8980eac60918a77d2c1e3f6f4a6a593a27bf2ee5f1e4579bd7f4a1659600a987b5ce8fc607701658558d8d09668e6dce03bcf164e73edf065ab545369 |
C:\Users\Admin\AppData\Local\Temp\SGkAcgUM.bat
| MD5 | 314bcc0712400a19b96811b3644166f7 |
| SHA1 | 3c45d5e1ad19ce589d52841933552a3c4518998d |
| SHA256 | a110493aecc39c58e3482d7c5e7d0e277131415aff33d15d87be74fcd37cdc9d |
| SHA512 | 7cf4ef4cf5cdf474fc73be9f28eb0a4b1d99cd7f227d9493f4cf586162df296814a331b77ed5987f2ffb9ab0f04b3a43d34101cd5da0ae61386c89bebc71b65d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-16 08:20
Reported
2024-10-16 08:23
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (81) files with added filename extension
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe | N/A |
| N/A | N/A | C:\ProgramData\IqkUcgsA\eUsggAwo.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DgYQsoQo.exe = "C:\\Users\\Admin\\HYcAQAYU\\DgYQsoQo.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\eUsggAwo.exe = "C:\\ProgramData\\IqkUcgsA\\eUsggAwo.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\eUsggAwo.exe = "C:\\ProgramData\\IqkUcgsA\\eUsggAwo.exe" | C:\ProgramData\IqkUcgsA\eUsggAwo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DgYQsoQo.exe = "C:\\Users\\Admin\\HYcAQAYU\\DgYQsoQo.exe" | C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\EqIcsAoM.exe = "C:\\Users\\Admin\\sGkYkgcw\\EqIcsAoM.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\lawQAkkM.exe = "C:\\ProgramData\\XOYIggoU\\lawQAkkM.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\ProgramData\IqkUcgsA\eUsggAwo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\shell32.dll.exe | C:\ProgramData\IqkUcgsA\eUsggAwo.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\sGkYkgcw\EqIcsAoM.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\ProgramData\XOYIggoU\lawQAkkM.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe"
C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe
"C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe"
C:\ProgramData\IqkUcgsA\eUsggAwo.exe
"C:\ProgramData\IqkUcgsA\eUsggAwo.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wgsEMIUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SQwMUIIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vCUwEoUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pYAoEEUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VAwkIwUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SiYoAsIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OasgEMYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UKkMcsEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vEAwUYcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZKEcUEEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VmUYMQgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yUMcQUEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aQQUkYco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IqwAMQIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CWUgooUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nAAckssM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FIIkYYkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VyUQQQYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AiIkwkQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SWAEAsAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\seYQogMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YgAgwYIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PEIEEIsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rUUYQAUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hGYEUoMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WsAQMIIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IsYsEwUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QmokgoYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hOYIAoUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rmYYsoMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\buooEgcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CIgEAUMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EyEYQcYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QMIIEsAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TIUcsAcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RyUYEQos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fWcEoUEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mekwswcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\swIYooog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wOocgogI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XessQYYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\luIYQkoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FmkIIkMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fCQgQwwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uIMwcwcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\sGkYkgcw\EqIcsAoM.exe
"C:\Users\Admin\sGkYkgcw\EqIcsAoM.exe"
C:\ProgramData\XOYIggoU\lawQAkkM.exe
"C:\ProgramData\XOYIggoU\lawQAkkM.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 204 -p 4028 -ip 4028
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4540 -ip 4540
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YeYAUoIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 224
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 224
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AqYcssUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QEwMcEII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TMsMosMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fyssYYEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dEEMEAEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KgcgUUEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kAsQoMAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wggAEogs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\saYUAoow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BYEYwwMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pKowgYcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zmMgwoMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hSQwsIkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mqoAgYsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IkQMQMEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CmQMooko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VEccokgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nGIsYYoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LwcwUEAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mAgYUsIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AUkIYsYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eWcggswc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gmAAUwoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\reQUYwMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dSEAoQwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dOkMoUoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mOMcMIwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SYYcokkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KwcsMkgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mAIEEMwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZIYAEsYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pOskIoUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NWQsQEQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LOAsMwso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kqIIkksI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gMUIssEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EQMsgEYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RQMwgwEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vSIcwscA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\niUgwIYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JIcYMEMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MykkYAwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YCUMAsIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mukIcckM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RCkYYMsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pYQMwIYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zIoMIcYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\esQAoEcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uyQwEoMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uOwEEIkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JsMcQIYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\puwgooYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PasEgkcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lAcAYAAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wEcMwQkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OWAsgkss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ieggcoAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hesMgEok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hugoAgoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DokocAkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tkQIgckE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KUMsAIgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cugkAQAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PmMgMkUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dwQkgoQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe -Embedding
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JsQwQggc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dCgwgQIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GeQcsMUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wIwQEEAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EAwkIAAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PiEAQwQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NyAEAIUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pkUYosck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vMEocoYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cMQEQwEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oQgsoYUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eCYAMIME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KKgsgcgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xYogcsEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VIMgIoAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jaQUQMYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BAAAcIMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YisoAkgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iqwkgwAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QkEIwwIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.169.14:80 | google.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 172.217.169.14:80 | google.com | tcp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
memory/1896-0-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\HYcAQAYU\DgYQsoQo.exe
| MD5 | fb1d384c5c1c524ae6b71c529d77ecec |
| SHA1 | 9dc0b988672236204df2d91222a4275c32c2fe97 |
| SHA256 | ac0cdf11be70254f2d8349f6c39e66a25d43afa9b96345501de2309c0bba1d65 |
| SHA512 | dc94eab12e535fdfb13a72972c602f220bcb63400033c862bdfa5c5913bd73bf71d25a9839bd85f2d3a37de91db71c48203b9d493b44f7127e038439dbfa0c35 |
memory/1760-15-0x0000000000400000-0x0000000000433000-memory.dmp
C:\ProgramData\IqkUcgsA\eUsggAwo.exe
| MD5 | ef85057657cbff21d492447ed47c978b |
| SHA1 | 6d923ea60641a27b72ff164c24bb73f4459cf9e6 |
| SHA256 | 8027471858aa85b23c38847bf468cfd7b7d85cb522d58cf741eec0ef28e491e0 |
| SHA512 | ec1d83c0a88af4c80bbdba38dce019bdca08f42c1b9d7451da4a6da8a09fb0b7fe39a8c5266e8ae52cdce16a89e5fb8cb367db045d90aa3b2eadae63531ee4a8 |
memory/972-7-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1896-19-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4372-20-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\wgsEMIUc.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
| MD5 | 38523dacb7a20f049d5de61fc1cf87d5 |
| SHA1 | 310f1c826385f858572a6c747688d897b851024e |
| SHA256 | 4ee4b1cd9eddbf7cdef2797a8822ddd7afc8082b9483d52abee606e8e99a2191 |
| SHA512 | 61d8bbc98b2414fa7311d1661c9ddd33edba50a5a1847a78b52429b819260d176af87068b10a0963f858e55a0ad5ed3fa2bcc0f02389334fd47894aae662bee1 |
memory/4372-33-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1368-34-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1368-45-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1376-56-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1312-69-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2572-80-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4044-91-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1476-92-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1476-105-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3648-116-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2216-127-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4792-139-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4716-151-0x0000000000400000-0x0000000000433000-memory.dmp
memory/344-159-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2684-163-0x0000000000400000-0x0000000000433000-memory.dmp
memory/344-174-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1436-187-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2024-10-16_e0a8441493e12806acc53cce247292e8_virlock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2764-198-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3068-209-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\HYcAQAYU\DgYQsoQo.inf
| MD5 | ae6971ec39344afc1bfee7a62ea22a23 |
| SHA1 | 00309a95aad564ca120b2c10f0517dc7c33b9703 |
| SHA256 | ac884ed4a8c2c5b5be170c18f31478563f26ef7ca390ada477e4819751bc8d66 |
| SHA512 | 02ebed060289d1dad59cf316d3e0736f712f20b17b2165359eb5db91a8da4b48c4b4790934432d38554586f411453a9cffd256a6699b29914ed22e8a45a86e6f |
C:\ProgramData\IqkUcgsA\eUsggAwo.inf
| MD5 | 1c8ce23a765f3304c1fec690e80e34f8 |
| SHA1 | dea9fdea31ee2f573031d6a6e4ff9b0c30a05e5c |
| SHA256 | e3c7807688f863e47eceafccdb8d20b128c038156fa2586acba5ca19d67fea1d |
| SHA512 | fbe470c00de1a6c335290a89c079c135a8471211a43dff39709d7300bf971764ba7cb8c37410b4720c2fe16f61a7ce59b579642311532077bb323482cfb0b4fe |
memory/296-224-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2904-235-0x0000000000400000-0x0000000000433000-memory.dmp
