Analysis Overview
SHA256
2decc0f00c6c2cf12f558ac9d0d2282124e2c99e1ecc6cb67a2cb22dea5a02f9
Threat Level: Known bad
The file 2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Modifies visibility of file extensions in Explorer
Renames multiple (87) files with added filename extension
Loads dropped DLL
Executes dropped EXE
Reads user/profile data of web browsers
Checks computer location settings
Adds Run key to start application
Unsigned PE
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Modifies registry key
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-10-16 17:56
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-16 17:56
Reported
2024-10-16 17:58
Platform
win7-20240708-en
Max time kernel
150s
Max time network
117s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\ZEAsUwUg\MwIMccAE.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\ZEAsUwUg\MwIMccAE.exe | N/A |
| N/A | N/A | C:\ProgramData\guMoIwYM\yIAkEYMg.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\yIAkEYMg.exe = "C:\\ProgramData\\guMoIwYM\\yIAkEYMg.exe" | C:\ProgramData\guMoIwYM\yIAkEYMg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Run\MwIMccAE.exe = "C:\\Users\\Admin\\ZEAsUwUg\\MwIMccAE.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\yIAkEYMg.exe = "C:\\ProgramData\\guMoIwYM\\yIAkEYMg.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Run\MwIMccAE.exe = "C:\\Users\\Admin\\ZEAsUwUg\\MwIMccAE.exe" | C:\Users\Admin\ZEAsUwUg\MwIMccAE.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\ZEAsUwUg\MwIMccAE.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe"
C:\Users\Admin\ZEAsUwUg\MwIMccAE.exe
"C:\Users\Admin\ZEAsUwUg\MwIMccAE.exe"
C:\ProgramData\guMoIwYM\yIAkEYMg.exe
"C:\ProgramData\guMoIwYM\yIAkEYMg.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\usUgoEIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rqIsscgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hMMAIEok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\veEkokUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bIYMIgQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SGAAcUIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gUIQIEEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OuUYEQEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aqYkIEYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qygsEMwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DqYUIEAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lcEAUgAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hiswAQEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dWUMEEkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rSoYoAgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UCIYsocY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gmcIQokE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KcMowUYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OkkwwkIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RQcoQgIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\daEcggEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VAcIYkgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZcoUcMww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wyEccIEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AQsUMgQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eoQsEggo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gWEcwwsU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XYscQkgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NIQIoQkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rGUAgAgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DSAQwUQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hWUIkEUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CIkAQwYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\myEUQsUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "19826594101817433747176736976-1996868839557040237-2111516108-1819257483-397592045"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IosAUosQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1390387873-9230220021910189429-1520912856-272110753-739077850-16264116431520703260"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lygsIkss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HSEEEgYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tYsIUwYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VsEswgEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FIsEcMQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sMQcIcwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EIsYsgsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OsAEQgwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CEwoYwQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FEYUYgQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RAsoMQAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jegIogIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wyMokEcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EaIkIQMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YuMAQwEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GyowUQsU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LGcAQUYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NIIMckYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NYgwgwgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TwAMogkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SoIkAwMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MiUMsYMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MiYoIswU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IAsUoIwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fyAgQsoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\haEgUgMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\doYoYwUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VMAoAAEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OAcIQUkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QOoEYMoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eCwAsQEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CaEsAQkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jaYIMEss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TiwwYQIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PEMsMkIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.169.14:80 | google.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 172.217.169.14:80 | google.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/2412-0-0x0000000000400000-0x0000000000421000-memory.dmp
\Users\Admin\ZEAsUwUg\MwIMccAE.exe
| MD5 | 40fd68483c4fc3c9d3f32684da006229 |
| SHA1 | 9e3efa80a52f35ae4868bb341e63f6aaac20d192 |
| SHA256 | 0add44c10a4a380f5561c5943a98d176cea057e5bd5ea124de55133a589bb87f |
| SHA512 | 72316f6451695f0929f6a5bdeb767d77599eee34d9503f52161ffadec745415c2e59c97a7bfaa463041487a6f2174ed6b4d01ff4585aa9b2c29c1c986d40bc87 |
memory/2412-4-0x00000000003A0000-0x00000000003BD000-memory.dmp
\ProgramData\guMoIwYM\yIAkEYMg.exe
| MD5 | c89877c3ebe3a327f435f5c49bc8e5ac |
| SHA1 | 21e77364dcc15e877daf6da9399811a1f231cf40 |
| SHA256 | c7054a07571c63983566feaef7a6f6888bf341f3d875cb2e881f7c84f47ed1a9 |
| SHA512 | 62fa1998d69c7f9d0c74c65d2f3cc4370def22eac16ab4587c1179b003852ef6126a601d30ff80366dfda82f99e84a8b103197e103e95ca6a9ff5224d1dffece |
memory/2300-29-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2412-28-0x00000000003A0000-0x00000000003BD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\awkUAsMs.bat
| MD5 | 27c66b4f617f751b2b28126607d896fe |
| SHA1 | 0e11140d25ab132fae54b10e036dfacfadcd8957 |
| SHA256 | 3b4cb6d7e7cf0a61bfa7ef2bd32d453c5fd2ced72eea8f2f0772e851759b1449 |
| SHA512 | 6aa195aa01808229da8c980ee35b1ee30e3d8d5cc1a3d2c82959ebb7fb7ccc94784670712e79ba1a513ea1c97d408be3cb79687aa454b0aed0c3034f12aa1e42 |
memory/2480-30-0x0000000000170000-0x0000000000191000-memory.dmp
memory/2640-31-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2412-40-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\usUgoEIw.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\LsksIIQY.bat
| MD5 | 41436a6f58bf0f252912505a45893f96 |
| SHA1 | d97dec0ff5e33591e7a5862d7b603d910446b046 |
| SHA256 | 6ac79d8e2c363d27c4d77bf2fe4e2f4622a93f502b2ee3ce207c77d193d4d912 |
| SHA512 | e36ce17bf98d6a1a798eaacecfdd2ad4eebaa8b758f69cf8b2b93c74c9748ef8ac5603f1ec0d14582600c4033d304f696eb1d75b34a873ab0cb5016d98290f2d |
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
| MD5 | f598e9820ec2badd9796e258a2906231 |
| SHA1 | 436252684b0b285ecc2747aaf1cdf1e4e67a6eb7 |
| SHA256 | 49da8c24946900bd5af73c70099b775d1142033a25b347dd5a21ca68cedc7c0d |
| SHA512 | e26c4b70ca14d0790d4495d56adf1ba87b0f4a5b86e87a9e4d3a9466443c6641e48f493fbbce29e9610e39ec0c150ed8bddda4e898760aa9f8b83bfb51df1f86 |
memory/2604-55-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2560-54-0x00000000001F0000-0x0000000000211000-memory.dmp
memory/2560-53-0x00000000001F0000-0x0000000000211000-memory.dmp
memory/2640-64-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zQoMEMcA.bat
| MD5 | 0950bf686c62c1c344e7a29f566746ac |
| SHA1 | dde130a3138701468fb26ce27e404490b8e86157 |
| SHA256 | 99666ed4a5fe714e2b526d378c8838b2c27d7af980a9ffbda6fcb3c6543b9d16 |
| SHA512 | 56ff45cf7ba3ae0b2420632176349966d69f0230f3e636c0e42ddc1aed3f0e93a44ec410de96ce022df781ee8983179a0d18323c583cdf6dd00dcc8347763fd4 |
memory/1956-77-0x0000000000260000-0x0000000000281000-memory.dmp
memory/2604-86-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\xiscEkEk.bat
| MD5 | b0e95e482f0ffb9058bdc1675f0ba8b5 |
| SHA1 | 1cfac075fcf12ea623208844a329b3b7ad8217ce |
| SHA256 | e83ab55c90a23d863d187a33ffb92572dd0926b7ed4e69deefae7a9d0b798162 |
| SHA512 | f2dd205f4a0158d76e1ddd0f9c571c4c251fa01df42a98ff976716b300b01e38097d507bac9dc6acd051057f032712606f7d2bc3977805f5096cbc3b9c3422a8 |
memory/380-99-0x00000000000F0000-0x0000000000111000-memory.dmp
memory/2744-108-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\piIsckcI.bat
| MD5 | b5029211db01ad323424ef72c4a4816d |
| SHA1 | 875e9bb945046aa8f5c52dcd3d3d9a049018a38e |
| SHA256 | f26ebbc13b93550660115e331cafb91776e6181b9a1cda0bb5c6277e56ee82aa |
| SHA512 | 72d7bbe2e580ba28a710d9bbf2c0ae37777ecd36b203bed3cb4a4fdc45e7eee06773d187d1bae164fae3f935ae19d767a4618c4829b6b0ab5ba10b9c897b20d6 |
memory/2252-123-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2056-122-0x00000000001B0000-0x00000000001D1000-memory.dmp
memory/2056-121-0x00000000001B0000-0x00000000001D1000-memory.dmp
memory/2160-132-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\LAUsQUcc.bat
| MD5 | 7ca1151ca7ac738f520c2df5f22b76ca |
| SHA1 | 46497f7ae54a63bb81edd3644c94102e861a3459 |
| SHA256 | d7e4ec82a93d7ce3c8afbbc69a0e561337e089842a97ee15ea7cdca8b2f9f65a |
| SHA512 | 4bafcc1571a1dd91403bbd5c9061409a4278ee6daf68d6b57d72836f77539922103fd0b95bc64a16ab8e1c9fbcd82ad55cd5c280e7348366ebed6325c2011fba |
memory/1700-145-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2252-154-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OMEgcQAI.bat
| MD5 | 2478c5e91188f0c4c9318aa7f61539f1 |
| SHA1 | ba2b523de86a7abb70f3e4b56c331d1f681d74fd |
| SHA256 | 50599278e73df75afb4bb42069266d28647d9a70d7d0721e34121eb94cc58466 |
| SHA512 | e82d0fe36eaaf48d94c2bcc5c8d0daf8d6c496e3d1b260fe7ba0bd609a81227c7e36d87bd27a7d3ab46f439f9a07f20442c06b2aae8e241b7aef6b290b23857d |
memory/2656-169-0x0000000000160000-0x0000000000181000-memory.dmp
memory/2656-170-0x0000000000160000-0x0000000000181000-memory.dmp
memory/1700-179-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\iQEIUwEM.bat
| MD5 | 4986c1f1a8cdf7f3530c4d0a42451c6a |
| SHA1 | e9d61eaacf1e72e145c4f01cb4dcb49fc4c9bb9d |
| SHA256 | 684dc27d226ad0b89f0759fc5ec48f7a1207e9fa3fcc5c8efed77e0ea16ed2d2 |
| SHA512 | 6819fe768869a7409e48626cc863a9e786ff14723c3ae4cc8b190b56020eed6f7cf3994885261817295d5cbee19c0ab647db1d0a92ec7a79b36a3da418f2c6bb |
memory/1596-193-0x0000000000120000-0x0000000000141000-memory.dmp
memory/1596-192-0x0000000000120000-0x0000000000141000-memory.dmp
memory/832-194-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2808-203-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GwIoMMcU.bat
| MD5 | 1b70ba81a02023c20dd374c87a5274c6 |
| SHA1 | 71862735f2145d672b45e0cb592fd03c5cd8036e |