memory/552-246-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4368-256-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3904-265-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4648-273-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3032-281-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2972-291-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2148-300-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4544-299-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4544-308-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4604-318-0x0000000000400000-0x0000000000433000-memory.dmp
memory/644-326-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4368-334-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4776-344-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3884-345-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3884-353-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2508-361-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3096-371-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4036-379-0x0000000000400000-0x0000000000433000-memory.dmp
memory/476-387-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2780-388-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2780-398-0x0000000000400000-0x0000000000433000-memory.dmp
memory/5100-406-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2572-414-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3440-416-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3440-425-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4508-426-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4508-434-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4740-442-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4896-451-0x0000000000400000-0x0000000000433000-memory.dmp
memory/5032-460-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4248-468-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4028-470-0x0000000000400000-0x000000000042F000-memory.dmp
memory/4540-471-0x0000000000400000-0x0000000000430000-memory.dmp
memory/636-472-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3280-482-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4540-483-0x0000000000400000-0x0000000000430000-memory.dmp
memory/4028-484-0x0000000000400000-0x000000000042F000-memory.dmp
memory/4024-492-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4508-500-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2720-508-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2332-509-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2720-519-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2148-527-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1932-535-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4796-544-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4556-553-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4956-554-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4956-562-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4124-570-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2512-580-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4540-588-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4640-596-0x0000000000400000-0x0000000000433000-memory.dmp
memory/484-604-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1992-614-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4896-622-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2488-630-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4596-631-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4596-641-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3128-643-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3128-650-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3648-658-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gAwG.exe
| MD5 | e9b89abc0913167894f59ee831097746 |
| SHA1 | 1d6f0a72cb7181cf1acaa45dc0ef3171c511b9be |
| SHA256 | 22f636d356409b325182345d02cb1f3813527c500de0037b839559f8c6f5ed97 |
| SHA512 | 104c3642227bb0c050923880ca9248fb08bf644534918ccad47418778cf8ea051ffea0c4c7fca0c16792c80cdef9c39c4fe028460bc2377cd750fc9e724471aa |
memory/760-683-0x0000000000400000-0x0000000000433000-memory.dmp
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.exe
| MD5 | ece062ca34cbeae1ce3b6b19d6822f07 |
| SHA1 | c098417aa68eef96e57545c8765715e34a2bc149 |
| SHA256 | 5b364abbb7dd95494e7d2007d8770fdafcdef2d012675c80cbd298399611ddaf |
| SHA512 | f71bc647ee2c1cc0568b58afd61d3caa4f11d91591379d3ab1e97f5afaaeb4510480f37cb0209f406fb139f30ffb118eca8e4bce1dcb90e8e154fe2ae309ebc7 |
C:\Users\Admin\AppData\Local\Temp\WEoC.exe
| MD5 | d9415c355d2c0b5a842f28776ab2a3bf |
| SHA1 | 1120cd040d42f16e7ea6d41c53140ef0833e84d5 |
| SHA256 | 3323a2d7145dc8c6fc6c1d2000a1d4c32292533402f9ff71b6fc1ba90a181ffc |
| SHA512 | 2ad04b4b51c1e96bd1faabe012f8dabe62989bede99ef10f226da5e6c390f14701615be8b23b078cd0a396f05bdd65bb0a27ae6681c9b4ffefde5095b37fc5c2 |
C:\Users\Admin\AppData\Local\Temp\Osoq.exe
| MD5 | 6f53b3c91cd78f39d970b7ef70151ae2 |
| SHA1 | 6975634c06a1edfd3cb3930ce0101c72fb8d9c71 |
| SHA256 | c5ce88930a40f78bc39b6628c9b4af7bad0db3ddc94f79b5c60f56514329840a |
| SHA512 | 40a759b2577dea00d5e9deb1ae3566b33884e0d356506c95d353d0a8629e9d8feade8f70d91f1a6e5bc91679a8429cb191013b2c161af716cdc9dadfbce745ab |
C:\Users\Admin\AppData\Local\Temp\mIEc.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
memory/3484-719-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cUUA.exe
| MD5 | 0fcc3c764ceb49794edcd3de0f9cec9d |
| SHA1 | 238eb57445d666452da350aad3b8792f330fc854 |
| SHA256 | afdeb144664d97fbe5ce3af1e9a86f25afcadf8e6bc4e42344238d73f6dffc23 |
| SHA512 | 164df2731596f3b8f8ddf5273832186ec291f46458b717a9594ab451421894132255eb900e5c68743158efa8c88b60fed92b2f1dcc8db9d9dda40d389cb0e467 |
C:\Users\Admin\AppData\Local\Temp\QsQw.exe
| MD5 | c532d5abf2aa2bc733ec95d986fc94c0 |
| SHA1 | 527d1600db79437e5a84beee335101dbd726fd3c |
| SHA256 | 0d135e6f20fde8c44a9201cee917b0f3da892f062a1d8a6927cf0841a4245339 |
| SHA512 | f535b026f2a8a2e5c517b0331937cec547f6a6d652b8c1ab0a18fd72c839c3116d835b462ca0ebc263d3c0d9b42282a6c38d64d99575462acc5ea7f6154cb0e3 |
C:\Users\Admin\AppData\Local\Temp\yEoW.exe
| MD5 | 4e83b501d597b443cc5f2a88d4ef8e03 |
| SHA1 | 685ab4d73f7366ed17cb08765a2ee949bcb67416 |
| SHA256 | fcaa8558f44d19090fe3bd8c913fca249737777f44ef134e7017b67aa45b22f3 |
| SHA512 | ce643b54d2d249ee16b5601487ff60ad837936bb598148f9f8f0dcf617aa1f8e7f04f1eb43280adccb2c0cd487c4ac390107cc92cc05dc70a0e66735ab08b137 |
C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.exe
| MD5 | 5cdb49cbccd1d3d6f7e0bc6dacdd31ae |
| SHA1 | 50a88e36ad205ea1ba1eff97c2dc7fe748942528 |
| SHA256 | 86c0e6a8ddc79e05395ca2a9b13c16a53cab56c35a2b72829543da145f9e2bca |
| SHA512 | 51b39636ea62c7189cc0b059fa127eba68a43508e174c0ee4063779d27dbf9992bb3857904b38d91f0814037d12cee386de2d9665034c43b13d3be2c8ec6b134 |
C:\Users\Admin\AppData\Local\Temp\gssG.exe
| MD5 | 5a867c60c0a1d0664c2c34010084de2f |
| SHA1 | 6f09ffaf29fa6b1337224e4b98dc0ba16f41a1b2 |
| SHA256 | e168692baf8e7e1634462ecec9539df6ca48331c7a7af00bc6bc3b0fc222ae2f |
| SHA512 | 9a172f834a0400acc68d2a0b239bebe1f5205b9879cbedc88e7556016d564bb88830f09ea59103b4516292646e4cfa1eb704857d4f436998b254b111b1d2765a |
memory/344-811-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uYMS.exe
| MD5 | 6a0a3bbc3c699e3af39efb72f578adf5 |
| SHA1 | f240aa7540f8885930c7f6ad393e5c1761fa1096 |
| SHA256 | fb2e12d5f859489d84cb2e094972f0802076b17c9a062f057ce6f936feb2cd4b |
| SHA512 | f70703ad6c37292bd95f7e2cb111791ba4bfde4b71edcac95d54f0cfa975c6958796e30889adf604143f2479d9e18465809ad3b6d0f1595a969294c24816b2d9 |
C:\Users\Admin\AppData\Local\Temp\AAkA.exe
| MD5 | 7014537b41ef838df0557bafb304542c |
| SHA1 | 4a8fba44da06e9d707ea73cdf9ecc4de4cef003a |
| SHA256 | 5044b6cba6f55f62eee9eec84a1f9826c41f0868cb854e40819a31d47c2280a3 |
| SHA512 | 73e068afaba936179b63e2aca27d34512e88da9b7714b575091f5ad149d9b73c3f6d54dbbcca671aced5ac2aed8fb6e446e3a42052c5b86be9b50217bc852c05 |
C:\Users\Admin\AppData\Local\Temp\KIoM.exe
| MD5 | 05bb2845c813127ebd6ee689a6412d10 |
| SHA1 | a067dcd46d60c9f4512e3e1b794a0d15607feab2 |
| SHA256 | 69b585ed38db09acbaffadb053397e831a882b962211a1d916f0dd62f3c1955b |
| SHA512 | 75f147e97ce9b59a996e05c7215b8c49882f46777e10ca72687231858ef4ae61ee058b0e09632a57a8dc1a1bec4cc76fea4f60079b5b7dab6891ed71b864a6dc |
memory/2216-863-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WYcY.exe
| MD5 | 87026311dc1a571a2f6f6260cd3143a3 |
| SHA1 | f3188a1b1f32abead396e4157d41d2b9bd1c92aa |
| SHA256 | e5ac5dae856492d285383424914700235719afb851391c81f6283605ca365b67 |
| SHA512 | 6b770308fc98cabca01f05744b01bb9eda7a7cfd2db704f6378bb7fb1a4c5c97e006a1b72a09895ba072ac3bd70cb386fd9cb673deb1c957f424983ccad02d1c |
C:\Users\Admin\AppData\Local\Temp\aMUs.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\eoki.exe
| MD5 | f73d41ca2042fe261680d5fb284b270f |
| SHA1 | 2c08b2cc69d1bed7e7a48d08dc2cf71874ec455a |
| SHA256 | a65bcb33f7cf6737286cc1309242ad8a7944f6077e9f6ffe067bed0de95c50a3 |
| SHA512 | 954c119eff561a72317633103d82f1ff91fdcaacf6986aa7ec9c8b8d7e9f9825101e865562edc899d8a34e3b0a7055dd3e061f617e74c98634f92396d6c5de3d |
C:\Users\Admin\AppData\Local\Temp\kEoo.exe
| MD5 | 87a137f740132486c7b23204ca4b3134 |
| SHA1 | b166e495144c1aa5f22ddf3db8f4a37a1eafc2d1 |
| SHA256 | f51b8496f99e88296872be8a96e927da31ced7809b8e2ee56980c9cc92bdb254 |
| SHA512 | 21025062d038876d94cf3f2c8934a8700321ac3671c826cf844af09c9e17def4ba0aed5bb540f4b6a98fc2e0c438aeeb3cb0911036c029def4e7e53761186255 |
C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe
| MD5 | dd606cc903484ae5ecef13c19c2c419c |
| SHA1 | 6df619b51c2a64f0d7e172a8f7f47fcd37ad4a41 |
| SHA256 | 44f1f276322a0e2a1635198f3a19b92bfe17ff3e14aa615e7b5aeaa4e42a8370 |
| SHA512 | c2cd68c169d3e7b4b532a7095f52463e2d6ba1bdd05ae692c0297a75d66b6a23e9c045b32de8892729b72663bffd1b0e0ebb71c567921fe2a22d5262e593b5c6 |
memory/2580-927-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Kkwy.exe
| MD5 | 61520dfe0df495b4fbaa9aeb8ee8e0ed |
| SHA1 | 5855239cdf76cbac31e9b921fc332840ef83ff4f |
| SHA256 | b93644ce24ac01f200023aacbb39deae5999a7281168afa82cc94a6ee32f5e23 |
| SHA512 | 3ec5e5369880f0ca128e51eb739a4f0b78b7d10cf705545d62685749d81feb53d68d6d61bb6f3d9ff3ed8ed96b578c8399a6a1cf5d45fd1b18ded40dc9f24337 |
memory/1992-942-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CYEW.exe
| MD5 | 28362a73b99c4008b2fbd7539cbcdadd |
| SHA1 | bb617180a0ae7bca61ddad00384adea80bc14660 |
| SHA256 | 97b43e493e029b45ab56d8973559682f760a03390a4a70997c6b2f59c848dd10 |
| SHA512 | 19ecb646ce170da94ad8e84d5a5bb927297b8ef31d4aa607c06da5ade2d3f20123f1e3c0fb1786eb82478618cbef95ff2accdd0def10ac6e4ea98d6dd3f6223b |
C:\Users\Admin\AppData\Local\Temp\sAsy.exe
| MD5 | 3b920a298a0806fcddc3a6b3e8aee118 |
| SHA1 | 0894cb674e47e4f701dda9385fe8db30547c0a4e |
| SHA256 | dee31bfd3f59f97c061cb574eb010abb100dfe6fca5fd5fa78bbf1aadef71558 |
| SHA512 | 2d12572f66cc4cd20adb3aed125b45ee497fc01aa74e15f29a21f8b23b760a894f323707024ce7a1d4cdc40e5effc303a30f867ac35d156502f0b7a3b63e5773 |
C:\Users\Admin\AppData\Local\Temp\GUIa.exe
| MD5 | f1ecbdbc6fa1c9511b6f17a3c085372c |
| SHA1 | 8a3e70a94a7a91fdcfd1259671b89c18440228d4 |
| SHA256 | 1b3f6f1df9a7fb690c23afcb34f8b8d3ef4a850536a06d1381dcf80fde068e91 |
| SHA512 | e3e75be1306e92ef2f56b4b9143c1d3014aa0f6b10bfffc553d08ba2805774a23e2332e570ebe2e0b0bf2c4c814e28c218744bb13f9213bda1975abb9fd93bcb |
memory/2568-1006-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1992-1007-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\aEMw.exe
| MD5 | d9a796b114b0613f8199b92ac3c9ef0b |
| SHA1 | e42e9f032592038e282ed2a05166ecc1c3d6dc0e |
| SHA256 | b917002f16a5ae88e3f2486b028462319888de05886f892645c53df958f00f9a |
| SHA512 | 684b6e447646daabd2b8d2d5cde1af4dbde90d28802df5f580ae4183b85fe224168069fc84116ffe451f2e0ccf1c0ec44647c08866be8e22365f4604bf41db40 |
memory/2568-1016-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QsQc.exe
| MD5 | 08c488984cc10246e11e6026d8e96497 |
| SHA1 | 8c6a9df035ba30f61f2ac425a20875bff45ce81b |
| SHA256 | 992b2b9de5cc5f374b5f2a7d377f2cb3e75546db093ddf212c2efff91bc3349b |
| SHA512 | e6a0c3457baa3022746249034ccd76a42ea72e5ed134c66fd8f6e7c3acdea8ded50dcb583ae89dc144510c6f70f5164cb5b927f49eb7b868b9d76b63719a429e |
C:\Users\Admin\AppData\Local\Temp\OkYw.exe
| MD5 | 4a45741b63bdbecd84208afed6da713b |
| SHA1 | ced151a3ae105b3fa2df75f10932cefd2b448fee |
| SHA256 | dc7ea6bc1c0ab83cbaf0c326d31fe2fa239300a2f240061a9f7c0bbc6adbb1e1 |
| SHA512 | 7af6c1372ab45eee6158b787d59a7b61edd3ec29b84c7ac7ec711f59d88afd80f5f87fd75376428c91bd5acf61870effc17f9a952730ba08c9121f9e4bd8ad8a |
C:\Users\Admin\AppData\Local\Temp\iwYi.exe
| MD5 | 77cd767a9ad7e513e920255d5eea900d |
| SHA1 | 3ee27105757ebd46e2dc7a6be04e5ec03b8230cc |
| SHA256 | bc093ef06cc9180442df13ba5abb81a3a608f3d5e02cef1d91dfe0de4798fb18 |
| SHA512 | dde320cf303e04761e8bdca64aacb60072bf79faa2727eac9f83eacc37f065e0c1e0ccda2b846fe69d731806129b38e29756b248815bc902ae78e767bf94609e |
C:\Users\Admin\AppData\Local\Temp\IMQE.exe
| MD5 | 77bb60cab5a9daff0efe846fc9b432cb |
| SHA1 | 913e4d4b88d6c9326388f5ff802f67ecffbc34a0 |
| SHA256 | 0e199aefbe103e9e092cb42f89e2dd4c6f7c662347eaf5d0a6ed547db079b955 |
| SHA512 | fdb2120aa4a2a3c46b5737ae4a2945d895d22e55127f020071bc6eb1848fc121b5ee45c68ee25c4eb50fa93b6e2ad4772f0bd08aa29952b7f043f9029099494e |
C:\Users\Admin\AppData\Local\Temp\CIUc.exe
| MD5 | cbaf2d24a5e84d4d99a1823b3425e576 |
| SHA1 | 570b8f751ef816508fe224482b131a3d0c6e56db |
| SHA256 | f1addca24e33c85037bf7a4b8a1bf357bf3e0fc59d0d76c4e5ab778af2a08042 |
| SHA512 | 1b838661e75c731f14da42a2aac7075b130ff58fff523059136f99cb1cc86ad7465461dca57f3cc921935252407ecd23ed652fe9ce9518b95264dced85486291 |
C:\Users\Admin\AppData\Local\Temp\WMUc.exe
| MD5 | b06863cc7092cf02f5a1847b5862595f |
| SHA1 | a6377babb939216c72b3c918a029f4d037ba3f1e |
| SHA256 | 34455ccdef1844d4c047616478217f18e2beb13f766282098bafcac6b5636d88 |
| SHA512 | 48b54c04e3a8144b29ade9a7cdb40fcf46732cb95add6778eacd8ecd3ca791a49d398846699ccb810f2630bf2be4fcb5971b80377a099a7ecf11dbccc0488fa2 |
C:\Users\Admin\AppData\Local\Temp\iQgA.exe
| MD5 | d483982ea1a354099e1071b4f53157f1 |
| SHA1 | 4d4677ea35eb00bfae353025244d08ed5e92f44f |
| SHA256 | 4b72a28ffeb33e136cd9a8d2378dc91e7f934ebd09a56f4efa709133dd34eeb4 |
| SHA512 | fae6d515306523845eea90c1ff427f631bc6dd1c1fb8ea0102c8dfbbf00946701d150278e2f0ff6024646ac3a8add6e5be860630a9010dbd7801f3c3e6c84776 |
C:\Users\Admin\AppData\Local\Temp\WAca.exe
| MD5 | 5417a2cd785ad37eb093189462d072cc |
| SHA1 | 995c56bc0553ceb2b5682eaab1deafc134401e09 |