| SHA256 | b1469e66490b54869e4d73f5042b409e4369ea1335f2f1f163aac2a166d138d8 |
| SHA512 | abb183c0a93dbd603cca3ce44e93ceac74bd394db7ef35cd7c468b98aac7bb3dd5d7d13ee2b01412a0a844542606f91feb1a26608ec3f6a754e2a3304afa7632 |
memory/2872-217-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2900-216-0x0000000000580000-0x00000000005A1000-memory.dmp
memory/832-226-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WiMkMooU.bat
| MD5 | 96f77904703b3f07510865e63bf5e52e |
| SHA1 | f7b9edc2914f22beb400548e6082e3b1b5b7a19f |
| SHA256 | 6bac5a6c1016b762fff21283cf8c9a4c612da66cb2e514d0da0ae595517612ab |
| SHA512 | 072ea8e53b2ce7b2c1640a03268d66e7d6ac05b3b095088a808d14617cb28ad3e7f7db66229e65778bb29070c01c6f9c66a3b18cde686b564359d2fcc45346c6 |
memory/2952-240-0x0000000000400000-0x0000000000421000-memory.dmp
memory/736-239-0x0000000000160000-0x0000000000181000-memory.dmp
memory/2872-249-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\luoAAQkU.bat
| MD5 | b9bc8444f2e13385e2cd8786bb6b0a14 |
| SHA1 | bac78a4bf20e2e4cf7361c5f512361e0075ffd45 |
| SHA256 | 0e4c0d73a6c4f31bac9e78650123b384a6f406601d0f46085501005a7270f11a |
| SHA512 | f8e1e223069ffcc7afccc2ad60640c4edffdd61df28b747af47f22fd3e67b21ea0a381864e938c4ed013aad1e61914abd6b93ae36881b2a3b9874ce7abaa1ac7 |
memory/1748-263-0x0000000000180000-0x00000000001A1000-memory.dmp
memory/1748-262-0x0000000000180000-0x00000000001A1000-memory.dmp
memory/2952-272-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nggkUoww.bat
| MD5 | 333b0bce0d9d7c3965bf9a8c992dc55f |
| SHA1 | 3b0a5d92d54dc42dad3d7c296faaf7537893eda2 |
| SHA256 | cccd68fb6ac509be090bfab3a64a2c96a28a95580b5783d1830fce6ee4d366bb |
| SHA512 | e655fb5fd2451aec5abdfeb7e38fa664b705701376cda5e0bf8131594f14811108d60f9d1e037a5ea98c0578f8a9f69144e8bca7ae6106a30248e0f491b75d4a |
memory/1780-285-0x0000000000260000-0x0000000000281000-memory.dmp
memory/1780-286-0x0000000000260000-0x0000000000281000-memory.dmp
memory/1600-287-0x0000000000400000-0x0000000000421000-memory.dmp
memory/344-296-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\hEgowEAI.bat
| MD5 | d9ac5c7bea97f59675ecdda802a6496a |
| SHA1 | 424e4ee8e5f714391651cb1af2fab51ba0664aeb |
| SHA256 | 999901e8b210bfb68148c24836b512f3e0242cd6804ac1914b23295f9f2df4bf |
| SHA512 | 5cacaf58d553497cd09128e1139e6f66224ee6c1be905437b66debe03cd38c640e888a8b5f302bbdbf0abe9a761cf30d533ba18dc05cb7f8d4e7dab24b332734 |
memory/2988-309-0x0000000000170000-0x0000000000191000-memory.dmp
memory/1600-318-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\VOQIkMgw.bat
| MD5 | 3070cc4e3aafb7a238c7d1ea94d70c1f |
| SHA1 | 775f6aba80e2298a8b853c2cbf003ac16a958edb |
| SHA256 | 42a22ec0dd42d4baae95dce5fc9ca42f5627eb8671e5ca0f2bb8979e1f4567e0 |
| SHA512 | 92f1003d20aa81690fffd87873a91877016ce8fe36ef4c2731dbbcf2897c0899cdfd5f8026bb271848729ff2dffbe7fa9d67866e13cc1ef62a3ca6e29985539d |
memory/1340-331-0x0000000000360000-0x0000000000381000-memory.dmp
memory/2596-340-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BcgsMAAk.bat
| MD5 | 0e721d6214de7fc9254eb7901b931b30 |
| SHA1 | 3697a2360d7dc6e013a801e2ecfc10b28df36bd9 |
| SHA256 | 12aba1991789a7a32ac224b40bce798b685bbc54ff0a3b567dff58cf898e2d8a |
| SHA512 | 5a5c70e61a8e2c168ddff92e801cd4eed8daabc686f1fbfbeaa61e6eabcb8f3a44b125742d027d49a436850f4939211428e9fe496257ee5051fec9bd2e5442b9 |
memory/2776-355-0x0000000000400000-0x0000000000421000-memory.dmp
memory/832-354-0x00000000001E0000-0x0000000000201000-memory.dmp
memory/832-353-0x00000000001E0000-0x0000000000201000-memory.dmp
memory/2600-364-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QAMsoMwk.bat
| MD5 | c1f13410e6171587e713ad0ba050dda4 |
| SHA1 | edc503191446a0598ac43ec5fb35b741116a1a98 |
| SHA256 | 04383ce9a905c910ed6e221f2fc56176194c67bfcbbcf0cc2fb229208387231a |
| SHA512 | 444cae9e6f116c3ec68e737166c43b34e6f1a85cb9ec2e5247430f8538477b010d732d7f75ec1f635bd1e8a3b13597a3581e1b627a4912c8264a059b2110c41f |
memory/684-377-0x0000000000380000-0x00000000003A1000-memory.dmp
memory/680-378-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2776-387-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qqkIAcgg.bat
| MD5 | b3ef00291e4abe5342859c524a2bc528 |
| SHA1 | 4f472d4dc752ef13f5d016c8d47859b91b0469bf |
| SHA256 | 5a17280af4795c611465bb2f414222daf3eb152f7f362611e2ed16c77bb393b1 |
| SHA512 | 4df13db6d0a600e758c3a3ea64a5809cb816e269149f7de08707660b85a60c135872688e2fa7d0604bb5bdc198df8bef2deec2bceb0bfe650158774ca2cc1649 |
memory/3004-400-0x0000000000310000-0x0000000000331000-memory.dmp
memory/680-409-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IAMsMooI.bat
| MD5 | 78fb82099fca5286ce89dd6f8096ab21 |
| SHA1 | 48308f4f31e587c7d817949eacb3db3f2ee21f91 |
| SHA256 | 9df7211437a02edf6f10b9967bf0278a1e78057b8cafdaafdbcb72c7032b3225 |
| SHA512 | a3b30bd57d3929053321d3fbb45d9a3abd075e68f4025afb848e2619878930db0de66881c6939ed2de84ba228daed8faec9836b75ad3ff7c21ee5a2aecd62390 |
memory/2688-424-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2664-423-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2664-422-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1028-433-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KcYcEMEU.bat
| MD5 | ba7c7e8da674ca135890e5a6e5a427da |
| SHA1 | 5f23d27b37f5b54d9e68b3c33497e5adea6cbb81 |
| SHA256 | 250bdb99dc4caffa7d122d671868a26a2c5ddd5104c7ad069bba159c6aeb8c11 |
| SHA512 | 99584e585dfd082ca3ba43867d697526b20eb2d0b3f5587c9b5500f702c5cc589f1a20a5ccebc4ed73cd43cb269199233fcb71c650f8f8cfb5fad0ea09312a26 |
memory/2880-446-0x0000000000160000-0x0000000000181000-memory.dmp
memory/2688-455-0x0000000000400000-0x0000000000421000-memory.dmp
\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe
| MD5 | 9d10f99a6712e28f8acd5641e3a7ea6b |
| SHA1 | 835e982347db919a681ba12f3891f62152e50f0d |
| SHA256 | 70964a0ed9011ea94044e15fa77edd9cf535cc79ed8e03a3721ff007e69595cc |
| SHA512 | 2141ee5c07aa3e038360013e3f40969e248bed05022d161b992df61f21934c5574ed9d3094ffd5245f5afd84815b24f80bda30055cf4d374f9c6254e842f6bd5 |
\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe
| MD5 | 4d92f518527353c0db88a70fddcfd390 |
| SHA1 | c4baffc19e7d1f0e0ebf73bab86a491c1d152f98 |
| SHA256 | 97e6f3fc1a9163f10b6502509d55bf75ee893967fb35f318954797e8ab4d4d9c |
| SHA512 | 05a8136ccc45ef73cd5c70ee0ef204d9d2b48b950e938494b6d1a61dfba37527c9600382321d1c031dc74e4cf3e16f001ae0f8cd64d76d765f5509ce8dc76452 |
C:\Users\Admin\AppData\Local\Temp\OoQC.exe
| MD5 | cf351460977e2917068b5b56f076412f |
| SHA1 | 1ddd5d70f02671d8475742e0895fe1988f79d93a |
| SHA256 | 56338ccde50f8cfd7482270b94ccbbebf23a1cf08e442403a1da14aeb03e6afd |
| SHA512 | 1d818d693d14f56616915401aec40ba97b62092467fda91db3cc5951a74bd9e077bc5d6602a28dfa3ba134f1385f5855cc603e76840bafe29f2c7871153301ac |
C:\Users\Admin\AppData\Local\Temp\ZqYwUccw.bat
| MD5 | e14ec36f4857603053773162fe360f66 |
| SHA1 | fccabe8ad33c7db62647a92603726dfba0a4c206 |
| SHA256 | b40ea4da264837e3abffe33b67454edb206e09711bc8be55aaa11a85650aeb6c |
| SHA512 | 574d843c5f17f6738ded39169cd5133f708510b2589b5486dfd3b7d5b37a3c67bbfb236a3bb958cb48d445da6369bb974e3824325700461ef2d582ce9ba6d6f1 |
memory/1620-482-0x0000000000120000-0x0000000000141000-memory.dmp
memory/1620-483-0x0000000000120000-0x0000000000141000-memory.dmp
memory/1052-484-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2760-493-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qQEO.exe
| MD5 | 649c5ea0d61e8a7c2d664634f0a66a62 |
| SHA1 | 78bb5af3c44e75017bd917bebeb5b8c2f42d6543 |
| SHA256 | 7770afa5a5aa20f7b02bacd90e92091e212222999de0e05b0c7a5a80305c1f27 |
| SHA512 | 5d0cf702190f9932dc183a6d06eacafc28dbe471921c9a49a31fa8f807c5eca95683500fa2c6f5a7548dca3d1fe049bca3bb3c970af6bfe48dd0add7d0afdb6f |
C:\Users\Admin\AppData\Local\Temp\EQsG.exe
| MD5 | b2b383c6bcac130079db5b5c6f04d5dc |
| SHA1 | afdbde335862fe93c6776eacb39b379e567a2fcf |
| SHA256 | 4d8e861330af975725eb65c8519f00ed11366d7d3dad270003629c85eced27be |
| SHA512 | 4be853f0311df5cbed407612f46cf81a23c08a0e2dd6e654e76c60656e9c3bf62f05d1df3d3c5058b7b405e83bae4147c45adedfcda6b133b2722b51dba5a825 |
C:\Users\Admin\AppData\Local\Temp\oQkO.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
C:\Users\Admin\AppData\Local\Temp\ukcO.exe
| MD5 | 8bdcbd07beb6ab1c467ded9c2a308e17 |
| SHA1 | e73b43f19c71781ffcfde00cdc563c1ec55b8aa5 |
| SHA256 | dbcc7d6c7a3f535b06df53097d767fab0ff8fdcc6a394ff5c63875e23be8f07d |
| SHA512 | 53af2c6902b86c04201ae4266b17d1e0d3f23402d8ca27752f79aeb89a69652b01a21ad73f53d150647aed555684563d949b4c0415289c35c8ac7d7ea39ba6b6 |
C:\Users\Admin\AppData\Local\Temp\ZisoggQE.bat
| MD5 | 897b08e3b5257e0764b595ae9662ec97 |
| SHA1 | 40eb62b35ad731db6d2dbfb3b1512ccecee892fe |
| SHA256 | a0b2511a2ee7b059a593f149947fdb3a4f8fbf8868d9986ff54bbfde786da2b6 |
| SHA512 | 86b7e7ee6e79e43faffb874baae19fc85600443e42203da69df0ec66dbfded5f6092990228bc22ff9980eb2c11f929f3345268994c6ab8a8a5952fe21772afb0 |
memory/2248-543-0x0000000000260000-0x0000000000281000-memory.dmp
memory/2248-542-0x0000000000260000-0x0000000000281000-memory.dmp
memory/3052-544-0x0000000000400000-0x0000000000421000-memory.dmp
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe
| MD5 | d653581b7f49a67011cc2ca12456b7a1 |
| SHA1 | 824a4b08077613281a7f755c4392eb06a0162aae |
| SHA256 | 57d088661f6679f970f8cf4eb0de7ca5d0501bcb481fc6f04754859b26f8d617 |
| SHA512 | 70ae47f230ac45c24a8877f8a4bd7e2017fb479a098ab1ec4bf5b31f08793215d50e827e747e2adc81bac0f72f8801d616ffefed3abda1293df747a8bd411c2f |
memory/1052-566-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\agcU.exe
| MD5 | ba4b6171c807b32c025c17a4ebd0bcf7 |
| SHA1 | ee15d9c7e09580f7cd6e33c7634532621e2f7ee3 |
| SHA256 | 17dcbee2113ec1e79ae65f863b10b8fe797ad425eec89c72f6c95757a6e9c853 |
| SHA512 | b521f028f9b1d74daec5d296cc9be82ddfbd82877e572877d0b0a43d6001909573224bddceaa341d7255e088a8aacdde5bc3e6ff30f95cb2cc42ddd6ac7a6c4a |
C:\Users\Admin\AppData\Local\Temp\UgQQ.exe
| MD5 | f8bc5f39eae6e24223e852ad9b84f057 |
| SHA1 | ee3d1b81ab92d0774effd0cc89d49390ffb89ec7 |
| SHA256 | c2ab7ae693da382d0b68121a0a64f18265b9152e1a7f5e3c6eccbcf01d08c07c |
| SHA512 | fa350a8ed7a186405886256842767c9a09128152e9fa099afb86bbc09805f1262cc00aa86b26bcb573af7585025e4f0a4ba5ad9e4400fe73136eb4e05eecb7f8 |
C:\Users\Admin\AppData\Local\Temp\wkMW.exe
| MD5 | 33fb77679f68d5d8e6bbd9acbcedca74 |
| SHA1 | 195c1abcb4bdc646706428a5522a061b172469fa |
| SHA256 | d1944e55b1754848e61b5c5b462b224601bfd7c781d1dd78c00790ba241f1abf |
| SHA512 | 269a084e042b38c21108a2c6284754165143e77cd6a9cd8fdd3602105018e54b0c09410cc45f706f25e699ff0fcd4e7ef7fa3712e83e0bd809b4f4c0d0d8c186 |
C:\Users\Admin\AppData\Local\Temp\baMogoQk.bat
| MD5 | ba27245067325d683009f9ff81840e4e |
| SHA1 | 8653091626c63448344508473ab2d307fe7d42eb |
| SHA256 | 0b6776240780d122fd54653288e887122d6328c09de00cc9c894186f667918d4 |
| SHA512 | 08258fc01eb1129fee4a66f15012d6965a7ba2598da4164ae90b00e19dd66dd53470cb15bc74717e9d6a1c91f2a55ebafbab30410bc98c185ae590f7db18ec11 |
C:\Users\Admin\AppData\Local\Temp\IkEq.exe
| MD5 | cd2d6b8343ebeb6a970446bfa76c5ec0 |
| SHA1 | 1966fd28742cb9f8ddde2e9cbd82c19d0423366b |
| SHA256 | eb641ced44c999f08d24350387ee1d8126fccae83210eaa45f8e4bcbce2287ad |
| SHA512 | 3bb26fe8de8ee8261158013090946890ead804e0d03f658ae24ab36160d61426826ab4387dd5ef59b9da39a9ced5fbbfddab4f0e5890c270d07f15406c4c9e4f |
memory/1976-629-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1976-630-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2216-643-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\awEI.exe
| MD5 | 1ef2938b799e2feda552b25b4c39b06d |
| SHA1 | 68d8334e71c4190f06b399ac2155281a3fd2cc7b |
| SHA256 | 9aff0c56c51d7e099aa3b16febb00db01e15ab08b676aec730163b59f0e21d0f |
| SHA512 | 71e5b92209742a0f6f9dea227397184e7a023cd6cd811a652813fea576f38fe90d2fda20d0c7ac48cbaadf4a9d4151dab815542e2f1fa952ead5da3968a2c159 |
C:\Users\Admin\AppData\Local\Temp\eUEc.exe
| MD5 | 63e30852f4bc988206a82fd7e1826256 |
| SHA1 | f61d50804a703e64ec0afb8509316c0f44f2a9b6 |
| SHA256 | bcf178102791f5406fa5aefaa65d8c2e28145c56ef4999efa1cafce8e86a5d14 |
| SHA512 | 124ff7a01ba7e27cc24c1eb308990f37be9c13da37f32ea4520dcdac6a6b1739c1b36ea051ae8edaa3f01948fb5887d5d455332c669b8c442cfe91e462d04297 |
memory/3052-665-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\coAk.exe
| MD5 | abf18e6d583a20e0040351986ddbc6df |
| SHA1 | 14d20db7cc19704263411d672a108c6b2262fbd4 |
| SHA256 | 3b19465ca75f472d40d53cea182be7366143c6d510521e0e70d5f498c3f85bd7 |
| SHA512 | b1fbc2387709fdfc21273d4a7649868fedd86df4f8c986c9baf3fa7e871b35849c737e3f0f1743cc735c0738e5878ab05db9bad53520fb2b6474443749b35e71 |
C:\Users\Admin\AppData\Local\Temp\KgQo.exe
| MD5 | 1676e98927832fea66b9750b9aef7eb3 |
| SHA1 | 78cdce54292ab1c59b44a6a11dd1d41be498d3a5 |
| SHA256 | 773da295ba2f6f11f72485a6f4354bcbb13997a5807dbf13f43cca0d5ca71d09 |
| SHA512 | 3ee982dae9605ed194472000ac78712d853355e0865342b0aeecf80fa5433d5c2bea9a0d74d93b563db0b054b93995400c8a6e6c09e33c22291ee6ec59a3feed |
C:\Users\Admin\AppData\Local\Temp\fIAYgAMs.bat
| MD5 | 196005021861844c19df1ba163f9daff |
| SHA1 | 5b1fd2d0cd2e5a6f590465dcbf537b4c0aa5d120 |
| SHA256 | ed4e92ce2fdd7f805d62b7262f11f755ea81a7eb658fe5c9cb210b5820ef81c1 |
| SHA512 | 15407dcf55920a0c7eb51b3639e7056878078d2004398967bfdeaa2e4e7517ad8bf77c1fe578ffcb9955b1ab63b922fd4e57e6ec0d144cdb2d07d5522305f298 |
C:\Users\Admin\AppData\Local\Temp\AIww.exe
| MD5 | fd1189abd999c44ee59515225d89bee5 |
| SHA1 | e21601a3a3dc8535b140fd6abd1d6249bdaa76b6 |
| SHA256 | fa085fa33e4475c19c48a63d96b4e098fbc067977eb94546617b1894ca8506a3 |
| SHA512 | 99c325f0baea65bdc403651a7b3c59d625def1b3f1d95d64bbf87cf27b7656c902399987b5470ba25998cdb2a1690b2b706059312c1b33c73341f7176dc48945 |
memory/1820-726-0x0000000000120000-0x0000000000141000-memory.dmp
memory/1712-728-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1820-727-0x0000000000120000-0x0000000000141000-memory.dmp
memory/2216-750-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\UQUq.exe
| MD5 | 8c69b57d32075e0c875f164ae2c91d48 |
| SHA1 | 3619eac5ad2a19f5f8d946db647d807a82d9d33e |
| SHA256 | 00c3e8b44f2b0158ca236d692bb2f2a294c93abe056e8573eea6df0f50a057a7 |
| SHA512 | 4fca9ece84a862c97b91995a89353a7d9f299fc35c739ed7eae9dd243bbfa9ea2d0b190405f18dbd6d78ce3d2e3e10ed7eb69c0f4948fdfa37908fd3c68ceb18 |
C:\Users\Admin\AppData\Local\Temp\mYce.exe
| MD5 | e249ff4138dd937cace0b11a8eed8b6f |
| SHA1 | cf2c31ae088e1feefae4107b3b2caf16ff37ccaf |
| SHA256 | 7b7b83127d9d0b7167ea87c43169dafb8ff7bddc7d3d41f191aff896fac3e606 |
| SHA512 | 3b25371acb4684993860708162048776c19daefe1cdb5a55a472b46146bc154f94509261f77e186e2a14b8677eb3476f717ad6e90f9abf7918217bfae067a803 |
C:\Users\Admin\AppData\Local\Temp\WYccoMAw.bat
| MD5 | 9e29d2964196cb15be8cecfdb6a8bcf0 |
| SHA1 | 5d2eca3571fef2f5a5dede7d2f79e4a9c05cb4c7 |
| SHA256 | d74476bad6112af85f1e739811de3eea002e4007f763afb29bf3989fab8027c0 |
| SHA512 | 03a6a8a5a91927aa837a425b233a489e818e81bba52bb28018807b434613e25d8fa16af6a00b334263fd68cf85f976a3717e1b35c63daa7b8314f71a5c745920 |
C:\Users\Admin\AppData\Local\Temp\UQIE.exe
| MD5 | 39549bce74be21e28ea7533d2df19d56 |
| SHA1 | 48a70de3aadcff6f750a5d9010e362617b424192 |
| SHA256 | 6ac07981836642b7f23ca60f68c74e2bc0f0121e0ecb41bd9f75721eeeb0605e |
| SHA512 | 6d5a891ac1ec290eff31dc627c6943ac83364e4fdd1f648e7e73c5095a1bdb52e7931d7077aac564f183679d0780f5f6403924f043362f21cf204c51be7afc18 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp.exe
| MD5 | 9fe5f9a467cf5dc99439862ae7a07a17 |
| SHA1 | ce46b2b98b6e5fc916a857eb942908e4437f261f |
| SHA256 | ab70d81089b040b70a978db91733d835cb15f13597a2a6864e155fc2fee4a55d |
| SHA512 | af7fa53616f33be194a75c67c444ca3854c0aec33393f18fec404f72837bf4534ffd50a71ab814448c8ba8862f928cf9c1e47c441b2f07339b85ffd82b59647d |
memory/1052-787-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2748-786-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1712-809-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Ksoq.exe
| MD5 | 9230dd6b5e8104e99cb5877a66ce227b |
| SHA1 | 91b343238d815c8e8204af67716e9fadd497e6d8 |
| SHA256 | fd6a88b585d2ac7d9ed2cf1911be9838f8504cb0d178ecb6cc4db2d5e731ae09 |
| SHA512 | 115931d5e9153933331362f73743a532d9141179e872e29a2f21dfffb63a9f9843a97c83aa06ae1f9b075337ee055449bcdc1974c115fa9048094744edb98b05 |
C:\Users\Admin\AppData\Local\Temp\WIwg.exe
| MD5 | a5a1c5b9e4bf6c0d7a5ddfbf8a90c634 |
| SHA1 | 7826ddc48d432fe902811e64be332ef7159cc950 |
| SHA256 | bb9c77c48cfd4eb26c4f650de7be671dd00f759537c5ccfca18f17c8ec9fc043 |
| SHA512 | 96deb0ffb04cb239367bb1cf01fd6649f6ae68e2f588c75f344a4d8e3a0c17f57ca07e6490bb1bd414280d5a83a3f61eb8b3e682b9116fa185a72c2dd630cf2c |
C:\Users\Admin\AppData\Local\Temp\KMgM.exe
| MD5 | 4ef53cebe3d99ed68c72d70ad9c387ee |
| SHA1 | 0b686e0dfb5acc3189aa87856bdcfbc8cff3394d |
| SHA256 | 8c285a590f7c77589a7b59ffaf0964c6316a4aafa9aaf900ebff128320a24776 |
| SHA512 | e39bcc874a95f74c81a7c8f0a7d0525c5afeac30e388d4e74e5bf41903ee34dc59098621e5ff1092e400aa0c5eb8ca4ee4ee7fd48b529e88b63723a1910b2f98 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp.exe
| MD5 | ee4602fda7e813ee92e650594fbe7834 |
| SHA1 | 9f10b6880299aca49b0e17596da1b229d82aeab3 |
| SHA256 | 1cc0ddaf944e27efc2e6a6f7f497f3c49cf54223f1ba80c19fec966153ff8984 |
| SHA512 | 5eb9bc72f9e725646ecb2421bf85f294b6dadaf989a44acf15680b876a1548cb09bf3208dbc9550d5dd64a3769216c261b542d63eb477945b2280b8fd83b7709 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp.exe
| MD5 | 80f1e82830bb830408d6d78201e9adc2 |
| SHA1 | ba5287c5a98ce481d656c480c6d6f5c4acd9636a |
| SHA256 | c2119b1d247f853b722ba19f6d1565e056cbf6255639ef1207ac497f9eb46605 |
| SHA512 | 97c99c5cc1c0c27bcb0e1f9c7d1088f171af7f22af1b37669159559bf26c90a64db06575453be6948e2eafd24fb239694d4a4186eb1555707bdbfb605bb5cd5f |
C:\Users\Admin\AppData\Local\Temp\eGoMkMgo.bat
| MD5 | 30beaf96e24c4a75ad4425d54f145cb6 |
| SHA1 | 5e054c64ac0848b640b647a556f58fe7b84ebdcd |
| SHA256 | de27385101572a7fd2dd57dabb0dc455fee2a1344b3c66a37e3f2f329c57e9b5 |
| SHA512 | e23974367e5da05a37d234b4f9af6a5d8d3b2917dbf241a09851f5e6d88bde1fbe7cc8ecbbbd2ca15c813a2d082f9e7d9615ea485816fa4aa2900e99d7164fad |
C:\Users\Admin\AppData\Local\Temp\Csgc.exe
| MD5 | 53e55b15346dc559d43c7887411c846c |
| SHA1 | 3b651a1b20c08472194f9ef021e4c7331774d23f |
| SHA256 | 41a421feeb397b00c232b279d53420ac082e67e481423884bb7f8fd3e201f543 |
| SHA512 | 893234558055cf9d4030ba4c37ecc0ef5f131e1abcca744b392b13142207e5b1230f89047ff7df64049a88e51391e13b993f764ea6c739a4e076e6c756784312 |
memory/1864-897-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2232-899-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1864-898-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1052-921-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\aIwU.exe
| MD5 | 3c8126d0b878f86d0fa4cc1392eb7811 |
| SHA1 | c3cc37d057d8594bcf629034e120fce8a8f176a1 |
| SHA256 | 307ee90a20d9ae58e3f350f38d95ce81d2031eb45f011a9a06310ca3a872b593 |
| SHA512 | e3f1367380193709908772a12d810f3540308009cf54831167bb8dc526a1c71d5977e5d20828d0d6f49054c614501ee6404e81e03d21293680680a31209ff488 |
C:\Users\Admin\AppData\Local\Temp\SwcI.exe
| MD5 | 13939e125b32ba303002463995f1104f |
| SHA1 | 08785fa0ee22bdf5d45c436883f2edce8570ac7a |
| SHA256 | 3ceee6e8eceae358e6372dfcc7f977b5e91f27479cb484676e112e5f204f8bb2 |
| SHA512 | 3f4b3a2bf1dbb973e68a1643d0d34d337d565c4f976d98798185a15795477cb932af221fd9f6e92d8264f4612b7051f6e831846ae1f602b3a4417073c5b157e0 |
C:\Users\Admin\AppData\Local\Temp\UYgo.exe
| MD5 | b89bd757efd352a353feb29cbdbf5701 |
| SHA1 | e73fbdee768e9b9ec5c438f645eac8f73d424948 |
| SHA256 | e677eeb75bea9d02488d3e96be07915e1fa7ac6f2bd96cdb03a733041fa70c2c |
| SHA512 | 056e3f967615edc95b3d98ea6bc37f68e80e9805fedcb172fdc41fadad267cf39c48a729ace23541a0bafd8b0f6471d0ba6f114d4fed1553bb609e803ab77668 |
C:\Users\Admin\AppData\Local\Temp\CIYw.exe
| MD5 | e2027f207245e236f1747b50e0d12dac |
| SHA1 | 56f275db0b9f8ed4b736ad67715cd76099443e45 |
| SHA256 | 762588556e00c170839934e44c2636537a0a36cb45c816dcc8e152b8a7c67543 |
| SHA512 | c2913c5080e20ff1ee14bc4f60b7a1a6ebe3d3878e98db28579574e1a67639c9023cbf838bbf3b4baa4970aeccdda18fafdc03cd6c5f2d80cdcc55410c783021 |
C:\Users\Admin\AppData\Local\Temp\KMEW.exe
| MD5 | 7173c23c413a762bf336ccaa72f4f87b |
| SHA1 | 480fed6865e8f92d516e7ec145baad47240c4ef1 |
| SHA256 | 6881c96e0152316ea45afe13c15199f0f08037233b3ea81dfebe6354af792200 |
| SHA512 | 0bdf042d1712a97d8270443e857f62b3b7806b0b5371d4e6b97ca68590c501e29a163744497411cd0948bc96bf81042799e7cae71ef9eeddcd4c965ba721e3f7 |
C:\Users\Admin\AppData\Local\Temp\UYso.exe
| MD5 | 1c35e160bb03d389451550481371f880 |
| SHA1 | 0be8aae2bea39dce127398dd2f0b269737b63c77 |
| SHA256 | 876b55a86e58e8cf55842752d7b9888c29d4291c1fad94f8283dd2a6ef59834a |
| SHA512 | 2cd3c30e44c33f9445d345e0636db7783b9ffb49375c59fb5c2be971dc1d521d1fdf0f1ddd0f91abacd9de58ee0700fe7116a7cf9b8d5cdbda162a4fcf9f2661 |
C:\Users\Admin\AppData\Local\Temp\UyQQAoUE.bat
| MD5 | e22b5ee106c20d28e4032191d1ad6123 |
| SHA1 | 132f6a6ddb826de9af255559b3155ab9f807c509 |
| SHA256 | 191162cffc199674b5eab11900e398713b2bbfd3622a580392deb05aab7391e9 |
| SHA512 | d4802fd83dfd2d722bf8008872dcafdef323e07c949dc5a030fdff7bd4cf5e2fccd73772cecc4adb02d314a94f8fd979462d44ebb45b1dd0fdc0c839d092129a |
C:\Users\Admin\AppData\Local\Temp\ykUC.exe
| MD5 | 999026b31f0ab0d6228940c52d472b75 |
| SHA1 | aa78d17700c7c00112a97d4f7a38f5fe97b1f159 |
| SHA256 | 67c3560f3755bced4758600ce6e0d08e29999f6d2e77e58a1e71661a8b7f29a8 |
| SHA512 | 97913c7c9c3f54690cb6d37e5fc95bdb6f56036cf27a69ee3aba07955f3c361d9f6aeee83e0208f278b4c29a936ef034f95fe43250867a9b7676ec8f1a92593b |
memory/2920-1009-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\goos.exe
| MD5 | db32eaebf8230cb8569052e379fe30ef |
| SHA1 | ae7e373b0706f99d6b278ba04478ccbcfaf08114 |
| SHA256 | 46a30862e3f61ed6c116b6beecceddb7ee09d79bbb9c60ce9a62b8cfee23d889 |
| SHA512 | e2834ec130158aa57c672557af0d2eb05eb67b05b16fc4776d91b024df6b9cff2378f5c6b6f22673ecb5d8991bce4a573abacf22c973f657a0480e6ade95aa97 |
memory/2232-1031-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MQQM.exe
| MD5 | a2f176b0cfd9116d04c426e1f0b6171a |
| SHA1 | 1af13b6f9b2b85d34812a059827b09f19eaf84f4 |
| SHA256 | 023c1fd4aaf7906c214d38027d1e1e4baae43c528d43478f92295f25b33e2b3e |
| SHA512 | 90af5385d8f2ed2746d3d45630e162fa812f5847c62a37982a87058cb8da4d8eb60c41f9f153e9fc3231f990787c147f7fa2046e722d7513db0d993912b29742 |
C:\Users\Admin\AppData\Local\Temp\YsEq.exe
| MD5 | 5137ea1d172b1d37b50ea565a5af4a49 |
| SHA1 | f0f554c9c0bebbfa835f8249c202875de10d3764 |
| SHA256 | d3872bb215ba937e8e7bbe0052e427e443a1be23731f572c995d77092a085fbc |
| SHA512 | e99744f68b669e5d6806dc18e181174cd678bdc7dad21c0fa68f61615a7bf104741cb085a5ff84d159a1511794e1a28a222873a0b772a641b18c3b917d71c240 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp.exe
| MD5 | 9f35527bebfb3e4a3e3035f32c9942a3 |
| SHA1 | 950fcbace8972d19389c94d1c2d4244ef69ec2bb |
| SHA256 | 999609ec164643fbbe67ad6c9291927d42d5ff383d196a4cf2c7dd54ad865203 |
| SHA512 | 2e2b52811039b3115c3bab62e23744f1fb0e64ea3e9c344585698de55d4770338c3dd9a17a181abac08d5148f46a5b84adbd6dc4dbc2dfdac99fffade3137fdc |
C:\Users\Admin\AppData\Local\Temp\Igoc.exe
| MD5 | 688ce9164453bd73a79c7b3ad1c3f282 |
| SHA1 | d8088e30f4038ed33867622dd75913a163c8878f |
| SHA256 | b99a5f2ca797bd2fa9697cf10989cdef503e6aa8e0588d275142256e3fcff38b |
| SHA512 | 3eb3e4dc0c04657b1b1357a2a2663a6b105dfe08c243a0b9f87b1bcef8a0d58dee6121df1790c3190da391f1869c881f27586ac3716d581aa3e15e6fb43f62f3 |
C:\Users\Admin\AppData\Local\Temp\QwIW.exe
| MD5 | d4d8c06cbfce3598008313d4ce0ef1f0 |
| SHA1 | a4a84429b675a52d967606c446b34733fa4256e0 |
| SHA256 | 239d686a208d96a7839c6b3f1185e86fc9529354a20a813c27999128f68e2c51 |
| SHA512 | c111d6543ddde686b2d2232a1c598a4371bcf9e86373bd004233a2001d8b2c063f5bc66192f0a1b7252953e7ece1e42c163463cc0ed2c5f3ef9be353d69d1a90 |
C:\Users\Admin\AppData\Local\Temp\mWwAMMcg.bat
| MD5 | 16c9ad2c260506c915d146e9d5c21c7c |
| SHA1 | 23bd145cbaf2f3cc5df4ace2ac5239ec10bca62e |
| SHA256 | cb959234d0a670ac89e95858abb28e63cd363983e38fc9d35bb550886431d309 |
| SHA512 | 2620f2e57aff5677c11f56ced6e783a2def3d7ba620053d292cf23494fc329965024cfc42102f0c8b2fe454d0bca3ab310b8957376e98076db01ab2431750920 |
C:\Users\Admin\AppData\Local\Temp\SUMC.exe
| MD5 | 79e26e9fa915fa9a9764430e41e20944 |
| SHA1 | 016581eb0326af9a313e7aec6f83a5d31296d875 |
| SHA256 | bd0548b223a95e66a7f2e62602a2b71a2d4012cfa19b30d89bfb6c9e08654b4b |