| SHA256 | 91dc6c22f01d39c6ee23187e2df2c664bfd72fb0bda2b56f60a1bb0895962bc0 |
| SHA512 | fa5990a693b440cf0e3d4c46457431387b8ae66694d5105a053b24f9dfac1329dea67f4474e2c481794963bc4cca3ef1ad17dcb62710d26b1c0e6918865063be |
C:\Users\Admin\AppData\Local\Temp\Mgou.exe
| MD5 | a45e30998356d6a49e4b69d19fb00d5f |
| SHA1 | e894ded2d09c86eb87a8409a9632777cf227c5a2 |
| SHA256 | 535e2fc5c011b26d46185c0296e3f0673a635df096631054a68eba482854dce8 |
| SHA512 | dabcbbe107507c8146c0eef7d73f039221ce8f538ae56d6f6e3dd1101d1992c641a1c44c4170ad1fac84d04e9cf384e4f1ca527ea14b3bbc13bce4877357aeac |
C:\Users\Admin\AppData\Local\Temp\MskQ.exe
| MD5 | 72bed11afa875cda284ab4878b2f237d |
| SHA1 | 723b56c8c7cf6efa0fcb9e1b7543d684891e22e7 |
| SHA256 | e19f2721023554826f409dbb5082bf7ae9b6977a92673ca55b8116fa9db344e1 |
| SHA512 | a9868707374cb8ae8fbb59537e5ec249732be6a1d9d3da6fc1dc710a5d12b2d4bc44a8776cabf2ec20fe67b7fa6d071016f638b49130a5b0a911c49071f4c495 |
C:\Users\Admin\AppData\Local\Temp\KMco.exe
| MD5 | ed05611eed2b9c5655babfe83d88e902 |
| SHA1 | ae87a08387d58be44c2747af7312a9a0f53c42b0 |
| SHA256 | d281d0b3dbc47eb7ed40dfbcb047e2ad5202cea9d5e9b1709533999ea06793fb |
| SHA512 | c5f80fa01e6c0e21b0f4a307428f1dc3b3e54c8459778d1c039a0b616ab99c81f9811f7856595abd33b95a0b151811cce12c8730bda74ad60cbbeae31a16eda1 |
C:\Users\Admin\AppData\Local\Temp\csIe.exe
| MD5 | fffb0ebdee857758b9ffc265e7077f57 |
| SHA1 | 8428106008576d083ea86f5f1e82b6ebdb4560bd |
| SHA256 | bbe89e34caabf1472ade9acc632359523a013e5d9b719c77c3f2c255426f0739 |
| SHA512 | ae9774776fbaf596cfa5b2df5ae52d123dca7621f24fdde06df4dfbd118db146c3e844ad12000ae3f56683d3b35907f55ec38d96e4139c11ba654a4c09fa02db |
C:\Users\Admin\AppData\Local\Temp\CEIw.exe
| MD5 | 7b7e27027391f3e75bf0a0d1273cd2a9 |
| SHA1 | 2634ea09b60e0b8bcd6bcbf4ce8689d0d41cc04d |
| SHA256 | 244c8337c277676d11a33c2c2f8710ea41098c6de018276e1fc4c6767a3ab442 |
| SHA512 | 0c6131ccfa9ef830a929b001282a9bab1106959e2355d2aa01bdb5ce32c9fd0b58507799710081bffec9fde3d5de110e4a7cb38a36958da772961652f9067ae2 |
C:\Users\Admin\AppData\Local\Temp\ywQe.exe
| MD5 | 670a4af38e260c6e99a5c48518ff5429 |
| SHA1 | c7c0d8353d176fe99d357d5ef5f1ad8713bfa5ed |
| SHA256 | 29e5b81d0a877d54b3e39c1da2225628a18fbae5fb6cb3409937c450e9b6da4c |
| SHA512 | 77455a6a9230be26fe6d25153f8ca715ba097eab8c4c62e32913e96dfce94b5831ca58162993183daac36c7cd5ab6eed995ac0c34926f3095f7419d8bff9bf30 |
C:\Users\Admin\AppData\Local\Temp\UsoA.exe
| MD5 | a69e605a398a13593340d061c4b3b0a6 |
| SHA1 | 6c3f39d0c8415256911961299c840ffa400eb510 |
| SHA256 | 85992b1eb573ef8496ec0998ab7fe1908940e9d2ff0ebade462137c2761f352e |
| SHA512 | ca0f2ff450752b953e93fedae6c57549a4cbe82ce874cde3c01cd8fc9c6155aaa469b47f9362ed9dcd5b1bced47ea5d0bb3757306d5f1270ba6f8a9aca23fd96 |
C:\Users\Admin\AppData\Local\Temp\mUAA.exe
| MD5 | 7ac7f540ae0bd49304c372552968f45b |
| SHA1 | 5ee32ebc8b15676bbb6d5878259916caa1986564 |
| SHA256 | 5c29f783ff7f60660be875e0e93d12f9cdba8b21d88300df9a2d60ee9fcd364e |
| SHA512 | 5456886d631468d3c7e4e77bad65414ef9c7b572d42c418a7eb98e26fa7d387b38552e76ae7cf089635603025656e7ea80620fce636cd7ff4763e3c632ed2526 |
C:\Users\Admin\AppData\Local\Temp\YYks.exe
| MD5 | ad798f1108a655a876cb8392fe48fc83 |
| SHA1 | 49e8da77ecc8ce5fd4bdaee378d7c58c66807ae7 |
| SHA256 | 884eb1e67b331862451c4e02f49747bf39acd0f5327203f8ddf1761c8ecc38a9 |
| SHA512 | f45e4f587f2c474ae0142b1e0ada123569ff6ec123f24704410836be0b69ed09bb405593e638a2bd9da239482fdcda71c95d88aa869fc10835fc975efee54ca7 |
C:\Users\Admin\AppData\Local\Temp\ykww.exe
| MD5 | 7e77e3e0889c65f6b7ccb0924d976e0a |
| SHA1 | 74cbc5b027e8ab22a4e9e9cfc8d4b56365aff22f |
| SHA256 | a11fe50c4fdb4066bfd48a42db79ce7e029a9b30dc1714035ba95f2b8119a15f |
| SHA512 | f00ee27b41b3b2b494f573ec09569ca57c28fdb32e02ac9a9490e5946123e1b0896a499c8fcb68a7d9fd730451c0fbdd66bfcb4751d51276163954ee092af5b2 |
C:\Users\Admin\AppData\Local\Temp\Ugwg.exe
| MD5 | d1445cff38a6875fbcb9f960639aa94b |
| SHA1 | 0847bad938c71d14a89458d370a25fa6bcac865a |
| SHA256 | 7ef745cd288e154300183f57d34a371fcb444ca8f3d550d928d7214a68b6bb0d |
| SHA512 | bfa6bdeac60256909312c7e143bb220ba5a2722124c0dcff7504d8599f701acd6eacb92d58a5c112b9e791a6c096d0a22f6e16c6648656f8461c60710e6c572c |
C:\Users\Admin\AppData\Local\Temp\wQkQ.exe
| MD5 | 2187e36214c8cf67d6ec7ece6a89c617 |
| SHA1 | 7f0277ecbc1453c5adce932361d9229e4f33b31a |
| SHA256 | 8508b00eb9c61d878b21995db2176802a82f93c3180856564648c652ec392b1b |
| SHA512 | a71f612a330f26085231a667ccfa81f549a89c722ab9919d80e8e04ea10778a1a93ec43c1cb3da70a0b2512bbcc8bf0427a6b2e6477b06395493f41633092cf1 |
C:\Users\Admin\AppData\Local\Temp\QkAI.exe
| MD5 | e7750bba042771eb0256f258dab73870 |
| SHA1 | 2f283f150b1635fca7a73f06982b4672057e93b8 |
| SHA256 | 788b760f7aef3e2828f66c86617e58076236863f0fe3fe2aeb0454211c89f803 |
| SHA512 | 0f827455e20b35b1382f910ef526cffcbe424d5db1c0b3b1a69fdb10eff17763c3d673fb310ada93cbdff4d4beb3a0ffcc881803f300f5cd8cb339a1081b8e48 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\256.png.exe
| MD5 | 65d44da1a1870df80f3d62a8ff0ac2da |
| SHA1 | d7c50519043c8261b667e7cfd2cf751ab07d5bf3 |
| SHA256 | fe88e43d0f5d4051cf558d68eace3642d4602f1acb84ba8d54c32d61499fba3f |
| SHA512 | 6272f0b7379fd9618b2886f473f68ad106c6e01060f8531b598921ccc7780092381456f4eb1aac8a52fcce585a2ac781841604fb1c4af61d12ffbf591e960d8b |
C:\Users\Admin\AppData\Local\Temp\Mgks.exe
| MD5 | 15d084645ddfc3edba04e4c1c973aed7 |
| SHA1 | 02b6de78cd481d6142a38f7c429f70b8414ac96c |
| SHA256 | 17479bebc19e8b08fe0f2252c0176317ef25a31832414ad56a230f51131da6af |
| SHA512 | bce1def99d04c8110cff9f165d55ceb5d03fd7bac8f1f2e9f105724092348267b784a0c7577a2d3a1ef22e92996a27396260016677d0af4fa0d0e04ccab1382c |
C:\Users\Admin\AppData\Local\Temp\MIkW.exe
| MD5 | 68d93ebefda497868a742a93112f81ba |
| SHA1 | 8bd4e952541f3c5da7635995ec0bdb62961076de |
| SHA256 | 559455df13994b33129436069be862ffc7a5792509dfb2c4b7bd4db360e9d49b |
| SHA512 | 50383f0004b374cdd13cb9b2829c22948726e101274a6c6203f18a6d7c535935c43379471f2e4c4e2610091ce5eb9bbf74ff8838c9f3fbb245cb67ac166887b0 |
C:\Users\Admin\AppData\Local\Temp\wEkI.exe
| MD5 | a4e68241c4dde09998adb12c2cf17f3c |
| SHA1 | 2bc44fdd47bdfbe249348791c4efd7f2205d32e1 |
| SHA256 | 5574a9b2056801d5d2f77106c69df4403f447c0d3d6e6d8e2787a979a05768f6 |
| SHA512 | b5049ceafd686cae18bdd3fce7ff953f504b5ece3fe1ee3867cd1b6700ae3b1435dd342dc5260e9dfbf84b128f9183b247dfb62e534308c3e35ca814bbf3ce75 |
C:\Users\Admin\AppData\Local\Temp\sAQk.exe
| MD5 | 023a7a6db004632871f358c0084bc036 |
| SHA1 | c19d0efdf9e7c9a2a218e67872dd5c2a43069797 |
| SHA256 | b89a9a7190a515d69a74ccc2ed5555230e086a7391d422ceecfb19f0ceba95ac |
| SHA512 | ccd7db5bd18797df5b574a655ca944ac5d9c0e37907976ad14d4c7e527f9262c760de6ab02e85b977f110ab71d24f86b8c55adacad39ea93a04b8eebcb38c629 |
C:\Users\Admin\AppData\Local\Temp\OUwq.exe
| MD5 | 1045b01e8d881118e562aea8f2ac3564 |
| SHA1 | ec2df10c2c749ca731a5e64153f705931f8df119 |
| SHA256 | c18e6ef03dfa07f4b57ee83c69519a98cd2fa451872a301c8157defb6969fe69 |
| SHA512 | 5db89551084992c06c3f3f483542d5ad84a07baab26f9fcc8305343ccc83767c9e3fa7db8ff7d1667a262c78df54392ae35b8f64d75e93a7eb526c7585d0cc5c |
C:\Users\Admin\AppData\Local\Temp\EcsE.exe
| MD5 | 3203619516b8d14d45633da1e37b94bb |
| SHA1 | 53e850a6ab616b678429947b54edb5f7c6aa7c8f |