| SHA512 | 07b9cf0063e51709be3000821d58c111c6848852c5b128ca26477faf602f21a8212ccaffa9a09967315d218a654866145e875aad068ad484277b8f0626b4e89e |
memory/2684-1119-0x0000000000120000-0x0000000000141000-memory.dmp
memory/2424-1141-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OwEw.exe
| MD5 | a1daebde35ba633a1bff3246d3352e62 |
| SHA1 | 82d055463ea2fabec1f675176bc1984ffe12966b |
| SHA256 | 6e711308ef1d10378398d03ecf88443b524aa0f91a9d6b100a9ee81896bc30cf |
| SHA512 | 90ffd50f287e994185daa2943532a752c5e3e6a5d2de98edccd92d9cec2252b53f76c15a6fe0b8a44ea845097cf9ce12134708f34c27517a0500bdcbc6c0f011 |
C:\Users\Admin\AppData\Local\Temp\moYE.exe
| MD5 | f82c19e6c4c937a68e3d51171580c401 |
| SHA1 | f88387ee71329f48b1c3fed0922d3849a2f673b9 |
| SHA256 | 0f5cd8866953fc10331d94a2380e0385269bf1b8a3e36632f5e9cb915016af9d |
| SHA512 | 40fc61b3e3c22315a96fe17b2bdcb769b9630006ba977713fa84473bda8a0dcfec38c03cf74578ea2784b469a587800de242b8474a6a2ae3c73a77a114b49aaa |
C:\Users\Admin\AppData\Local\Temp\Ewos.exe
| MD5 | 56a43ffbddfee8da6720dda9d39ef1ff |
| SHA1 | 86069361c1459384cd65556d62eedd446e74668e |
| SHA256 | 01bba6eb36272879c90b0734296de74ab0515fc22352f45c5ba50f708b5ca9ca |
| SHA512 | 74de632ea666968fdb30142b0e6def53264de30dc96cb649b51cc154536d822b6643f4bf3b8c12861b62c50ea9241b1f04fbac2af08af79b919fed2ed0dc6942 |
C:\Users\Admin\AppData\Local\Temp\sYMA.exe
| MD5 | 6a7631f6fbe57188ce5ce2fcd0cf5aa6 |
| SHA1 | 8346a6764924d839e6543ffe117ede43453d23fb |
| SHA256 | 7401ec79ac6ab4df2201343adc40d7fcb0d1064cdc13c5fd21c268245c7eb16f |
| SHA512 | 2da734386a1d6f21f5e9ac4b0570ae2024fce3ffd0acb857cd1d97b13d8b6b4b606125823bcbbca7b0cafd90f50993bc29c844eac9110f421abe7cd8cf68606d |
C:\Users\Admin\AppData\Local\Temp\ZGAgsgsU.bat
| MD5 | 802058c66fd88cf6f96eb2742fad212d |
| SHA1 | ad2a778a981087d2acdd55ceb8613dfd7168b7f3 |
| SHA256 | 731de0f05e2d89f539fbb07ba5f13674b94a3895ef2a2330352ef12006d24067 |
| SHA512 | 15c3017081a3274ef678c71497cc305508aa3b6ecfe78afa20ca9c626f8532c3a31fb0e1c88daa99d503638854ccf1315b74ede8a4e3ca75100520ffad876d76 |
C:\Users\Admin\AppData\Local\Temp\CQsE.exe
| MD5 | 3f189b6870f7c9c9692d500fd1d5159e |
| SHA1 | bffd5dff3e653193058513f1eee9472f8e4fbbcf |
| SHA256 | dac90aa1cad00203ec11cd713723256aba3bf139dbed5aa0b6b18cde1e5a7d7a |
| SHA512 | e2fc56b6404cbe4467c352493cb33256c07d7b7c10209cc2f31deed7d306e78106a756a9b42ca7c586e15330159658b0b28ab1ca3f5cc74d9cae92769489894e |
memory/2976-1215-0x0000000000280000-0x00000000002A1000-memory.dmp
memory/2976-1216-0x0000000000280000-0x00000000002A1000-memory.dmp
memory/1992-1237-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cUcC.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\agYS.exe
| MD5 | d8b08c880aae110b47e2a28bca2ce7ac |
| SHA1 | a57e2467ed12c1ebd3af548da7dd3cc4ddddd15a |
| SHA256 | a5db1087bce3d2e1d106f760936855d55947d1ee729f87e300e0defef4ef9a80 |
| SHA512 | c1fb042d23925a99d2806ef5f5ec2d7a53aa34f84d624ef0b69d9c85bd6aa1ee07986b8bad87c3a9cd3231f025ddaf3231ff270bbe1cfb60bca2305140161b15 |
C:\Users\Admin\AppData\Local\Temp\sQce.exe
| MD5 | c5773ffcaf7c6bc87a3b30908c53b32d |
| SHA1 | 7b7a026636b6b6932612678fdcc0e786e3c70fa0 |
| SHA256 | 112c0bdf9f3195d8a694b9f8f303e5355ce2462cc3f20853c752b46ed598af4f |
| SHA512 | a24da431aab94c5d8ef12bc995196343ac89da97230c4cfe1f25be0a074a2c00089424b76ba9a8d7dfa2599c42bd769cfccfe05e8c6f22849a9556585a1dd7bb |
C:\Users\Admin\AppData\Local\Temp\aAse.exe
| MD5 | b93981b178bab76abdf308bcb5d657d3 |
| SHA1 | d5bc0f9fec82e7f6434b12e3876f302cc5c7e79b |
| SHA256 | ccbd59dc1432379b45fd288efbbc5f611ec391f3755456c27d2a82ed686d88cb |
| SHA512 | 9ae17999b03fb13dc0371761d30a63d9309423c032cfa73ce4f4be3e2c23e0b1023abf043c850930d964e121b36b2587dd4641dd9c1fb1bfbab0ad31209b7053 |
C:\Users\Admin\AppData\Local\Temp\YMEi.exe
| MD5 | c2ce75a42675e9002fa605aae61ea938 |
| SHA1 | 80621ae3814f1c465b3ff72b8169b3cfaeb6f8d8 |
| SHA256 | 1b8081c726b07d2fd77b6413678a4e0ea140429b032530962cd53e9138558421 |
| SHA512 | dc7c8a9d51a9a562caac338dcb890203e4fcbb5fb0fe12ff1ec9bc87f7406f5d813a65bd1abc6e9c358656dcfe60edce3b265d142e7cae17398518ab4c6638b8 |
C:\Users\Admin\AppData\Local\Temp\xQcwsYUI.bat
| MD5 | 72ae1628e60f30b2725d8dc72f144d26 |
| SHA1 | 46b299a20923c4326199792d375a646c9972c9b8 |
| SHA256 | 339eaeb7e20a769e27add4aa0083bfc9363b0e660b2b978264970cac44864a56 |
| SHA512 | 31cbf6b8919e5a625b89bdd091e6dfcd98157817687be7cd5aa810ce64065e58042b1b35f67f31c027c586c3042b83a3110d4621d3c81784c54338ef543acd66 |
memory/1540-1301-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2352-1300-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2420-1299-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EsIC.exe
| MD5 | 00dc9ca1970203073b80306e5d63ff7a |
| SHA1 | 094163536ade8e5d483146bca85bbcb355482c53 |
| SHA256 | b8e289139251592a664e65b230b4a463eaf7999f7ec27116de64aab51fd7f569 |
| SHA512 | 2b5b87a8fbfc58defac1e63d9a80bfb77dd7db2028b3bb2505b471455925615171211a4c2ef1b9e041816852b67c266ea64121451ab5cf8596d3846e91c71203 |
memory/1596-1323-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MQwq.exe
| MD5 | 0c75f55bdaf9c0c3fbc65eaa525a60d1 |
| SHA1 | 3430391e037e602e1d296a1921b49b1b18018479 |
| SHA256 | 3c62294d93d03ed5dadd4192b1e58f264eebaab16bd607ec9de3189bd8d89b07 |
| SHA512 | ca825aefee7d1a9645c16a6c7808d04dea9be656f487f78446fa38a40a1f5fb9ab8e5914b619da6f4f5f333189eab9e886302a7c84fed38e1d4a26161c0c252b |
C:\Users\Admin\AppData\Local\Temp\uIAQ.exe
| MD5 | eaa1edcea679a82a53fa82dc2e6924bd |
| SHA1 | 7c8e76da14eed13c9457a1aa72a7c2b46e4e25a3 |
| SHA256 | 8d0faf63f14d8d8a3edce891322b3d1abb304f00f25ce5613bdf1cf5fc18ea04 |
| SHA512 | 2c72fc4b6e399ffd1cced57cfeca7e6e54e3aee50c812df82e247f003643552f7a96d75e4f42d0a8d9d2a476523ec4b72227044241dc971e8dcd77cea0162a37 |
C:\Users\Admin\AppData\Local\Temp\xGYkkwwM.bat
| MD5 | 618e03dc13b73397408e7aa51f45102f |
| SHA1 | 61dfd96bb2a2b364b489162e5e51402032d67988 |
| SHA256 | a949db0f31fc04aa0f95a07cad2ec52c5a611dc93732ac5f8e5af2913b2bb144 |
| SHA512 | 1061ea8f45a694cce2a69429a723f747f1c5f10ee8511aa0fbd9270a7c96ac29becf16bea36b63b1de31a19a07290dd124d1de09e8bc217fbe26734468e9fec0 |
C:\Users\Admin\AppData\Local\Temp\oIIa.exe
| MD5 | 64bd8446ba50a1c9099fa997c19b48ef |
| SHA1 | ac800246f2b83870c77fbecdbb0aa8b744f9d958 |
| SHA256 | 1f7d7ae769992d274d4c53aeef96aca04084dcd2d87e0300bb57e3b1921c0f92 |
| SHA512 | 3ea9e00dcd7ddaf44af77f03b47c0c8d5b798aa58f414286a9e362d894560799d4d4e13ccede9f9a47c94c0b186f50ffcbe7cb23c2e40bea433e960f7c47aaeb |
memory/2912-1373-0x0000000000170000-0x0000000000191000-memory.dmp
memory/2300-1372-0x0000000000400000-0x000000000041D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MoQE.exe
| MD5 | 402742d178c5e474ef0fbde7912080d3 |
| SHA1 | 9c8e5112c0965855d31ca999f0235bedcedb0921 |
| SHA256 | 8a07432d5b0fd6335992b79b010bf5d5453ff67795fe103b2f170122b6ad39d0 |
| SHA512 | 7a03985de994fc62492ea133b134b37323124b35127ac76ddb5975267a56b335697911a39a3c66df2304157d3cf7fba324598c60261047820aa93897488756ad |
C:\Users\Admin\AppData\Local\Temp\kkUw.exe
| MD5 | d030ae4a1abd1b04662c3a88e1524553 |
| SHA1 | 2487ef616051026062ec0bf7706b4e7282437bf1 |
| SHA256 | 99fe9b489923df21c231fc4c7f93e4d23964f3e8f776bc2631154167d75dd60d |
| SHA512 | 8a083664f3f58eb6c0732fdab71cf4676abf35d34da6f28093307f067b2a45890a8797cdb4a507395447d9b1627424c65dd0ec77266c53a355605d5ae98fcf63 |
C:\Users\Admin\AppData\Local\Temp\AIwU.exe
| MD5 | d2f6b55300ddfdc9b31f133b0a96c58a |
| SHA1 | 9e7b565190de7f36ff5941846a44286b8c9d63d9 |
| SHA256 | 626aaf5e00f43101694da8f6816e0b120fd8c9a646044881b17162e33e25fd18 |
| SHA512 | 38bf7632bc615f938b16a24d9e9b437aed13a3a4166f684e7f66092ca6fd99ca1f359bea7dc0204891673da29d2dc53912e4c302973cbd3bcd43e141025b0934 |
C:\Users\Admin\AppData\Local\Temp\sUYq.exe
| MD5 | 71bc2b9f4880c706f4607e32810ea3bb |
| SHA1 | 111cd91036a96f77e77e6d884b4dd8879215e692 |
| SHA256 | 95e098123a969d6a2bea3f5bafaf7bb96f5f0f451aeac1b2ad84b27b5058b82d |
| SHA512 | e298c11009bf857b87f88ca050d267984ba43f3b6fe6304a73bb46426190ac340eac064936895fdda85d9659ff0a8bf7c744bf3f6abc2a149896d77f63841a25 |
C:\Users\Admin\AppData\Local\Temp\gYgQ.exe
| MD5 | 3b32b4a25f905680cafbd16886f08b42 |
| SHA1 | cda5d2ef241f83443dea33796c76bfecc85d66c8 |
| SHA256 | b96ce59d5e3830d92a04bec9a033caf5df2e77b830598a7700677e71ffbd3867 |
| SHA512 | 547755531eb465e2c1a3ea82940806ce4c7c2e65c75b05327e9594e6f5ba51a6c25c4f44bf0f72838713ccd47dca4e4ab35ba242bad84f843998b487f339ecba |
C:\Users\Admin\AppData\Local\Temp\zKcUUIsE.bat
| MD5 | 837246033b3bc4ba04f8190a29739283 |
| SHA1 | 3a52eab825eea5b37f208a93a2d06e8af04903ba |
| SHA256 | 64c40436b50478272acb46dd408544c5bcff7a2f1e6f6a08736cf7017233e5ec |
| SHA512 | 2b6119520ef221754a98ae1e5af6a91e1955f8f04d8a931647f2744f06ff11a3131fe5d2ec5a2c6fe826f615ab8db7d8155a9fdb7d77ca2787825b36dc32cf56 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.exe
| MD5 | ffac0b23defa477351610ada7fb903b6 |
| SHA1 | 9c93eaa31c72ccedecf3f9ed6d2d00fa30966e16 |
| SHA256 | 8b5dfaa1b1848821b9829178de21241ebf0ed76e8d55bb79e01c0133744bdd77 |
| SHA512 | 0a9ff700f024e86a2a9402faa07dfd35b037106e4be4a8124001629c721c8f9397d85282f79daa9eb198ab3f56fa9cd854cf3dd971fc10a0644f39bd0ec07b9c |
C:\Users\Admin\AppData\Local\Temp\aQIy.exe
| MD5 | 14d9779677840d3caa65223662f662fa |
| SHA1 | e3a6485482bf4d6342b06cd8e73c51772c327567 |
| SHA256 | 3175ca9626afb8d9ec637d30b6eeed7092e3a63bb31330c117449e598fffdcc2 |
| SHA512 | 0a8a575915659bb7e8889a038d3481a85e52ee6799c74af8bea787a2c240731fc0612167421b3a6ac6a230439057562a43b8066c3dfd0d6a7389cbc7a29110ab |
C:\Users\Admin\AppData\Local\Temp\eIEW.exe
| MD5 | bf17f7b2cc69abe0409933b3fa6e3e94 |
| SHA1 | a9dbf77cb06630b141c5bbf8bfdcc88cdaa2eee8 |
| SHA256 | 76f2c86cd49258048e0466df1cbbbf5adccfe6112b2a8428ef961bccdaf35924 |
| SHA512 | 39b1c52c83dfd8bb373ec53194a427191cef383428f05c597a51c6d15f48253f6810e012bd2c82511465ff5896623477c8c9e1d4208f6f2c6de289627c11ab04 |
C:\Users\Admin\AppData\Local\Temp\rwEkgccg.bat
| MD5 | 54144fce2b2cea993d423d2ab468e8cf |
| SHA1 | 27fb43aeeef9067be4253fb3d850c6897706a64d |
| SHA256 | c1c8a786dcb55ef6d33bd6e237e683bc61d85118777a60d48300f619e5fcebe7 |
| SHA512 | 2cb0bef1dcabf6e3c1ab1e93d8127e2ff8c98d7fdaa1eaf719bd0ea7328981e7428d36403b7724ec60c79e8c7fef4c7bd896a263ba25e3433eb1450819a4b313 |
C:\Users\Admin\AppData\Local\Temp\YcIy.exe
| MD5 | 40cd9a40edd0ebfd60de74d7fc30373d |
| SHA1 | 6acf88c64be045effd329dcef1a9d1a4593ef10a |
| SHA256 | 8ca70f900fa4f9689ea199e5ad7393940a6fe50e594dd7187e5dc84198de68e8 |
| SHA512 | 4c92d94de65846975bc97a4684292700e01ca8c73cd081585420fcb8d3b37c025bfcfe13f0e7e6b95a82beed3660ddad7272f9d40b8e8cad6ca5601cd6a7f655 |
C:\Users\Admin\AppData\Local\Temp\wkQQ.exe
| MD5 | 894e810253aa44ac8a5f5d9f55ce4ce4 |
| SHA1 | 2f79d0756b29546230ca61129f2595be79073d18 |
| SHA256 | e01ae1412e46e1e1ffa6b2b269d4098db3d9d898b38adfacfc6f3ef377473653 |
| SHA512 | 4847c7bf87b13722cf270fa8f8952b1d8374fa8799743347daa61c2933b57a88645bf2178f3dc8a23da6e7c44b06a003fe9fd02a3ff5e4f7143de3ec630dfcbe |
C:\Users\Admin\AppData\Local\Temp\MsIo.exe
| MD5 | d5f5408e88c9763e7d359f44b9e430ce |
| SHA1 | f0b038ac7e07078a76b8cc2a9a15b997ae84e49c |
| SHA256 | f40868bd9a00950227e420005e5f2d386d37245ad17d430b72be1fb0c829e399 |
| SHA512 | fe1024dc82a018d1ef39e2e4291892bffc5560fa889b165687acbdedf631a6feb24af2a463342469c776ceeebc0b92b094179512bc23207475052b45141e05e8 |
C:\Users\Admin\AppData\Local\Temp\EsMckcMg.bat
| MD5 | fa7f0626487d06a6e33cf6b1a323d7cb |
| SHA1 | fe6e3132daacc9c60de15207494f3c0427473ca0 |
| SHA256 | f006160a0d8e277d0814d407a619e8539ac0dbe691a29366e545bed81e037266 |
| SHA512 | fa1d78b3ca77aafe8ddf0826ddcfa41304c64bf54064b91f4b910deab1b49b598d2937d7f231e46f23cf8e4817d1f91a73a4e3956cbe297516ab35ba0cf25e01 |
C:\Users\Admin\AppData\Local\Temp\SAcO.exe
| MD5 | 43fff41d96a01511b89847ab81a28581 |
| SHA1 | aac948e96e9d0ef8334544f33df693ba981b889d |
| SHA256 | f2f4457fa03bc5799c7e313d6f53b85e42daa98a09b7a6124db67d50174642ed |
| SHA512 | 450d576a35e46578671e64e31cfb34201f12687baa8c9443ba0ffbe4ec774d33be782fe2dfd627a83f04075b7b052e98862820c93127d3c28f2ae02f478cf3fc |
C:\Users\Admin\AppData\Local\Temp\SwoW.exe
| MD5 | 77db4c3122cb719e4164aaf073ec1960 |
| SHA1 | 568063f92b45a31f51f142612fc8035ebc7ff01a |
| SHA256 | 8e504e8303cd266f358b79e9e419bac3d8417d0c33b1ceba9207adfe9de032eb |