| SHA256 | 1b553a0a804955bd523da08659a9e199b828a6eafa00a606f146653f9b2629e5 |
| SHA512 | 11e86fb3632e8ec2df2c20ebabbed46d644bfc4ba7a923a8a4d625ed49a1e61b17048d5c0f1ffa79490a6fc0bf820acac13542ef3aa7d38a588dbf8b1b7c1c25 |
C:\Users\Admin\AppData\Local\Temp\aUcC.exe
| MD5 | 12c3f54780dd5a43d987fb219ee8eab0 |
| SHA1 | 60258e3157b130eed430e3577f5a9cbf66b18946 |
| SHA256 | 76012006ccd042f45da749a9d7ee5c057de78d14cc69bdd28e8aaf087d2f37a0 |
| SHA512 | 060b0bfb4264ae034fc5ca90a7dc8d872f4af73e0bb7920840c3b8f72993740b11478a7da56f4f45aba2c8f29bee0cf011580480dd19beca0a1697bf3a842a84 |
C:\Users\Admin\AppData\Local\Temp\IEgg.exe
| MD5 | 529b4bcc5a8a67947480de5e3edb631c |
| SHA1 | e3eb83c6be651edd700181f8295a2170783856ae |
| SHA256 | d84249eb2afdb831afecb9857948cbca5b9647b95a7fdd533cfeb9029830985a |
| SHA512 | 38b62b45f3c67834a3a4293da3adbc291b49021d8054488e2ae7df55531d6f2fcd243d870a1ebaa2d73d1c1805cdf5b5f9f8219f62d015f1603f51ee432f23b9 |
C:\Users\Admin\AppData\Local\Temp\SEkW.exe
| MD5 | dafc3de8446597239f359ab8b8165a43 |
| SHA1 | d775b8fac1b0f655396089ddef16b9952cd1092f |
| SHA256 | 063fbc5d859bc9eb7489da778f0e8931c3b1a7debd79a3e83894e8b295bdc0db |
| SHA512 | a815681ac74886c741efec7fa3e8b31b9d12d0f70802bd2dd5adee32aa22644b8cf7672c19a0aa1808bd6ff8c8182e29a4c99eb68ed5b77bf81086499902df50 |
C:\Users\Admin\AppData\Local\Temp\mYsY.exe
| MD5 | 8472d3d2f7ff5c49557cc1161d3032d9 |
| SHA1 | dd2d8a2a01618d55da22725d40b1e78bee42aa3d |
| SHA256 | 2ea71c0b054b56cec648637900f1e4ddf1246d7bf9eb74e9f937b425a3aaaebe |
| SHA512 | 5cd719673852fb5e7c937687bece8eb7e89ecf011674696383af352f90c2019dbd56b3e4665426feef1a70f3ffde49a33982482fbbb16f92ee11d193e28e08a2 |
C:\Users\Admin\AppData\Local\Temp\esYI.exe
| MD5 | 8ec15cb98505e7692331af462edba8e3 |
| SHA1 | 731a737af192c6e34fec1482c7208d134056441e |
| SHA256 | 4b7b502efcc80ac70cd02a91a85b984600d9caa78d0a0cc81aec4c802f9347ba |
| SHA512 | 65f833737d82a639d2ff5fbcfcc2a0fe653d5faf2f914399b738dcdff771c5af5969b7f428a7c83234636866a7495f2cc5dac8105e7de17534c1178c4e0106f8 |
C:\Users\Admin\AppData\Local\Temp\mAUm.exe
| MD5 | 1d33e08287de3cda873b8f1467115bdc |
| SHA1 | 72503700283d50e6244a447f167694ca02b479b5 |
| SHA256 | 8a4753d3b43f007fbd684f155199d4442f549fd36cb08e50c73ef77b7ac18ee4 |
| SHA512 | ef201d2a8e9853cde9f16bd4606e9206f3b68b9b48b426e270527e837292ed620233df9560f1dc8b800021052ec0a0dc41b684431d881f9f66e03a4da22168a3 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AutoPlayOptIn.gif.exe
| MD5 | 01bce54c8a35488015faa8486dfa395e |
| SHA1 | 42f90f6f0836a067341d2ae7527db797d95a2389 |
| SHA256 | 61bdedeeb2061f2fee28ffb1fee3b8e020439b8cab033d796c2afb45880e000a |
| SHA512 | 5672fd98aa3791537d38bc107a553a89f52b2407a0912358b301eb014bce45c532d9e934a94b33d22158e83bd5a49ef0aff1aa6811683013308be8c8f140cd32 |
C:\Users\Admin\AppData\Local\Temp\aIcs.exe
| MD5 | b6c99a2724bd94e57437824591ffb8c3 |
| SHA1 | 3e800d56b2d4af6fd05e895678d129bdeb3de726 |
| SHA256 | 7b8d7b597579733b24ef1404254d013f03efce819476377dc859ce03267ca2ee |
| SHA512 | 20a414ac4d0198e3dd04fe64f28c64d7bd3b960b0c1be04e01e231c2d32551c57a9c46482b44e5a6bd87bc89b1ca014536d45437669d9b1d3d4b2b0e8916c2eb |
C:\Users\Admin\AppData\Local\Temp\mwsA.exe
| MD5 | c1607ae635886ac0572dee2d0ee31467 |
| SHA1 | ada99de1b47fd7b70b32ad3b1b7f6ec82b4cf3b2 |
| SHA256 | 4c813590815d2b362891b5e328407b0c9a329b72bf587b716cee281bee230281 |
| SHA512 | 701a42f69ae7680f19255bb7323b60db29e71a9ef597ba1173b122588c6080db253206509e783d68b25c02751e83e9afdfbe6045823fef30bd5f6437d27c3bcc |
C:\Users\Admin\AppData\Local\Temp\OIAY.exe
| MD5 | ee193dc93719a4852876b286f22b6978 |
| SHA1 | 15e70c66567e5a11d0c3792fd3fd0c23abeef09e |
| SHA256 | 3c6f2d8d3cfce7d9bfa53a247f61a36edd4dde25041b06d5c48c02516875788d |
| SHA512 | 216fd66d184854615e8f621678eb2087c6def06afe1ad49692c0a11b2ea6c4b7cc220199a1c0983ff84c3d0e41cc26fb922643f28e9551ca900eea4f542fee26 |
C:\Users\Admin\AppData\Local\Temp\aQgc.exe
| MD5 | a4d7453e97360b4afd16328a467d3838 |
| SHA1 | 4a0cebd1ab3eb676f0262847ce892ba0a1593c02 |
| SHA256 | acc77ccf240ad056d02074fe61d2a83852f88de473e542436f1015f7aaea610b |
| SHA512 | 7477c1f35f1307ac1e4bc53a17b77385968b5818b871f571b788d9c81a1082d98ea806fc1b7ba968b9f24202a6e96e5f10bd432b92b63551b8e8500844c46608 |
C:\Users\Admin\AppData\Local\Temp\WUAW.exe
| MD5 | bb16422b66d10138ae61001999dc9fcf |
| SHA1 | 9f212bfbc4a292564f5c98adc10f372ee82b338a |
| SHA256 | 5f06e461160072f775a4bc622bffefc07b50726fae591ecbfe0e76fa0f21f373 |
| SHA512 | 8bab59106b9f75bfb9cbfa435aa070de694aec9b72c6c34be0ae3ed17ef9c2f7e3320970ce5a9e9fcf71dbf5d44823aef04f594b7078cb07e9a95f0cb3758c8e |
C:\Users\Admin\AppData\Local\Temp\eEUk.exe
| MD5 | 4973388f6e6eabb8895e2072412c3ab7 |
| SHA1 | 8d6657e0b289d907a81f56440d72de63fa8aea3a |
| SHA256 | 82ff037545c2730da75d915832b67db52c3684e35ae471e47240a7405f7eab24 |
| SHA512 | 28cdd8bbb9eb2a27a95d112c590c94df8806d3e2deb8e3d7d179902f9b910751a225cf43ee4c2a7ae1961359e4b43833ecc8209d40a58b96fd689e9c9d49e175 |
C:\Users\Admin\AppData\Local\Temp\YkEY.exe
| MD5 | a4c936b2774fb9a1836c48943ff78d5e |
| SHA1 | ebab3045dc45e6d72ace920582bbc3e0946de0af |
| SHA256 | bd5fea87fe5185b5a6cbcfec92438da64869905e8f70178464cb97d2f1600079 |
| SHA512 | 9788661fd0a0ceea10afb82f9eaafc442d28220d03044fdd322ade5e51349e6b851611f5a1895b3981622adc079adafd0744ca53c0c801352540145c5c247be4 |
C:\Users\Admin\AppData\Local\Temp\qkco.exe
| MD5 | 26ecb65ebde7ceeb05b0f72913e9fe97 |
| SHA1 | 74184d87d0c47c1ffb8ff5423586bfeea9ee87a8 |
| SHA256 | ba0784d06c4be7c5202139d6fab6188122432fcb717fe5eed52dce075add7696 |
| SHA512 | 9e392b4a439d6c2218c2f2bac9ece62aad2b0d932d91df0de76b3df1f8277b238f647ae94cd94caaca87c129ee7714618e6913cd16f9f1427531e626c4c929f2 |
C:\Users\Admin\AppData\Local\Temp\Qwgs.exe
| MD5 | 6a98b7e26d420d26694a1cbaf1b9c0be |
| SHA1 | 2714cc4a99d53555254589b50f41f44deb32f482 |
| SHA256 | 5b6096168c45fad6fbb970b6ddb51de31914d8c66d5b7cb178d750fe3fb6d5a9 |
| SHA512 | d0cca75c0b5402709f7d84ac00ede375fea5058d85fbd0ce98d07a1d8a77138120994d5b9421f6b085c13df9cfa1b47bda19187bb46448fc227d661adb2f313f |
C:\Users\Admin\AppData\Local\Temp\AIUe.exe
| MD5 | 3b5127d6175258e2cb133d5a87d00460 |
| SHA1 | 06c96c7eea4ea914eec7d22e9595e22ffdb0373d |
| SHA256 | 6b83f2696712459dbf3efa96d457d29fffe5ee46fd782aca95139d8d8eef7e04 |
| SHA512 | 6627f473b0327d682c2dea83421c97b00ba2cde8f0e2ac15c2ac35cb9986cb77665ec49838f9574b4725bc78691f4641e6420d00f611bb895a3a732f054b04ef |
C:\Users\Admin\AppData\Local\Temp\kIIg.exe
| MD5 | 825599132f2419a21dd1c03b6029a888 |
| SHA1 | 5c118b1376829c4e9fc6c3612d6ad67a1052bbff |
| SHA256 | 84f24b571417000c3048a9d68d9c0af5fa93f34175eb0bddf7afcbd183a24964 |
| SHA512 | 9a6ef8b09e9c22feaad12b95f9143498207736a3b9eae186ecc88f22440afb4076c96376a77c0c2654f64293bec15df8044deacc1490a76d94e83503a561f3a0 |
C:\Users\Admin\AppData\Local\Temp\ioEs.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ScreenshotOptIn.gif.exe
| MD5 | 594014df62004707e172f5b3f2e37f50 |
| SHA1 | c90d2009ec7bb355a3228d45c28d77e5f40e4a3a |
| SHA256 | 9bd3084b8f19bbf80c939911e7c8f885f55c3392eca6a76263629e11f0217261 |
| SHA512 | 9577bf1f2163b0c780628daec56bed9ee4566b0bcd04f4327965223334a700104ed7bc821d6337dbad0bef554c30f6e1c4b23eb3f19207aff81e8840d79f651c |
C:\Users\Admin\AppData\Local\Temp\AEcw.exe
| MD5 | e643217169eef70fac8844c9b55d1d7b |