| SHA512 | 10c6fe8f47932e491b0438b65a384cb2ad576784bbf73cffa8d4d5c2ae165d57184a13c9edd851bbbaf7ec74e1e0ce25743ddf282c8ae12982bfe118c82157b4 |
C:\Users\Admin\AppData\Local\Temp\okAS.exe
| MD5 | 6fa7e3368133221f91c6addbb5fbd5d8 |
| SHA1 | 698a4d88a40f89983f961815ec597882736de79f |
| SHA256 | 529a4f72a1745604c35cf18ac2e92f9b743af896f52706524deb1c360ca1382e |
| SHA512 | 82181f80d41a374dc779ab8bfa9c2d4da4a1fc372f92d184ed600a462c623cb1f4a8782b174d8d023151d753582f4615106af3e81bb3f2741e533e565cff8a53 |
C:\Users\Admin\AppData\Local\Temp\Cckw.exe
| MD5 | 46b90f6b0e0489c625c9544b44633a9c |
| SHA1 | d24a6d81955b5514bf2c36a7a326deb2730f4a2e |
| SHA256 | ff36b09c9aa33e1d7dd5505936eba04d608227860850d5c97ea04ee3563d7c53 |
| SHA512 | e739688a4b1fecdb4d26ba9e621548469f4e7ce60fb2ca799c203220987ccbbc6f1f276392a48a6ad80a5b58689a13038cc435605bc9be13f7b10b1b939a2398 |
C:\Users\Admin\AppData\Local\Temp\YoUwocIA.bat
| MD5 | 6682785b608d327eee369b4a58113901 |
| SHA1 | 3448f722b5589370f865b5a43726b07b80949736 |
| SHA256 | 35d111e6354025c3bc18bfbcc7e56e43e455681b23d70c70366bfab0981c0c6d |
| SHA512 | cc1b6da028384ad20787a570ba5224730c6611be99ab6024c2e733e68d031bfb010dc59c6dd766d7511aae30a46a0c77193c25e7cb605162e1078c99daaff544 |
C:\Users\Admin\AppData\Local\Temp\yAoe.exe
| MD5 | 8c06f8815da6dba94ec90754cb1153bc |
| SHA1 | bc123fb87a02632885c69662b89c08386ee5adcf |
| SHA256 | 2a7579c7dfafaa8fce162bf6b8d762ba66c780876858cabdc7beb10c24589273 |
| SHA512 | bcc2a5975609f9cf067d0d50bf1ff354e499b956ab264f3556599d78c6d4013fdd89709f8dedb5442ef4ae6d5eaadcc645fc9b967030b5aa54ff48e3a3e6deed |
C:\Users\Admin\AppData\Local\Temp\oIIG.exe
| MD5 | a745b79d8b4e831ae9e2ffee0b94e7b6 |
| SHA1 | 3232941318fc6134c6f5aa1338173a00283b5bfa |
| SHA256 | 8dae1b85199aa567609528d276a447d4551f8bb6714219e2f376d0d586ba3325 |
| SHA512 | 9cf7117b629c4dfbd8a672944faf8bb0088c03c1641347ab82e4888208ba0a3483503138c7fcf55c0e97f4465593ed19cd9d384617b5785ca2bf264d3c29c929 |
C:\Users\Admin\AppData\Local\Temp\AYMc.exe
| MD5 | 908538cdf6d2d8f36cabbb6a33110924 |
| SHA1 | a379f6fee0b4fdca91a2615dc6652b97d2897802 |
| SHA256 | 5aabdcf1a2d52294e30b019f174370493fc13ffb9f8facffeebdab40c3a9bf3b |
| SHA512 | 95147066c800396da43a29ae190badf02b3c9bd0d1b11831bd377eb636f710d47a5924ce91e94fbb02f968a3d49e679db82d9afae766f168e4bda8e5af8ea8b1 |
C:\Users\Admin\AppData\Local\Temp\OiIEsoMQ.bat
| MD5 | 33665fb329ad9cb561ee7a5b8f74d9cf |
| SHA1 | 225158def978a80e130be2cddca43957bd43903c |
| SHA256 | 55c2b9b5229ab89f59e975d74d44f623fe9d7cc43355351e81af25d1680a3572 |
| SHA512 | 35a0588d99d77abb26b866f40b4fe0785d38c7667c519143bb21b577ca5a5c24e28f37ef25753ba35ba4d750af424c3e25f59ecf83ab817c1d9280a183c7759e |
C:\Users\Admin\AppData\Local\Temp\IQoS.exe
| MD5 | db5d6dec39519f6856f0a663b019de41 |
| SHA1 | fd36c68b989dd3713fa4e9cf677bf5ffc3fac5d5 |
| SHA256 | 6e1724887a27f1ca4eebbc11e76d7f6539fcfa6c94fbf23f3db4534acd1ccb5d |
| SHA512 | a8860b7447e047de4bd78352d6a854317168901dca3b9eb28adf120418d45b19fc3fd4ea0c8b6bc46e33cefd1258fca600a12e26d1bc5b6632136efb5cdf09f5 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp.exe
| MD5 | 8c09e4569d124e040dd3cc426a8bc656 |
| SHA1 | ced588be4e6237c33bf2eb634ca27d959951db02 |
| SHA256 | 012e3df0db45f726d361641b22fabc1c9b975c6147c819cf11fbe614df7a6874 |
| SHA512 | beb725bb3268f56d7a61b38d3015e1f95fabfc9042f3e3834f020200c3a71c8bb975e9ddf26f3b7ffd6b9bce7a839942e08c72e8661afe133f473b566bf00721 |
C:\Users\Admin\AppData\Local\Temp\yMQW.exe
| MD5 | aa4b10a9b4dca3edc917d94d2a3c0878 |
| SHA1 | fd06a5b5140f79b26c7d1ef85e92e8c5d4401089 |
| SHA256 | d0b63bfca2b423a3c55efafd47ee589b38d9441ce6b7d91278f4d5f967f4999d |
| SHA512 | e092b0049e1fbd8089bede08784af28fb29eb0176f535bbf16301d303cf6d34607b66e37cf580ded2af80dd89fabd214c166210ab12483eb396ea4eaba77f69a |
C:\Users\Admin\AppData\Local\Temp\oesQsIIc.bat
| MD5 | 228f2bdb8fc01fc4ca63c81e26c608c9 |
| SHA1 | 4382b7a72154d3134b0c81f2db36fb187abf0091 |
| SHA256 | f8aa5c9853c17c3501a1b59b5af65ca4fe6b70a2c8e5852cf597b9d681b2c847 |
| SHA512 | 61c611a09f9094cb692472bd7e6d482d510032b826a52b9336919d554536287f4790c34231cc81f331fa30b15f913d8e55ad97e61d0c6e37df2051ac1f288a9c |
C:\Users\Admin\AppData\Local\Temp\GIUq.exe
| MD5 | 8fb4207b2422da61bd6da9280de8b2a6 |
| SHA1 | 1f3efb1e9da4c3caafbcc4354a37507339779ccd |
| SHA256 | 41735255b8ebae5ea67f06b7625fad6b6ecf2f27c67c317060f939f2a15b9a94 |
| SHA512 | 2472a25567c9dd99c50c16865e742875af144d53802c135893ce3c06ba926c56211ac15a6f6d209debdfe88680034565d4b763d25e2955d04f1a771926b1db11 |
C:\Users\Admin\AppData\Local\Temp\MkUq.exe
| MD5 | 6e8e79a376fa8a580dbdab445f2d9750 |
| SHA1 | 1eb728cff3f511553dc2e3fa9016be5930e7fa87 |
| SHA256 | d0af8585b7761acd7bc29d44216762ef183c91ca58e121fb10f0c91dc8dfa71b |
| SHA512 | a0a2a94c3c3a9ec395bdc5680368779a2767d5ee1512ed2e6f3f82272a5eb51810d53501a5d0ea83c24040bfcf2260a16f0f017dd5ecc916fdb6407bea185443 |
C:\Users\Admin\AppData\Local\Temp\QYMQ.exe
| MD5 | 32219857bbf7ace09d41174b373095b7 |
| SHA1 | 0bbcd8ae7e864ff5750ff65736597c57de4e058a |
| SHA256 | 41ee07d63f6cee76463a34ff2ab3b1dd79da815883ca3bda56307320629129e9 |
| SHA512 | defd630681ea4546e1c926c5f2373ba5f1172fa8dc96a79329e4588bb27a1f9b8878fac08d23c42fdea2e99a264713732ab7667813cd41d14c3c107806525f45 |
C:\Users\Admin\AppData\Local\Temp\rOwgMEcI.bat
| MD5 | 4e15732ce45bfa8ad07274916871d13f |
| SHA1 | 03c70bf9c7758ac32d0218ddf5a6ec0e079432b9 |
| SHA256 | 44ebecf02684b6bf9fd51327c803e6d1d60102da7ec182cf1fa5d57ca4b81802 |
| SHA512 | 67814e725eaad35eb81901a0cb8d9750defb6db155e03d771223ee68a3bf879d004bf60972502ac915623fbe761df2ff698a9435a887d03acd521473a47162b8 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile23.bmp.exe
| MD5 | be46445fd7f3bc607a6b8c1f1d298a15 |
| SHA1 | bc338a658cd4ba302b9b0efe2e5e4004d6fe222b |
| SHA256 | ffcda584da86cb6ff86202376a3ae1ff1901cc193c63a87cca3f5152104aa671 |
| SHA512 | 06c958b778825370b001c321d502bf8f23d1a25417108fe1ed1a46de34ba6f909aea2c7ccce47b47977c30225aa0598aab87e9bbfbb8821c239e3c9ea5638461 |
C:\Users\Admin\AppData\Local\Temp\EwII.exe
| MD5 | 9a67507d532b9dbb64ab96f7844406b0 |
| SHA1 | 736cec49cf3cc95bab918f3ad6d4ba413a412816 |
| SHA256 | 978ed954342c42e01eb71f60885f8341325cb2a37ac5f80bbc56d2f621a26c5c |
| SHA512 | cc63ac1c8081cd558d36bb3dcf4de06dcf9d5a099709e3b05ec7e129ff16b8ed5c80414d1125b92a8b2abce554f849872e2fb70bb9963fbf27cf0c7f43e0e692 |
C:\Users\Admin\AppData\Local\Temp\wEQo.exe
| MD5 | 9b522cd5daa1c3b8b4ea6f79bdd9a166 |
| SHA1 | 74187c13f662cd02d7c3e59ffdb9fddfa2901d67 |
| SHA256 | 7842bc9383ed403433d007e1d035cf250b233082880d1dda71d2656af731ba3e |
| SHA512 | 82c18d69694e1c013e1816e66f2e19307f6379474dd713ac424a5735f2d69ec9f9135a5065df2d48ce1186bd1c971a9a4f37573088a5cf77fae121ea8dba341d |
C:\Users\Admin\AppData\Local\Temp\fWgIIwso.bat
| MD5 | 49cc8a5356e05b7b36ffb216415668ea |
| SHA1 | baa643879e649460548a25bef29c806646c4c7db |
| SHA256 | 94734ea70ef4efb105fbc785568d8afa21e369a887288af4fed5d74c0ee34af6 |
| SHA512 | 8f5839ab6b5fec1deaa74c774d6b13a429eeec7a175cfafb34345a82f9e9cb926eea071a7ab33863938940a0a3af26ffcbc1a85efc839315bdc252ee3a64de4a |
C:\Users\Admin\AppData\Local\Temp\EMEU.exe
| MD5 | fca2e13ac2b9673caafcbbcc6bda0a11 |
| SHA1 | 23dd6d4b8d521dce3127d9ec17441db4b19ff0c0 |
| SHA256 | e61694541611ad337cf15bb10f83fbded3aeb64d78639a415de316b828e6309f |
| SHA512 | dc4a64eae5bb584636c6c091d9e6c698ef09e0801fc64b5294e9591ee4c5a87d16058f6bd1e08f15f5191643af13c847a3f7f4dee8bf79ff03b8518013c457db |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp.exe
| MD5 | 4726d26ba6a1be779cf4aebaa3110261 |
| SHA1 | 39af7a7609274d49833ac1909294a9a7f00b0102 |
| SHA256 | ebc4506a186d6d561f2f816c8b5a7aae21427c07f633bbf1a15f0c4cab61e947 |
| SHA512 | 13022f0735ff980a9b997d10beed303477d3961ae1fe8f1705410a5b1b80635bf50cd5515eff894ed1b6360179106231f176941f04216f79245cd51540698bec |
C:\Users\Admin\AppData\Local\Temp\qgsa.exe
| MD5 | 9bca32ee067cb4fd373bbe56d7c76f61 |
| SHA1 | 2b9b00161709fc80848d6586edf12158cf7dd5e1 |
| SHA256 | 960f5e50f242c8da3e044ebee7ff9807c4a4a48dda422e0c53fb691057a5d05e |
| SHA512 | e8373ca8a4a0487d448ec93e816ef9947ac3eb4864b65991f34745d173728ff00cbb3bc46e9a7a5eccb5e3e61b3b1685f0f6ec658b2fa31fdaf3169ab6059548 |
C:\Users\Admin\AppData\Local\Temp\FIMoIAwk.bat
| MD5 | 37fa03fe439ca6d7726f1962f5a5aa44 |
| SHA1 | d3bc69cb43d0f3b110d2080c1511fa84a55a265d |
| SHA256 | 3600da2c4ae5c34038d992ca4fe0c2950aba35afa354db6b73aff855a7ae30eb |
| SHA512 | 6efb913574a63c86ac6fff2a199415d5cddadf572dc1ad73aceee72656b03bdd05c707e9f1969775d4a2d085feab19d02e757aa4a5009c366327d970294ca897 |
C:\Users\Admin\AppData\Local\Temp\UYgi.exe
| MD5 | 6aa5089e7b3292e3fd5b98c931997f2b |
| SHA1 | f7eec13c52120d6909055eb44405dbd9ce1a9045 |
| SHA256 | 848177545e87135a27f3f2e51ca3f838e0fa0dc52b76bd90d417567d23c0588c |
| SHA512 | 352274c49a10a83dfe9cf122d8207b35f16fcbd0ebcbc69c3c0d55ece7c355d5e09853acde87a60b6626a63ad2bbcb6d8f063bb76a800110b2420fd054631797 |
C:\Users\Admin\AppData\Local\Temp\eYUM.exe
| MD5 | 167ee8a3c67b1e40459c889bca27e077 |
| SHA1 | 3a5e7529d56b0c3184f4648b9d4b0d5e2ff93dd6 |
| SHA256 | a0a1471382811ccc149f8ecbdf4b6dabdc9604b8e17fce70542728fa0e5d03b7 |
| SHA512 | 3e15fd38c442587d3dc059d1e5d4a6015c18257391e56bb40e1b8e624843c09289783ce13b045a23e531ea75fe91f508440b993350ecd7edb2db79ea8b04d918 |
C:\Users\Admin\AppData\Local\Temp\cwEs.exe
| MD5 | 01e383807d77435f606b04deee0b98b4 |
| SHA1 | f75d9247cc1def4aebfd0b4f3a768283b027d951 |
| SHA256 | 605ce18741e127698cf3cce61d530892607fd406f814a943953286fa2f0d8478 |
| SHA512 | f1c10855ce4d1d7f83d9325fc76c557c468e04c58f46e23bc3e15d2a8c6f4420e5514962915a0d7e48a61444dcffd4adbd4d3f3d080f1aec78d8b2a8c4fd4454 |
C:\Users\Admin\AppData\Local\Temp\NyUAAcQo.bat
| MD5 | d023ee853d231895b5bb3898ec44cd83 |
| SHA1 | cae1cb6e7ff00c4b879fdc0d0ab204318a5d63f0 |
| SHA256 | c7bd6696f4746d6ff762b2d282f3bc434dadfc004e3fc33af2360f2fc5e34eb7 |
| SHA512 | 3e83058d3b027898fe49fed221c9224c27465007167daa19fab76e8305865b4ece4225190cd6af6b72f2a1d0557809ef4f8f83f6318716146ebb255570972ed2 |
C:\Users\Admin\AppData\Local\Temp\aswG.exe
| MD5 | 1a6612aa8007d27c601e23d376c1d30c |
| SHA1 | b93529e2b02729f3f2cb237e449a43dd99cfa615 |
| SHA256 | 1a1763cff6895a595231eed7ec605096646231aa7b237b8c273d283dedceb610 |
| SHA512 | e3283ac9174a756df2cd468efe3dabf51ae32c7a26ef52a22a2a56e38154758f4d0b9fac786d1d0ea0aaa9f93e0f80fcb715f23276d2aebcabfeacca2e2c778e |
C:\Users\Admin\AppData\Local\Temp\MkAi.exe
| MD5 | 15d4393c958fcc04f9e0543e53236908 |
| SHA1 | 3507d2bb06ada09b28f2bddd647b43d14eaeafe6 |
| SHA256 | 0c5dbaba3d7e36a5590e7bf913df6cbb2d348ce539aaddd102bf4dc9b383d872 |
| SHA512 | 49ec3baab63ca60577ac074b1476ba8d6f7da0c9d23b297d5013de73d5d85475fe290c59d6b6cbbd6d891f4379322ef91b54457a46a31591a6dd78bdf06dd368 |
C:\Users\Admin\AppData\Local\Temp\uIkw.exe
| MD5 | 1a06dbce52bca07c60e42bfeed40019e |
| SHA1 | e048c32d35838cf0a56939e127eba93ce5d35b9f |
| SHA256 | ac4ee89a2d5e87ce8735577c239055242b96410b3cd04278cc6512ed2b221d3d |
| SHA512 | b684b9a09ab7f7f0964def4d23df3587d30a62d76896ef07853063357979e1f991cdd0b87d6a005dd7a62632204a35c61851993774623b8c5be21df56a463e50 |
C:\Users\Admin\AppData\Local\Temp\OuoEwwEE.bat
| MD5 | d1ef3839ecde3478da1931d81d62cd18 |
| SHA1 | 1e60928e237747c94d41aa08f3b857fdbb8e0993 |
| SHA256 | f9adc888c27fa68269dd3b1e1a1a41c6bad3c7952a0eb44105032b14bd39f6e7 |
| SHA512 | 94472edd1317d371add749febc631b41d0c18ac297fd61adb09809cbd7debd44b8f6f3c0137fdb99c07b3d0f038a72cdfe443d454eb783d907b1e379bafab7ca |
C:\Users\Admin\AppData\Local\Temp\oowG.exe
| MD5 | 4178e8e2bcf6d5ad8c6e462d41775d0f |
| SHA1 | f66ca7d0ef8747306f7fc88c567cf26efcdbde08 |
| SHA256 | d2890ededa32b28db30bcdbaef8229ed10c374332f61880417e56cecd215eb40 |
| SHA512 | 98e18fbeae82645945e4ad21db77b7b7c967f3ea2ced93c88f00300de63b6a4ddd3a0b3a3161f2655e68d6d1fad4ae944fa5808a17d357bee753cd3c3095e0de |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp.exe
| MD5 | 6dd3dbe07216599bafa2d69473e35689 |
| SHA1 | 7653b006c58e86e1f5d352154524012048d9fbe1 |
| SHA256 | bbb91a2a1e400e23d23e834e5b8348e403b1aea1a5bce8c2f9e045bd1f0e7a02 |
| SHA512 | e9339f83be12c0b530e8def038d6adc1dc093e786997170e72322edfc38c576b71ff0f63612c0a39a472c247cb6d8ae16f9b1b1e85805e09f362851bf90965dc |
C:\Users\Admin\AppData\Local\Temp\uisEoAgM.bat
| MD5 | d34fea270b7866842cdefdfc8f9f5951 |
| SHA1 | e30b0ee4648330d7bd7030de0e05edc0dcc8e7bf |
| SHA256 | 6144c3c17e99f1fbf87357949e1f0b8ac929d7b68d0144ed5d991ff2ad1789ba |
| SHA512 | 6c93e3b1b4fbd8e37541277ada10a47336f619171e1407060ea6e27bfaa31ae05ebb2c17ade57098328c22d2daea5e0ec1c9df400bc8b81bdf0941bbb9659572 |
C:\Users\Admin\AppData\Local\Temp\GIIA.exe
| MD5 | 6b3ec888dbb91084905c81601b793e90 |
| SHA1 | 6a115a9a9788aee22422442655bbe86dec8fd814 |
| SHA256 | a2f12ce29b6328e2d108b0a9e335a35f4eea49a3db53d0518bb2ff8e71fc96e8 |
| SHA512 | 7594bc4086399573fbdf951ea3b6bc6ebe6e85abc080d96cda0a97983ae4b5e45b4a77d56aa08119713a6c1e1bd608a3d519e7ed647a22640808a5a38524d452 |
C:\Users\Admin\AppData\Local\Temp\EgoC.exe
| MD5 | 9974903c80b01883342b60f8c48d583b |
| SHA1 | 3ef4c711bd0d5d7102f7d5ba74558b717e4ecbc5 |
| SHA256 | fdbc6d19d3e18fa644a7a101d4f0438e44ee5036ecbbcca6ebec1f9adfd785c1 |
| SHA512 | 4029b748f6e1f50269f991a90ef13a1a8be3659d0008b01bc4b05d951e61e910bdca72c4123bd7fc34842eaef4d7fe071f2ad32a31c9ec85adbf382ade8270a4 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile39.bmp.exe
| MD5 | 79bdfc195f47c6a8f8fb51313e05f8ae |
| SHA1 | 512259a321b3d341b15486a95e1d882b46ef87eb |
| SHA256 | eaa7a56b4fcc59cb170c95e185ec56fa0b22be5457bdf6b19989d1d7bfaf23cf |
| SHA512 | 92ede9358ad4aa0098b2a7dd4c43c534703f1dfd97d3a8c2feca91916b8c1ff3a2a09e4879f46993e20a3c3fb2dab082752e47ae1c3191482f2b9bbbb8c2ce1d |
C:\Users\Admin\AppData\Local\Temp\kUgG.exe
| MD5 | f79c75cdbc144f37c3a71081f34d6358 |
| SHA1 | 07a8dadc96c4e9a14db07b218f457759d6e1e8d0 |
| SHA256 | b1fdbbd93482156310b85e190c7e968c8d6d2ec389c24950b3328ca583cb8268 |
| SHA512 | b5b1a41857829fe7c7fabf460152bc002990db9c23c29d64d5a3e5b8925a5b4cf5b4273d7f31fb16804c4672dd75b209cf1f328dda753d20bb9f1f4208f99d90 |
C:\Users\Admin\AppData\Local\Temp\MuUwYYoo.bat
| MD5 | 952d3d427b02ca4ea0692901a750fd0b |
| SHA1 | 149cd8808013183f6c2bbf240c24cce120a52e45 |
| SHA256 | a42a55cda9fbf9defcd64d7c9f878bb714e29ec5794b4b75cd1b4dc6c4d8669d |
| SHA512 | aae2dc12aaf386837e391677057d5dd7416fd9cedfbc38a5ffa44e2ebc18923ce27a0b52e7547dd9b21a51d2e4a7010cf8f2f1ec5850e9b8df5e017875cb5e75 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile41.bmp.exe
| MD5 | f25bfa4a4b8a2bb52e42ca25c7665f13 |
| SHA1 | aa508507f769cb000416271907c36dc0456c01b9 |
| SHA256 | 4bdd714f83b6999571ee54ce7d9680b5053f751f0aa2d3e8a3b07c57577d672f |
| SHA512 | c3b8228933a44580bbf048260ba3ca6559e7552448f1805c4f1fcc8e856a9c3e759bd584c737302e325e6aab71f082b043688a4edfbda570109437204fea5762 |
C:\Users\Admin\AppData\Local\Temp\IIIo.exe
| MD5 | cbdcf85b3ba14ec734a1e0ae62d06dd7 |
| SHA1 | a1f80206e32805355913c1f803bff27b1f59c766 |
| SHA256 | da0e01080eb795289e5e84cb1c1723e8d739a77f9f692c1f6e8e8fc4a2d1c66d |
| SHA512 | c373278ec4fe9612078f26af175cd937f2f33f45de122c0a1c462354d0217b80ae4a4d6a85cdabafeb8f146d9908d2717f662a607601a47a7cba3ec613bcb674 |
C:\Users\Admin\AppData\Local\Temp\CAgEkMEU.bat
| MD5 | bdde1e920f91ec119709fce38125f2dc |
| SHA1 | c941d85925e8de4705a5d1796cf97a9a7ae561d5 |
| SHA256 | 89f4ef240de52d53cbbb04db76799dd54b68366f8e5254e09fb35c31cffcd860 |
| SHA512 | 242f3239781606fcc78e034aaf7c9f9f5970acd492ccd732ef26177a5bbe1244c0b00f556dad5ff3253bb34b760522c6a5ea90a1e15039323597dce58484afb8 |
C:\Users\Admin\AppData\Local\Temp\gYQA.exe
| MD5 | 6adaa17e26fd8cc5951a3422d7ef8f44 |
| SHA1 | 3896c97e026d6139c54b65c43acfe749d5e9a8be |
| SHA256 | 0e17f838bec305d335849b31a0e6c66f2c167105123e3f35297872a82856a7af |
| SHA512 | 1d9ca24e8d0dfc5109dcbc66875bf3b544a295d4b41c1f1abbc44e688800ed16a53da6d9b0569f22b347aa86ee85debcad8eef5f6c45d3cd6605c584de22a6e7 |
C:\Users\Admin\AppData\Local\Temp\CEoq.exe
| MD5 | 006ca36e4ff7cc96b040e19dc1b2958d |
| SHA1 | 2a49472620f27287b652fb8a857444d035a48dd9 |
| SHA256 | 8e102cdf35a4b7c5a3d48dd4f6cb0a0ac84ce529a37acacc2b467d54c4b1a105 |
| SHA512 | e52839b5b337cfb0ba7c8d7bd12d37b74adad3754c0a1878154f85f4aba3e7c9733cd1e623652fb4775386174b32d7ca4a94a81a8efb2f8c586d747faa4c5ce5 |
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
| MD5 | 95ea0eed856e6bdc52dc9e15a3a54a33 |
| SHA1 | 92e91029ce15578a66f6be8df4070e4f366e9ed0 |
| SHA256 | eea29a82daee351ac71d83d045efacaf8ef3407791a1a967eb247771a909a756 |
| SHA512 | 11629657eb457da42c6ce20cb2a81160684d97d65fbac95f546468f8401486eb8f5c2831424e7019d767c9d9f732d712f1f4a836122c48fba56e9a54f342e30c |
C:\Users\Admin\AppData\Local\Temp\VSUkcMQU.bat
| MD5 | c4f7414ca737154899e522592516aa00 |
| SHA1 | 24abd43f3107bd050fef27a7a0646171572b66e1 |
| SHA256 | cf83e0cc4465d05be220495d9c6bd1f457a798c11c31d8e42b93439bd1621209 |
| SHA512 | 3b725909cc1abc3c4b1baad46aff39a91f5f499ec7164e143aa6b7dddd15bf823416935db7de13dfd4043777159868b4a28f105bbc50f777e24f5974acba95e9 |
C:\Users\Admin\AppData\Local\Temp\KscI.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\uQMS.exe
| MD5 | 82a7f301b2c4507410cdf59fb8ec0b42 |
| SHA1 | b2b76ef3037d5bb2e5c40fbf1eeae36aa1b84b7f |
| SHA256 | 3782513daaa07dd2e0f99c167184ae0b158af099abdc108c5aa9550c41f759ee |
| SHA512 | c4a3bc45afd410659c6dec8813ac0d5a40709e20e61f4e123d473b84abe9875ae6432667663c99071393094df3906e940b1655a43241253f12d2e402d33f59c2 |
C:\Users\Admin\AppData\Local\Temp\dAggUkUU.bat
| MD5 | 1a6e798ec172d571bcf7e4c197a29885 |
| SHA1 | 2464ea794173aa679f41a0daf4b4baa7f0fc19a6 |
| SHA256 | b6cb60f63dce8136b447d1c256f714e8ed367a429382e03329d84bed869e34e7 |
| SHA512 | 750b30dabddb753bf1022f750da24e146ae0c255a2fdfdfc2c2011785397c844cbc21b46f84356034a1ec1fd999daa8df361f834164282f7d33197f26afaac79 |
C:\Users\Admin\AppData\Local\Temp\EsUA.exe
| MD5 | 6701a6d7c308f1daceaf6f520c0fa9b3 |
| SHA1 | 7c399775e875046e1705715c6630cd8c1bfeae62 |
| SHA256 | 31e7f29903e487d3835c5e678d6d0207b4097007d1bfbeacc30f6bf7b3477ba1 |
| SHA512 | 94eea19b39af80902d5633a37902c06d6e856cce10ad804ce5b10516172d4f3a10634da4c5f3dd9f48e488f821921a7ad93c79a095807d0fa433ff2dc0a2318b |
C:\Users\Admin\AppData\Local\Temp\hoIsoccM.bat
| MD5 | 49569f14658910aaf61df400bb7f4d9a |
| SHA1 | 5b309ae6ea92e8adc3d49b2dfd39a6cddb851145 |
| SHA256 | edb6eb5628654c71b085b054d75d6bc340bce1e650dc351b4649d71c80e06829 |
| SHA512 | 1d6380616190df022991074248fb78c33b9f572b0d43bb537f1bb554e688004c151fa2233beca0b65359cd2aea16899f44548292ddd557861dc927268b22fdcd |
C:\Users\Admin\AppData\Local\Temp\WMww.exe
| MD5 | 45f3ab01ec9f487d60f371167900f89a |
| SHA1 | d55fc189420a28bd3334a151e79b6589701ccfec |
| SHA256 | 77c472e8de74028ead681e16ce7d76d9c150fa1910468f4083acbbd2d92c36df |
| SHA512 | 05faa376a21c9f8036d89f7704bece12fa05766e9e2852872617df2e844ec12ad485b3add7af9672af9620668b61763f270c67a33eb0894320ae8a133fe02baf |
C:\Users\Admin\AppData\Local\Temp\swoo.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\AppData\Local\Temp\UYog.exe
| MD5 | 2c70dc3edd5a277f4855dd3735dfcbe0 |
| SHA1 | e6952401a992605977ba2c836a829aab1b42a2ec |
| SHA256 | 774da02a5bb9a1114a96f1b2336ca3706610ffce32e7d30fb9eadd062bd0162f |
| SHA512 | 991e3376602804b505ccc8da5f4b8df47da6f6966a165a0d277b8c5674f8b117b790b2a0e3ee7e004c8f428d20ad61f4f7559534c18993d8cbca57d5cbd206cc |
C:\Users\Admin\AppData\Local\Temp\wAEy.exe
| MD5 | 6b3f401a6d869f869ea08f3ff0509f32 |
| SHA1 | 34fcf1116412165341f63e9737a6ef9258681398 |
| SHA256 | 42181ac0e40f7a2897aa0693019d979ab3d9238da3ed9655491676c0f5dcc925 |
| SHA512 | d714780ead5609d8506c643b412fae532c8f3b9adc747160e4b57a87b289bf50c1f5ea5596f1ccd26ef9ed66bf9125b04e1cfede969b5efcc05fe576d7d2f58a |
C:\Users\Admin\AppData\Local\Temp\AMkm.exe
| MD5 | 927105a7adff5eba3797551547e5367b |
| SHA1 | db0dd382cfb515b72adc27f4f27994655a992e7e |
| SHA256 | e85a1f2f0f360d748a489b512ef7930acb8253d941ad1568c5346aeab8c9f86e |
| SHA512 | 2e86156035ff220b4329dcb21078bc6d7a8070da8215b20cb5780f0586fe7b904856662a07ca9e660ecfed9ad9fdbf9b6abdcf7aaae74a526f0c7d566bacd7e3 |
C:\Users\Admin\AppData\Local\Temp\yEky.exe
| MD5 | 36d94819a13d1f2efaecf20060ab351d |
| SHA1 | 452d3106f5efff2de633b62ca287fdd043bdfbe9 |
| SHA256 | 7b86f6bee93befb06570176f628927a93620dbdacf34f48809a8381747fe3095 |
| SHA512 | 06e7f8c6685866a874a5dadd37df76bca07345f397d2ba96acb7e7d9d7274ac94e25409feb87690e12879d161c8416523b8fddd6aec86292adc48716c87f89f9 |
C:\Users\Admin\AppData\Local\Temp\jQwgQEAg.bat
| MD5 | 9f58130b1a756a472b48b7e8a0b996c5 |
| SHA1 | 1fe8dcdc13656a07c9549288e6f2be24a362d7d3 |
| SHA256 | 2141291941488a0675df33f9c599f64d50d4c0649ca43516a78af7d789136af4 |
| SHA512 | 56302585336a22fef6cb0e6e62c08bd262ba985d0cc8ef910ffe5537b3eaf418ecdef11de8fe186191f20ea297fc3c1c88651ade0498c0abf4ef6738c1d813f8 |
C:\Users\Admin\AppData\Local\Temp\uQYg.exe
| MD5 | bea2a9ed04cc2fbe5ed6c84de017ae9e |
| SHA1 | 2cd8879786ba791f63684943d42c154325ffef51 |
| SHA256 | 3c0a2171840189ba1a3b10e63390d465e1d5f7a3066a86af617db854fa730ebe |
| SHA512 | 08cb365d9528e3d78fe3ad10659f08099aa167d14c467f28dc9721b2f0d00c946bceb1a59cf6ac10c4a0059a9dc3baff6bca3d529e26be520d5e261d5274e61a |
C:\Users\Admin\AppData\Local\Temp\uEMQ.exe
| MD5 | e0b25c0b48c768cbfd2a1ebf4c135651 |
| SHA1 | f1adf9226d9eedbb36c6149f84c1a07a0c6e7165 |
| SHA256 | b8b6ef3cba037917dda4c3cfe7400911c0a58fac2eebc4600e67e015e216a476 |
| SHA512 | 48b93cc9ae81d3b6ff4f9d2c57d5033c21e47787e17f0fbc8c610db344466ad7faca25f1fee45f9e5b36ade56bd353eeb75b023ff109586d9c9cd2b66238937f |
C:\Users\Admin\AppData\Local\Temp\mksc.exe
| MD5 | 07403e7bcd97ea3b5b46afac2bc00d23 |
| SHA1 | ed6e61f0e7190ae14d6ecb16d110e3c0dfdbb0cb |
| SHA256 | 2557498a66415669d869c609f5cc1cb1b70278f7c2b77451028316ee92bcda37 |
| SHA512 | 6fb3831efa40fdebbf02f13fb3d56f555ff253bf1c39571c5c75aebd4d706b0289c40e83c6319a0b65d1f69c65e7d32b932a0db64ab25cad377f9b987dcfdeed |
C:\Users\Admin\AppData\Local\Temp\UEwIUgQA.bat
| MD5 | 1314e1cf1c8af4f1c7a4869bf9472fb1 |
| SHA1 | aff6e3bdb6cc3305b219d6c5d7c4118258c39d05 |
| SHA256 | 41f6a5dade156167c0e995e34b8f211b26fc72161fc0c85704538fcd7d1853b9 |
| SHA512 | dced333e96730f83a919646180f494ad5a7a5247fab244553255f347c36ea5be4540814c2b7291c6de6fc54db0ef0683c5133083750e015d51239fbf06cefb77 |
C:\Users\Admin\AppData\Local\Temp\kGYQsIcU.bat
| MD5 | 62ae61a64df50949eb97d29f71c650a3 |
| SHA1 | 0d41c53a7c6f287e40b8ecbd528a2fb474701101 |
| SHA256 | 60ddef5003f3baa98a7a9c2f5f9d80ceb73f06f23d665ecf11251f0058b3ac46 |
| SHA512 | fdd0692c780ba0b3041846dc1f0ee1d0acb8b945b4afda612024cc95343a5879319e920425719bf9b1823c0c0e464de23a44e3406efbf17722fee6e1630ecc5d |
C:\Users\Admin\AppData\Local\Temp\aCYwMMMk.bat
| MD5 | cb047632a8d27a22285c207d11c62fdd |
| SHA1 | 3167777d87484a0d8ab0bf630a4587a346ad8bad |
| SHA256 | 6f36ca1ca95e9459e3e68bb019e409c1ad5a907eea46908e92eb90a680e9fdae |
| SHA512 | 61d9e4abf30fd7ee7795b54b047d989fa7096c13cdbef894dc2a5e136e2a43a7129c002b60762549e83977ef6593c0f43cdad3af1f552605aeb230627527e413 |
C:\Users\Admin\AppData\Local\Temp\nGsMggsg.bat
| MD5 | 9aaea3874267cbe2a25ace3b53692acf |
| SHA1 | 881acea08e455939b017c403af43615644e61617 |
| SHA256 | a8d7012f602fb688d11870effd3a92b5c193d2b487362d9b3c61980676d9b5b6 |
| SHA512 | 5ea50cfeb9295cee6bb18b87bd23f8fa6bb1936bb1bd7e5f372eeabafbc981e61624bc819d40c969548fab5503feeb149f14b880fbca442c4dbe6f2ec65d4292 |
C:\Users\Admin\AppData\Local\Temp\rewQcIAA.bat
| MD5 | 23b7d073ec25d849012ccf0da65b4108 |
| SHA1 | d1d6ea0a7dda2ad090bb9641fcb9d123f5b64ca6 |
| SHA256 | 0f4e012c60d7944092ba8145e0b288a9c4a20b8a92e32f1abb174917b5db564b |
| SHA512 | 3892fb856102d4be4c182206129469eb423441a38640ee00bb595e2555fb5b15bff5be0c87d775f09cfef74fb598f61cfbd5b8c21b813d76861b4278bb6f3ea6 |
C:\Users\Admin\AppData\Local\Temp\bqIgAgEU.bat
| MD5 | 3024d39b8d850bc83721a53c679a2419 |
| SHA1 | aa2eec726d8cbe14ced935ff5daf59194deaf048 |
| SHA256 | 2dc90ab36d698b99a24a36a6d5babf17b6eb370ac2d397633575a276db3af1e3 |
| SHA512 | 428fa06295ea44c5a3493487dfc78436feb318df43638f1408e814acdf37ab6ce394e589daf6cd1ca5cb3e64abadf2f3fa6231a91c41737cdc6ed2dc21e87bc7 |
C:\Users\Admin\AppData\Local\Temp\vAkAQwgc.bat
| MD5 | 5e81b081667a6235d6f5b5476df2dcc4 |
| SHA1 | dc171131bd1b0a2f0e165ee9aa15393021146214 |
| SHA256 | e83d1363c6423981e9f80f345f8d5b011d8d7a40644a02f67ae98756cdcac6f6 |
| SHA512 | db5c176b8ca465faae025a2f153e20547cda7dee9aaa284cdcc7c30189d59c83ccacdbd124cc97a34d92d930c98192d929ba9146dc4ba5d1e0b41d21a2f68659 |
C:\Users\Admin\AppData\Local\Temp\mCUQMYck.bat
| MD5 | 079222af11477b06e08591a342645ea2 |