| SHA1 | 533c300454a555978c49c9e72f01ed89c17c34f2 |
| SHA256 | f88a7d84005e633636c980a381f8d096521842eb814e3bd5d469593feafd563d |
| SHA512 | c000398a62cedcb052bbc0ee1d6a185e603c8097a2a5222f4e4e892efef4fdb79b49fa3db3fa65f8a2a1f114b360e34aeac9f80f33474f15d03907e04e058756 |
C:\Users\Admin\AppData\Local\Temp\cwEQ.exe
| MD5 | 9549a72684dbc2e5c3eb2de7b25f147b |
| SHA1 | 268cc9260c15f875c703f2be1d9521174156b5ba |
| SHA256 | b4f10aa454814cb5c120641a168baa455a59395faac36422faf68a8b71a3436b |
| SHA512 | 74150996c6b784eb9db91452bb75639a0c9c721e7fac71e5f107d4e3404d3d07f3a138d0f1dfd55ba16c1cd7a971781ba4a93be7b383ae24b8127ae4945714ff |
C:\Users\Admin\AppData\Local\Temp\iIEc.exe
| MD5 | d884e0f997fce4b56354fd830943990b |
| SHA1 | 1251732ead8d2807bddc59ef581e9684f57dfbe2 |
| SHA256 | 700716dee8e2b80695ec3693e3327bec8d6a51d9935f8128a86bd34ab3fce619 |
| SHA512 | 21d16c8f111df4698fd628a9e1ba081dd05a48f5a7d8c56e2d25ec2a3123ce25e4dbcad13fca725331d0a3a20dc1ab0ed954ae31fb6adc041a7dbbdd2ffc8a99 |
C:\Users\Admin\AppData\Local\Temp\CsIA.exe
| MD5 | 40c8f1aba4aff7bfaf4c433b128110db |
| SHA1 | 4a846bf657ef4e52c92aa9ee3a353c2327c1d1d1 |
| SHA256 | 5269f67b6e51b1bb1a676f77ecdc2d3728f335e2d8936cc4b5e51ad9564d6d6c |
| SHA512 | 66f23e7b7503790eb9047fbf49be9c11da4a48a8360f2910c4cdce702a631494b547295806ad1a7572656c492782df5dd75a8921fa734b605251b8f27c258850 |
C:\Users\Admin\AppData\Local\Temp\OAAW.exe
| MD5 | c62da7f44803ffdc7d2a7990e41f697a |
| SHA1 | 042fc00c2e9d99cb3c1a18bb838f5ea4a544006c |
| SHA256 | 1401ceb886b00ccc2ee6061a69ffa46a793e53b8aa55423bae87ff7d91e1505d |
| SHA512 | 230e1eacb6f5a222b364a1a3512d867c6bb7e172a6a6825a09bb92b153f4fb5820dabc154e16abfe48c2e8bde7b7e925a8a31064f38f70eb35b149ab744c698f |
C:\Users\Admin\AppData\Local\Temp\mUQS.exe
| MD5 | fe13cbf36056e28cba8db04a9d50a0a7 |
| SHA1 | 7f96677fd80a3f29e24409d4c64321f3c7f92854 |
| SHA256 | 8e354b30be15b7adf74ad2cc3327f987bd633aaa0c8266bb353bdef618712190 |
| SHA512 | 1300eef6dfe86d580207a8524b28afe5adfe8c2041f3688213e0df9f1437a4412bc186cb97bbf81bcaf6f79e0279d294b25a559750e11014454a9155e6a12d34 |
C:\Users\Admin\AppData\Local\Temp\uwgO.exe
| MD5 | 06e62c59722cd2649004a6494536b300 |
| SHA1 | a11471d8f9d15d72ee3ce9782723fa1be1515467 |
| SHA256 | f2f48ada097681c608e5492c52a0ace88fba825d91b88f1e6049da90cf23f318 |
| SHA512 | a8ae883722f1a09b96a781e4c916eea9674d47a4d5af68398535fb6a6188f14897228ec65943a3a12267e7e87677c695b622bb70b4a17bbb3f4ae3c6938eb0a1 |
C:\Users\Admin\AppData\Local\Temp\GUka.exe
| MD5 | 7071b6806f1082204f32588add11d3ea |
| SHA1 | bd0767a9e9c2517dbca6324841a69685b151ba17 |
| SHA256 | 0a2c7f85821c898ad595400178d63a3b276c7217d88e016689a668b185d6c478 |
| SHA512 | bdd504edf663f443e9c4f953d89c6ee4fe3e9a07d79e630ca5fd1415efaa46f6fd22f9cebee88df5850584c12e2230342c9a7446ca4d7d400cd053b4897601ba |
C:\Users\Admin\AppData\Local\Temp\MIMQ.exe
| MD5 | fe60581c7073dd624c2e7e66fdc38f9e |
| SHA1 | 35f4e02d7bc258cfdfe33d018376083edb35828a |
| SHA256 | b93785dc0a7ca3c2de06166d21c55eb586ed0003eb69db7d70379be2b14121ab |
| SHA512 | 7fd67f6ab6355aa3453e95dc9b1d968fc14b766335ee7c4239c3668bc264aca6077f38e95c9aa183ed86fe50239fa31174fd9b1d7bb764c89f8c098438b8cac3 |
C:\Users\Admin\AppData\Local\Temp\aYMu.exe
| MD5 | 36aedae5bc4992b92848c2b7b386b5c2 |
| SHA1 | 394d8601d833215ea86cce3b479a695ec0d298a6 |
| SHA256 | 48652f770e7c29c8487a585a6ee30681e4f861de64c89b94c832a4ffa6e36a1c |
| SHA512 | 963364d6680d8694ee8388e928db836025c5286c4b15c450a575c6ef03712cbb40bacdd8e5395a4e4a6bd03f590d9fd8e65a4e99bf7b79c36a78d4c73cf4140e |
C:\Users\Admin\AppData\Local\Temp\aQQs.exe
| MD5 | 3e1d04aa66542f4b5970ca824e42eb86 |
| SHA1 | 8b88525455e585e85b55eebc9839a5271b7bfe65 |
| SHA256 | 212a1b96705846df2faf04b7c3c15fff559afa749c642109ece87eb2d17afdab |
| SHA512 | 063e5e93f6b821baae52735643224ec37cc00a63e491115860b23b33ae3555ec39ce3514b771ce8b95f71a9ca9e5825377b77749e69d8430971e8cedc499cda6 |
C:\Users\Admin\AppData\Local\Temp\GAga.exe
| MD5 | a25ad02cb04c075db2a552c50c285d73 |
| SHA1 | 1692f5ff9cc44ebe1f2e584e0c3d31b9563b805d |
| SHA256 | 9277e309e960368f1ae699551dd10a5341918e304e4b1e50009ab69b793aaae1 |
| SHA512 | edf8665cbd20dd630f0039e1d1f6aed34a5dae809aa9f1f3681eaa5d2650a65d81ba59a37651a5002846fca4e37284adb4950b05b5c6929668d4142a02a0d4f3 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\6501008900\squaretile.png.exe
| MD5 | 118e244ef754a0279f22d0ebb75c6c52 |
| SHA1 | efd6380b33e06be9bd0c42e2cfd413618898066e |
| SHA256 | fd6616768a5f9a7e5fce4c246e183b1cdb5d74e6d29512627a8c3e6146bce0ac |
| SHA512 | 76159b673ee66db817b5ca510050ca9751a6d5683fe42a8ad6d64c158bab81c2c3f4f0bb941d0654548584a5f48aeeb06bd241d6d8fba3a4c1b6e03da941e70a |
C:\Users\Admin\AppData\Local\Temp\Wwgk.exe
| MD5 | ea3bccafb4d73a38bf62c1ab668cb077 |
| SHA1 | a6101f3cb438fe9c4e4ed9459119065f38b67fd4 |
| SHA256 | 56fb074d4109e5333507cf62aa4bcc76126f91e46d70539b88317e4e17a1eaf5 |
| SHA512 | d6650c16cfaac5babc9d33f680ee4fa87b7b63ffff0e2bae3d6ee96a35ee0973814bcdf2d7250fdd21e5840b844e766f4bd87f4dfe01e5b78d0d8b9eb746d369 |
C:\Users\Admin\AppData\Local\Temp\UoEg.exe
| MD5 | 2237e1eb682c0ea564ec3add57676431 |
| SHA1 | 1c23053e7dd19b38fb415209d3ad4624a0ec3334 |
| SHA256 | 1503b2070f138b943cda8d79b360093c373b5415d6bd21f71277f3be1d29d968 |
| SHA512 | 501edab53001a4a14d4f8e5b3448ddd59343d39471a4dd94908c326f7a914664bdbb492ea4938a6e59fbfdfed62020762a19d35f5cbb40b0c0f9567c12b1eedd |
C:\Users\Admin\AppData\Local\Temp\eowy.exe
| MD5 | 1ed8ccdfbb5dc6c211a9004ce06ca5a3 |
| SHA1 | 9cd6e9001abdf2506bc5432f6fe686027295a6b5 |
| SHA256 | c9c6642472d114af285a8fbe5ec57c09521a2b61f15551485ebbf649fe0ac500 |
| SHA512 | 052893b029ad12e62c9a6118586aff820e77f9b46960660294a5165476728cfd067345c687642c4621e15d2449ba19b6429e24e28aa45e82ccc64c61a2902d73 |
C:\Users\Admin\AppData\Local\Temp\Qwki.exe
| MD5 | a8a066ed06a6a6288e8ef6ecaeaf9578 |
| SHA1 | ac44cdee99250ef23443443a142b713c736c10cb |
| SHA256 | 2fddd48b11d92644cd6c3acc45c260b4a31a6ad71096800b1ad831563521894a |
| SHA512 | 98f993e8aab5c73eb1fefe3aab4fd72f253e29ba7bae87425f929fc46d6a249f71cfec3cd824bada46668c290aa2bf7f91644e47bc98111746972e1bcfe39b65 |
C:\Users\Admin\AppData\Local\Temp\WoYG.exe
| MD5 | 8e8dc012e037e726e887e9aeb32897d0 |
| SHA1 | b6b9433214ad70fd8c109f85685e4adf7d54bdce |
| SHA256 | 36031bcbc737e814176fc3143da6d8b9c1b7d70ffddb30fdab3a96650850d05a |
| SHA512 | b26071c7ce79e61f1e6e2846d3a4b4d7556b07dbd7c4344bf6f442f4b444b3147128ad92728429e1e70c6285755535614f141dc610c5e176b593843e9edabe25 |
C:\Users\Admin\AppData\Local\Temp\qAMm.exe
| MD5 | cdfcba68554de04da3b7fa9722e56a37 |
| SHA1 | fffa35fd08f88f59b9b6943f18b7e19a7bfd78fd |
| SHA256 | e551caceeea9e19efd0d5bd31c2d4dc48e91437fab4eaf5ba51b25d89a3f0f76 |
| SHA512 | 3b7c408850c66193db79a67aa9f5147dda224a496f1387e7138c9e1b6cfb23afbedb8fc042b0e5271510bbc3433b75255a235e66c7692a1f697089ac7fbc382c |
C:\Users\Admin\AppData\Local\Temp\MYAO.exe
| MD5 | 4484b9f6c136edd01d93fb35799aea3b |
| SHA1 | 8cce3abb48578321ba5668fd5b13c7c87533570f |
| SHA256 | 4b80106b873a71df99abd19ed60f80cb57e56583476644611ceafaeeff625898 |
| SHA512 | 8441a695999297c2910ec7c8743efef35299d7a3b8ffe425b4baa54d5034cb2cc2c6350555afbe0a9390f97ba9bf184fcbb04a3a85505a0dc911653e87743ec4 |
C:\Users\Admin\AppData\Local\Temp\gYca.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\UAws.exe