| SHA1 | e21db96130371073e80c8a5d14932d976d35a332 |
| SHA256 | 0d88d3fcba7aaab7d1e2b833d8e92b49cab175d23f9b01266b09e5263fbd2cd2 |
| SHA512 | dd0675388ead2ae82377f0a3ca7036602319c4a0cc06bc6b3c80adfdf9962adacb880e1b915e4b3d1e69ab0759014753c288c4402d60dbe015509f7975e6c6c5 |
C:\Users\Admin\AppData\Local\Temp\AGYMkIUs.bat
| MD5 | 432c33576bc39fb09400e22819a1cfe9 |
| SHA1 | 56fa5a76f9914ca1baec8ed9f55063d1b5d08ae1 |
| SHA256 | d094fac9808e0ab320cb945d8a10f705283a21bfa324a58dd11f67f1b67b5787 |
| SHA512 | 3f4c515f674b29689f3190120bd5aad5ae57108e4edd9735e4ee863ffef56d5ebc06cbc43bdecebdd80e0390ea22c47891a0b7d2b1335b7593f2126a9787b4b6 |
C:\Users\Admin\AppData\Local\Temp\KiMAQwkE.bat
| MD5 | 373037cbb6178b74f0f75603911becfb |
| SHA1 | ea7311918582049504cf33a51d5aaf0b7a995d25 |
| SHA256 | 2469c883b640220a2cf3bc63acf2814387e72cedb16ba03f5b767f4c720cbc30 |
| SHA512 | 7c34c4e7ce6769a71d42afa268176688f7e32c03e0cc0e5e52a7b71277e0cc80e6112f71b258511f84ce134403b1a33765b782f8345af848d9a1f047812fba38 |
C:\Users\Admin\AppData\Local\Temp\cagIQYsw.bat
| MD5 | 944acef95b1ce0baf52e668d0189c5c5 |
| SHA1 | 2454eceaba7784c338c486a1d12451531206d82b |
| SHA256 | 308c0e9408c2f93e3c39e9747d6361b5200b2d9946431fb6b093c3139c24495f |
| SHA512 | 94a2f359b64e3e1745afd72035ff60f773579bc7342a0c86ed0ff24b4ec911b5299ba891c6504f9628a9e31dbe86a8f0e2f50787aae93804b3dc2ed7031997bd |
C:\Users\Admin\AppData\Local\Temp\QQUkMQoY.bat
| MD5 | b56566574d3eb1b7e8b6accd3cc6aaa3 |
| SHA1 | 703d395b0a432ebb3cad211cac93b70ed3baa57c |
| SHA256 | 60bad284b69b876640c5f1e44ced0d1256e265fc48a36fb21c2c90d29b237b45 |
| SHA512 | e7918e43ebe97b05a90429a001b2accfb1d5b4565d3008a75ceb35b7c5cf42bc7ebbe2a00aadd4aca53d65c5eb56b72817d75c5294dcc05d09f3a4c984d8bfe9 |
C:\Users\Admin\AppData\Local\Temp\TYcEswok.bat
| MD5 | aac58101e39859ce803f7151bc47a84b |
| SHA1 | 352c7e678905b6d6f6dd7d609b9e011bc6b2f0ba |
| SHA256 | 813c2fcbc156df7739620f977570f7a76cd2c4e700396dc83e0a9effaf82c08f |
| SHA512 | 0073bec0af034491e058247f3f8ecf0e1bd838fc8e5bcb7dac0f85db3b6707e8759da111bf04d2fe215fcf8f21b5c774a9792752b20a25719c9b7b3dd4d73946 |
C:\Users\Admin\AppData\Local\Temp\RWQUgwUI.bat
| MD5 | 166ac1ce409bf2ede296365b11d4a7db |
| SHA1 | 922ada54802ca9d040b6fe77f9b1fb7c9ee4c5d8 |
| SHA256 | 5a7d17ece37a5b49d6fa8a4a9504d569fc73db6c12d92355934519f25c23a2cd |
| SHA512 | 0f81925c619666db0ed1b82ad69a6299edafeb1d8dbf58f6753b3912d387b112295d6399e0b6f2b0d898c2acae2dc8a67e41eaa998e38f943b2ce19508fe6d37 |
C:\Users\Admin\AppData\Local\Temp\NAwUYUkw.bat
| MD5 | 88e30038c58762ccee5025606e964a21 |
| SHA1 | 2b4ea72b6c684c3b438f98739128bc80cdc124ff |
| SHA256 | 7d897184ea2f20c6f73b72e9243625da8c5b593d987ff660c5760f2c9051956f |
| SHA512 | 928cf7b1385f3be68761a4f89b84a90edc5e2d8394087c7697f84f4977c451301256e1b08a0b2e6222c25a46bbe6909c31ce6f1c4678caeac9e396ca4b4bccb0 |
C:\Users\Admin\AppData\Local\Temp\HUMIAcAY.bat
| MD5 | 9272c3e3942f27088a546bbe75768e71 |
| SHA1 | 955a1281b148986ac119f8eeae17b85ca056df62 |
| SHA256 | 24f6aeb78d36b2714d40ccc433956028a025616ac02ae907b1faddf60c3656b3 |
| SHA512 | 52ca89558bd2790d9698773974f48c12492045664b8c19bdfb4ee7651bac25a7f6bd1f0d891e39c91ccb5814006780c6b374ad44cf9bde9596fa912e169ddfad |
C:\Users\Admin\AppData\Local\Temp\kWQAYEoo.bat
| MD5 | a3c18192d93d019fc01d4207b2f29850 |
| SHA1 | 00e1aa49a9827e9d3e2a90b847c05f3ed3e6e654 |
| SHA256 | 8eb9aeb7ea7c05f3ec9facebba48f9ae0bf473261db5a37009b6246ac59cee21 |
| SHA512 | 3ee300d628346c7b72f528afa24a3bc164ecaf78e60fb37407d63b497e01eaa92f5d4fc3ce90657810c24fb9e73d3a2292c85a132864808ecc97fc447291727a |
C:\Users\Admin\AppData\Local\Temp\OcsgcgkU.bat
| MD5 | 9ce68914cb4f585db8e3d59d13cf1af1 |
| SHA1 | e453961494da1c948df952f9f2a496841f1d9f10 |
| SHA256 | 0c4227121ed7048dd63764111f307a99d91c5722ac00699a66535f974f0eb8f4 |
| SHA512 | 778dec9262f35893b667bcf15ae164da141c2c46137cf06290202b8694889fab405618600c2efde34db7676e380b07ab4487524b93fca777be3b613f8a18f8d0 |
C:\Users\Admin\AppData\Local\Temp\OcEMMAgQ.bat
| MD5 | a0d14d1f6796178b8ede9f51ad671bb9 |
| SHA1 | 470ab0aa24d8b128edfc0b8864267178113de92f |
| SHA256 | 67ac6600f43e1de076b931bdd150575f45f6890c3780dc640c725331b0b8d415 |
| SHA512 | f67ae465531657c02fbf69d4bba36190ee2e18107c5f94354d33b259f506bf9d3066360c3594d7fcbf89c31231ef90344fb3aaa01ab0ececf24833e1d49cc761 |
C:\Users\Admin\AppData\Local\Temp\gWoQgQIs.bat
| MD5 | 65570aae0d02ba15716bc49649380a68 |
| SHA1 | e752ad4874b6c8f6b71fd710f4eb507f18464ce9 |
| SHA256 | eb0b66af1c10a250a3b35c63e422dbff4293ca4ef8bd1954122c983288b998f4 |
| SHA512 | 1f6206e6dfa34fd202d378f7ed10cbe46419d2a8d9bfe88621894f58fa36f99f74415bb6ed49fa52ea6da67f91cf0d84d065cb7feb568f987528f71441ace767 |
C:\Users\Admin\AppData\Local\Temp\XusswoIk.bat
| MD5 | e6ee0877145597c8ba5fe77d77a3735e |
| SHA1 | 2059cefc91b3dc6efbb8ac73d5f16a9ebc073616 |
| SHA256 | d9ccf6dcf67ffbfa2dfa5bcd474074f3315447d0d22891875cf0844700ea41c1 |
| SHA512 | aecae462a7c5b4032ee5338bb0af9ec35eda9e559f8758048a150d7b55126267fe8a010ca9649a7bb20898f77ad10ae9c64f1b0f3a2380f52df60e8aed80e800 |
C:\Users\Admin\AppData\Local\Temp\lsEYwogQ.bat
| MD5 | 80e08c7f44d820c2198f5bb8df2d72c2 |
| SHA1 | c747fad8a5c27e0703950c7e4e4ad6e97f42a179 |
| SHA256 | 8ac84d6339a5c9535d44bd77b28f7f1e7f1bd1f77f524bc9d9aea57cf051b9dc |
| SHA512 | 6f4fbd004657a0e72ef841188f981455b6979074d47ef32fa26eb4c039a61010e3b79809b75cdafc28492bbb1c2a5b9851246f4cad47d3efecd6a94bba6a559b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-16 17:56
Reported
2024-10-16 17:58
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
103s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (87) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\ProgramData\JCsQsUws\euEcgoIY.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\hkIYIUEM\EKYMoYMw.exe | N/A |
| N/A | N/A | C:\ProgramData\JCsQsUws\euEcgoIY.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\EKYMoYMw.exe = "C:\\Users\\Admin\\hkIYIUEM\\EKYMoYMw.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\euEcgoIY.exe = "C:\\ProgramData\\JCsQsUws\\euEcgoIY.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\euEcgoIY.exe = "C:\\ProgramData\\JCsQsUws\\euEcgoIY.exe" | C:\ProgramData\JCsQsUws\euEcgoIY.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\EKYMoYMw.exe = "C:\\Users\\Admin\\hkIYIUEM\\EKYMoYMw.exe" | C:\Users\Admin\hkIYIUEM\EKYMoYMw.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\JCsQsUws\euEcgoIY.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe"
C:\Users\Admin\hkIYIUEM\EKYMoYMw.exe
"C:\Users\Admin\hkIYIUEM\EKYMoYMw.exe"
C:\ProgramData\JCsQsUws\euEcgoIY.exe
"C:\ProgramData\JCsQsUws\euEcgoIY.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RIssYEQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hIUAAMMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\doUwUMUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iSYcMsIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GIMIgwUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wmQogkQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CKkQQIwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JuQkQAQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VuAswwUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BSMkwcUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dAMQcgAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kEYwYkcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uqcgoEAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GsIwYsIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HoosMEcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ngkwwwks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dooIwgwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DuoUoUIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mSUYEQII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WQMswEMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WmQgcwwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MYYogwcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fKUwwMgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HOgYkkII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NWwYwoQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\juYcYcEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MAocMcoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mmsYckoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OEcUwQIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zIYUoYoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nqIocYEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FGIEQcgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KAEIEUAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eIAIcQYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wsAgMQEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kAgEksko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tYMUQwwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LGkIUIAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VyYsMccY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HGsUoAAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OgcsUAoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yggAwwgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OGoQUsEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vsgMUMEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fOwAEUUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\toUIsggc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wWIYwIMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YGsEcUAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OiUQcMog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mmsIgEIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OYwkMQYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rWwwcoIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XmIQckEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TAMwAsQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bIwwkwgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WooMgEMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ekocsAkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SQsUskEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZIsgYoMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HEUoIkAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tKEwAEwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XCkgIwgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iUowwsAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YQYQMkMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SgkAMckQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EIwQkIsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TGkMwYsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FsgYQkMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XagUMYMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tIAcgUIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OsQYAoIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EGgYsQIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\macoUsUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\umgwcUMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BYIcoMko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DGIIAwwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JSEokswU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EckAckQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wIkUcYcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QuEAIksM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qygYQwsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rqskYkUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bsgskskw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BqUgsgkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gCgwcgUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uiwcIgAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SgQwMEAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QMoAMcwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Hwcgowgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dicIEIIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hKkEocAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AYwgUIIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SOIUwUQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EAEUIcAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CAMoAkAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NusIAUAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HgIUMIMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fQogsYoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iqcAAYAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uSsEcQEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wqAogsAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nAQcsYAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TiEIkEss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zoIwIQEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\sihclient.exe