| MD5 | 2ca8547bfb6d61f4b3c93bbe67ca900d |
| SHA1 | 85f4515329c151465d70ca24a6b1df8ce808eea9 |
| SHA256 | 7fe83f2bb2b9952f7e959b1b85efe7ff4aa6399f7d1e61cbe73540eee5f89e52 |
| SHA512 | 4c44576f99b035d1faadd302ef7e9e8762e1407d050cc1223c69099a3729f5d4975bd06a1f3f9bbf5b6aba3a6b9993949b9272d13fc845475897351a83a2722d |
C:\Users\Admin\AppData\Local\Temp\uYAy.exe
| MD5 | 6d281a3e77d02e50f70726ad1dcf69e3 |
| SHA1 | 8c05a0de17958e513bf673183471804fc3d55463 |
| SHA256 | 2323419193b34927f61a275eeb7e48469bddff3594912df688ab58d38971f268 |
| SHA512 | cc03acb5ba6482e77171272d978c5b7d8f12a8f3f556cbdee7550feca6f915a452b46a0ecf08ec65ef33861503f8193fb550db43d69bf770fa01bd1ded061892 |
C:\Users\Admin\AppData\Local\Temp\UMEg.exe
| MD5 | 5052a3557b79af32c4681d1c911075ad |
| SHA1 | 8019ca61c362668b0b0c584015869747b4502f0e |
| SHA256 | edf686fc5c3047185100d6704f13d097139371faf4dfc7323f14698e404837e8 |
| SHA512 | 17499ef8913a6c65468b1e6c08ea76db4fc1dda4ec3076fc282cf0b9c05550ffba897c5d0227ee3c1fef4bbd79902b2191fb42cd496de987aef9da42123accb9 |
C:\Users\Admin\AppData\Local\Temp\mYwE.exe
| MD5 | df090b90e892d2ea95cae824a5099be9 |
| SHA1 | e0b888ae618f72080e4291c2b40f2099cced24a1 |
| SHA256 | 38188b18e2a8d4126241db3f88cc692a793e3cbfe9f60741bab165c0ef12cebb |
| SHA512 | e1bd9d5dca1dc620a07f1d0431eb2232d101641aff8d9e6692d91820c2bb9fdd99b127f3154728a3192a1fec503f4b7da3fa79591696dfbdad02d440bb92b1c1 |
C:\Users\Admin\AppData\Local\Temp\QMco.exe
| MD5 | 1afe1ad86a92b337e9934a9eee724ee1 |
| SHA1 | f7b9c98c070c7ea318963bfd6c96f4d874547dcf |
| SHA256 | 8641a32a2ce80b641355b54b13480878d86b0398544a588ed9b1f1498f0db650 |
| SHA512 | 821b2ea18819f1227f23d496b0d898beaa84208c87f379719425046a910faa1b2b8d4dd4cebad139eae2ddb0986039c8c54e7956d2ccc4c69a8a95e19e177e66 |
C:\Users\Admin\AppData\Local\Temp\iYoq.exe
| MD5 | 94ecdd4dcb274148ce732e26fdf12a08 |
| SHA1 | 6cc904ed350ba7836464f49eb6c509399a683c74 |
| SHA256 | 64b276cd59666b6bdd823475e002de522412421665815dfcc50cd8f044d60641 |
| SHA512 | 5c5dd996949887dd719ef905eb041ac7dc2b19c47d10cc546a8943be1112c9cb07db84c95ff200d381b63359daf25891ccdd3862274035e9fbcdcb35b4e22072 |
C:\Users\Admin\AppData\Local\Temp\GYMA.exe
| MD5 | 9cbc1f8813e91a068813d015895cd14b |
| SHA1 | d9b32dbe7178f599d1acb0ac6666db01bfa44752 |
| SHA256 | 777b723be048dd01d963a9005563ca87752829bf1d480129c58d9b1dafaf12fc |
| SHA512 | 60399c6d8107cdf4cd86e0b66d1de8fd83e1fecee27963dfd93544aeeedb8f19d0d01b9803741888a3b92543682d18b121d8b34cc61c8c1f49453d5fff466653 |
C:\Users\Admin\AppData\Local\Temp\OEAW.exe
| MD5 | 377ac3c84cfd5514715010a385a9fdbd |
| SHA1 | b0676e3719de8aa429d7fa2e6c1cc4f9f644010c |
| SHA256 | b9f80c86878462526c9f250f4d6c69e634e346c39e26e95babff5bffcf37492c |
| SHA512 | 3eef811b21e3da5d22859b16dc407582d3eb428ef043f969452d66a808a9444ff5492cf33dbda89588a8ce9d3a190eeecb7378b07df5ef49dbb9930d022f7207 |
C:\Users\Admin\Pictures\My Wallpaper.jpg.exe
| MD5 | 20172b960273c7e3cf100ffda73fa851 |
| SHA1 | 16cf85d25ac1a7f9da5224c72ef7e1d44acbab1f |
| SHA256 | fe53ca2b27108cfaca780212c86bb66b981c8b3d880e448922967470e54c3fbe |
| SHA512 | 0de0cf0ee1a24f46dcaf44fda96b74a960e0bc47e8bb418a853ca4c264994dc9097d49d9efae186febd991ceb77058eed163074e274e974babc5a4a5b4b4d804 |
C:\Users\Admin\Pictures\RemoveUse.jpg.exe
| MD5 | df9b841042c16029574e45e609bcfbb8 |
| SHA1 | 43f7c794f5bb2137d56ffe148c84422b0d44e194 |
| SHA256 | 40a92b2ce91be20e3578933360ecf212135983b7bcf451bb7f51d17693734ecf |
| SHA512 | 8f000c19d27e944073a758042b4bfd45e6bb7a0361d56f095563b9b12f4f8af29358aafd08ec006bd6bf5f480b682e74430f7883373012155c030121e5c4f5bc |
C:\Users\Admin\AppData\Local\Temp\mEcC.exe
| MD5 | 0cf4b79698ccf39ec19a763b0575bb24 |
| SHA1 | dcc12181960debb5761bee25f1846433816d2bdf |
| SHA256 | 83955a87d2889804c3da2313c110f21ae02f12eb785838ee3ce6302d7cd1fcc7 |
| SHA512 | 8269c0e25de402c994413b227ef06fdc1c311ef177b16da885be6d8963c34b02c2ac89b8e3d7df15c8c102887242497887e422b0ab18037d576a6e05b5530b2c |
C:\Users\Admin\AppData\Local\Temp\GAAw.exe
| MD5 | bb890dbd17f296b7737ddc6820ea7584 |
| SHA1 | f99d6d6fd9bfb0aca9313dbd13bffe0ea9363870 |
| SHA256 | 8a7b705e37f87ef4c248dd465b1c59a5c036bed97d7e403dda35d3b1f7f21811 |
| SHA512 | 6ce94d780909d6d9ecd4b2b422bc82e9a552431c9b8cba52058b36f561de401c8cb33e42b8efc522185c2647c19714c1bacd596d65c11f6c3ce5e137a20478f6 |
C:\Users\Admin\AppData\Local\Temp\sIse.ico
| MD5 | 7ebb1c3b3f5ee39434e36aeb4c07ee8b |
| SHA1 | 7b4e7562e3a12b37862e0d5ecf94581ec130658f |
| SHA256 | be3e79875f3e84bab8ed51f6028b198f5e8472c60dcedf757af2e1bdf2aa5742 |
| SHA512 | 2f69ae3d746a4ae770c5dd1722fba7c3f88a799cc005dd86990fd1b2238896ac2f5c06e02bd23304c31e54309183c2a7cb5cbab4b51890ab1cefee5d13556af6 |
C:\Users\Admin\AppData\Local\Temp\MkQM.exe
| MD5 | 14afbb87f4ea11a406fc3e469ae7ed66 |
| SHA1 | 967bb01555beeeb446ad1ae9d775cda4cb0e97c1 |
| SHA256 | 5f1de4ffabb1df0766439dbd4e738e8ad8a1768510edd13c6f40e41025e1cc52 |
| SHA512 | f3481ea0528ba6e227a2267f4a280d10d32758e28ce19ceb598cd375fd2a92c1a99bf09d0e31a2d1c65630573dc7745ae81607980a0b1739349d5eca4f787fb2 |
C:\Users\Admin\AppData\Local\Temp\AwMg.exe
| MD5 | f1810b4c7e9354245ce4757186373c01 |
| SHA1 | ab5946017e5deeffb1d924e9e5819b0ae32d8fbf |
| SHA256 | 3ee65c4b0c576661ac2c2c7ec4a2393f66a64a04f5419a10380a69646b3a1153 |
| SHA512 | b825d14d15d7a8e0f53f371bfc3bf9c026e9b365a0f343780834dbb9a6dbf8bdb58d1313b621aba761d74b973d15d0b020402e7ee79a8634925227c5f1959f67 |
C:\Users\Admin\AppData\Local\Temp\wIAM.exe
| MD5 | 7b41a1d764ffb3c8547ad6024d853da5 |
| SHA1 | 50642ef023f214d5ae08b52bb024fdcad86565d2 |
| SHA256 | 6c981409be67c7cf8a0c892ea95c53064c53c469fbf0ee7be2bf7dc1cd262165 |
| SHA512 | fdcafdde6e39f86c1207ecaed365ba1054172588a7d087c74f6254add025be22053fc0bd0a12366f97921a0c3832504a3750dd8020a6aa9b21cb75371c15e716 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.exe
| MD5 | f4b901ba76c074fef1ceea56581737ca |
| SHA1 | f4867855ec972eb4e1fb041eda7c5e9b46c3b514 |
| SHA256 | 0fecf638512d16ec269749c305ddb08a982d180f15e645467a33ba46b536a4ce |
| SHA512 | 566af741403e3513fddd969f17cba5c6735e063833621468e8f20496f4e8c5bee5b74179edfa7b6f630f1a8e1131041bd9f355a1c03342d08171c9727b9c9c09 |
C:\Users\Admin\AppData\Local\Temp\AgcC.exe
| MD5 | 193c2ba16a937fd605c5743cc04ab66f |
| SHA1 | b6189b1880dccce488b566a3c6c87e8a5c774eb7 |
| SHA256 | e7c988b2cc064b8968babe235ac9c7f30a2a8301383d3e319ffa5dab88a4857b |
| SHA512 | de4f210027dd18ae86398b0ebed0676ecbd578b5dc943a84b28cbb7fcc266c26e01576ea4805f7ff7bdd73868e95c5b830c0184fd1a72f507cf8b105d63b951f |
C:\Users\Admin\AppData\Local\Temp\WAsW.exe
| MD5 | d6aca5453a339012a7ef601f728bf4f4 |
| SHA1 | f3cbb8a3b01ce5c10889cd66f5dd848bd1e9e87b |
| SHA256 | 524a0e2725e6c3cf8e9a8eaf6f138925f68a7e56fea467a55feb9062494db579 |
| SHA512 | 4406ae1c6efc8f06988a9f68006096ca340fccbdff94ec5d55574d790d2a0aec18daec3ae2332895ce80e252bf74bcd16b0d634866e611073aa20201132c244d |
C:\Users\Admin\AppData\Local\Temp\IsMi.exe
| MD5 | d25ecd65cfcbbd2b1043a7500a9e409c |
| SHA1 | bc23cb632a07a025945a0fa7aa3905fdd92effe4 |
| SHA256 | e4fdc192efb6b3aac9a145c17a1d4c5db785b294e9423810526de9bcd433abc8 |
| SHA512 | a5d965aa2cdfb517154381649c2d7843e88bb428dfb7d1913146fd1d5997c1091aaff75810dc2c612c3b10af1ae558f402fe5ad183d78dd2da85941cfb80d1d1 |