C:\Windows\System32\sihclient.exe /cv uDEKrWuZ3UuM8vf8dsxHlw.0.2
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pYUowEsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wEEoMYkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.169.14:80 | google.com | tcp |
| GB | 172.217.169.14:80 | google.com | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
memory/3868-0-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\hkIYIUEM\EKYMoYMw.exe
| MD5 | 4c7b55c66b901e3f79fa7c0edaa1ff8c |
| SHA1 | 25ebca5871d940a42f85cfc53236e167778d86cd |
| SHA256 | 0bf8f47d323f2f53e2538de22f66ac884e661d96b3354c24d44b6e0481da33ad |
| SHA512 | adc1bf3c6fd89bd98ed97361101c7d5e0c8a75a3cf3af98226cdb563219da3d32b1d0d2c4dd78fa3401e7964454ecb3861b5a9a0e2cdab102bc04491d82f3c3b |
memory/4784-7-0x0000000000400000-0x000000000041D000-memory.dmp
C:\ProgramData\JCsQsUws\euEcgoIY.exe
| MD5 | a47b5893cb13ff6685cdca87b10e046b |
| SHA1 | 498082c7b2a6a304e371cce21334337910441f80 |
| SHA256 | 91ca855e6849a0adc0487b40d2e51a589cbf17c50d34334a3b58d80d4186a3a4 |
| SHA512 | a343acaa0973304e48a84a55ea5113576895195c7fc73169e73b0fd298e18d351630d784646140e26c35b49005e6ef2e82fdfc5fa5ada1ae9e4ee40bd4989b36 |
memory/3908-15-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3868-19-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1156-20-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RIssYEQA.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\2024-10-16_3c1c337d67b3742f5e15720fc2944065_virlock
| MD5 | f598e9820ec2badd9796e258a2906231 |
| SHA1 | 436252684b0b285ecc2747aaf1cdf1e4e67a6eb7 |
| SHA256 | 49da8c24946900bd5af73c70099b775d1142033a25b347dd5a21ca68cedc7c0d |
| SHA512 | e26c4b70ca14d0790d4495d56adf1ba87b0f4a5b86e87a9e4d3a9466443c6641e48f493fbbce29e9610e39ec0c150ed8bddda4e898760aa9f8b83bfb51df1f86 |
memory/1156-31-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4064-42-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3236-53-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2116-61-0x0000000000400000-0x0000000000421000-memory.dmp
memory/812-65-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2116-76-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3364-87-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3916-98-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3528-109-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4416-120-0x0000000000400000-0x0000000000421000-memory.dmp
memory/228-131-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1976-142-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1804-153-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4268-164-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2416-175-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1072-186-0x0000000000400000-0x0000000000421000-memory.dmp
memory/452-197-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2168-208-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3236-219-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4976-230-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3860-241-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4644-249-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2028-257-0x0000000000400000-0x0000000000421000-memory.dmp
memory/5092-265-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1112-273-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4464-281-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3360-289-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3348-297-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1228-305-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3068-313-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2432-321-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3216-322-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3216-330-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4416-338-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1576-346-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4696-354-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2324-362-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2144-364-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2144-371-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1572-379-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4736-387-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1692-395-0x0000000000400000-0x0000000000421000-memory.dmp
memory/5076-403-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1248-411-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3692-412-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3692-420-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2436-421-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2436-429-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1516-437-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2092-438-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2092-446-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1136-454-0x0000000000400000-0x0000000000421000-memory.dmp
memory/2904-462-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3288-470-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3544-478-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4792-486-0x0000000000400000-0x0000000000421000-memory.dmp
memory/1976-494-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\YcEu.exe
| MD5 | 17c0548043605fae4c8170b4c1623863 |
| SHA1 | 091e7ca0368221f2aa4d5bc2eed46f03f4e58a14 |
| SHA256 | 4fea74a16c4940cca4519ff432de9100152be083eaeab98715681fced7872a07 |
| SHA512 | 058a6e8a239d49e59d838cd3f09d8c1835f59ec4d7979ff3f3ed2d2923f7a0e03092066aa69a31362dad1be4755e10c9b881ab6b2e45fe42911a402b8bb0ac39 |
memory/5076-504-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4436-518-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EQcm.exe
| MD5 | 59b4d3096ace73fa154fe846c1784402 |
| SHA1 | 9d4772c5df64e2e1ef46adceb2b7ae5d5139bace |
| SHA256 | 43722b30950702d0ad018618a93ebf761b1218b60d4d8d1e7811d12f62a5ab5d |
| SHA512 | 895b1354bd243d40b03c1ffefac5d3342b86dbcbc4ef619fad445efb1c6dfdf2fb905968f9faac1be14fbb0d1179a4ef99cca69faa05d932c93d188d99e26593 |
memory/5076-540-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uggo.exe
| MD5 | ae0909b234184dbfb913eea8257cdb30 |
| SHA1 | 4c10775edfe955007082953694c88eccd92934cc |
| SHA256 | 9e81dfaaed604291123724e349e302cac22c1466fac1f69f53b234be08884bec |
| SHA512 | ee1c2bc27ffacbcb61822e6eec259fffec8f7da7d85e7ce3c3274f838008c1468b4ce2a30de0496e188c7ab030426333b918754ec5fc8ecefbddf4c124e0133b |
C:\Users\Admin\AppData\Local\Temp\mUMm.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\Users\Admin\AppData\Local\Temp\mgQQ.exe
| MD5 | d112450069f06a75ca314d1cc1f47b24 |
| SHA1 | 69bca59a768589fddb67fe025ef000c4e23bd2bd |
| SHA256 | eddcc1b9d6e34f92c37ebfbab9ca25109b250aea0bf5da70882921058f4a52f4 |
| SHA512 | e69e17f05fceac76b1550058a0a37cb0e83736814d9649b297d09b86eed4c5d23ed58be449b2264955f320d363307b491271753ca1b41936f1fac48f5035a20f |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe
| MD5 | 782b510d17224cd8dac4783393bdc022 |
| SHA1 | ec486633185db5dbe7e06e6a0aefbebd154025ba |
| SHA256 | 0254974aee1e29a835ef73a2836b133cd271efda38fe826a5cd0c4279cbc2410 |
| SHA512 | 40de3b3bd2280b653608df63c13ef3cc820a3ef57458c67abf8dc7b894b0f5b432075a2a5a1984cf6dca86cf7268149e6b542cf87dd53ccd387e01667d9fb83f |
C:\Users\Admin\AppData\Local\Temp\ooMg.exe
| MD5 | 8b27c41c36ea7bfd8a4d69b4189db33a |
| SHA1 | 110c74155c8751fc67329ded2fc8d3a3af45cac8 |
| SHA256 | 33b74a59eae1b520162360b67dc5854daf255b05be796b5f184841db1368d3a4 |
| SHA512 | 2a46aa1fd92f3db6d7439c9296def9aec4c6e517aa6fd6811d577a91f1eaa96345568ceae4bac447dc17dbe127162d528216f92d61d7ba34ab0ff08331bde087 |
memory/3568-604-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gQoA.exe
| MD5 | bd74ffa1b455a2784adfe25ce9d1574c |
| SHA1 | f20e7811b9b7e1354da722caf0e02367dfebce9c |
| SHA256 | 8285557c043047d63529d6eade88c997ec98ec99a0056bf10369954f16355d43 |
| SHA512 | 01a6f6c23ccf6d2ca8a658b65e884448452cbb5ecc933937167f3f1bf19df2e920ada19bdbbb660dea515263b7eaa636dec33fb855dbb9be945130ca34d0d074 |
C:\Users\Admin\AppData\Local\Temp\mkAa.exe
| MD5 | d2803dd1dab3692e993b902592d4237b |
| SHA1 | 592cf35082e8ddfe226c168fb3398825aa53fbdd |
| SHA256 | 4c8259f3e10dd83f3ebdc2b1fa67849cf19c4feef96d6947538be37c0d79b3ba |
| SHA512 | 63080e1c63565b3e48fdc44789a42bbc993a196b17bbb1c46837db581bb30a6f713b0ccb53169fe40369dbebcc8cd1af47cddd31174cc1439045153bb6ffbd39 |
C:\Users\Admin\AppData\Local\Temp\Acgw.exe
| MD5 | 03acb81014948f9f225b6a6eb66220dc |
| SHA1 | 434a3a3cbb3b1ef40b8d79f89c2a3d43e31a11a7 |
| SHA256 | 628efac4d5eb914d5c058c30b8591675b42d49c36a1ee58453fc28e2ddb697fa |
| SHA512 | 00f21e4eee06d3c5a9d41bec7d078e6b415f30c37e3408a131f07719654b3b9d885c97e96a64aeb4311c3178f2c71261fc673ebe0c63ace21183672ee75ba31b |
memory/3968-668-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MoUc.exe
| MD5 | 08d847f195f82559a05ae41dfac955f7 |
| SHA1 | 7cf8644230ca2913c833b4a70f1584ac84573d8d |
| SHA256 | 78517baf304008d2e698688e6966ab8b19e6921edc6b9f96740b37936769f6d5 |
| SHA512 | 104a60fc71c161cfd88a3905eb42b00f0fb035b5f61e86a130946fce270e354a47e28c0e166170d2c9eb9a07e6cc7d3ffda1143e255fbb196abcecaf5cbe2d81 |
C:\Users\Admin\AppData\Local\Temp\ckMm.exe
| MD5 | cdbbd1ac2564eb66a6e5b1944f4acf20 |
| SHA1 | 676c653fc36806280e4a13425d998cf140071b95 |
| SHA256 | d6d1672d7731cc058700a30601c23f52c449b72d0766cc34fb06e6ea594ac5e4 |
| SHA512 | 9cbfc69aeed20c384cb9c3b61c53cb8ef00d92680bf8da316f2c4c0a1778789831461e7b6278873748f5da497d9bd77854021bdc8326bcd389d23c018a728fc5 |
C:\Users\Admin\AppData\Local\Temp\aAEo.exe
| MD5 | 6a540daf3a0128403015ec72614e336d |
| SHA1 | 72718b8c4d6815a1bd155368fba09254ec223d92 |
| SHA256 | 97c948dc308f60ab4595b698b5d9bf5e850b99d0c026c2bbc974a3d7c201c838 |
| SHA512 | 3f0b5d7ba5846972460ce08cbfa2a171b5b28c24a9eaccf911e65ece58a50e418115b2c26d33be1cedcebc5f4dcea1472790cccbfe81b1159c700c65d44f15f4 |
C:\Users\Admin\AppData\Local\Temp\UIwy.exe
| MD5 | 85d6f9acf5dc61acdfe300366369808b |
| SHA1 | ccef660ac4175a17633dccf38bb5ff57fe6e3f74 |
| SHA256 | c2a9dc3f61f16a53280db6edf7b34341f59c22cb54f5baa5beac79ea3d2e4d02 |
| SHA512 | b6539058a896d591fa094c20e4ddce645460aa276165e2de497cce585f3a5cfb9371d698ccd1b9c8635b6e4c0e5f0fd70cb97fdadc56a514a9eb083123303295 |
C:\Users\Admin\AppData\Local\Temp\KcwI.exe
| MD5 | 5d92dffcfb4035d157c7d948d38be5af |
| SHA1 | 9ce731164427d90df84ae6408ad382d1a0375823 |
| SHA256 | 2bcdbc26c461f355184ab337e8b84d121c600900defb3be9a78596eb1502ce98 |
| SHA512 | 392b58166f912b7bcef8554085a181afcdae44e6f6c206bd4cf6a9b57ab470ecc61706e506a425ec8194d28f1a4510d823774529cb390136d33ed39f5b53c567 |
memory/1980-732-0x0000000000400000-0x0000000000421000-memory.dmp
memory/4988-731-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\SYoE.exe
| MD5 | b24bed7c118f99fb132745500f06130e |
| SHA1 | fe86800b50d4d83743706bc6fbebf58d3288e21d |
| SHA256 | 77a5d8ae67e1f9a124cdd78ffd6028ea0becc7fc65b5ea065b58979d93559b3e |
| SHA512 | 69201fe84e4a36cc6fb92687aac3ffbb922c318ec50658022627e08728ff4514f41fa5833d4ec3edaf839859828cfc0b32891795c5f7ca4700b376e2acef4360 |
C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
| MD5 | e710c6a406a644df403fef92bd4e9e71 |
| SHA1 | cc77af52466b9d76e15839600b04e1f157c1b6b5 |
| SHA256 | 84311daf9673f7fb3fe23f4a96239eb81342a31fc6ca51e09d68e48163fb7c65 |
| SHA512 | b69841c40ef0857e7781c2bd5a1c03fb73142069b49ca11f9571820431ac54a464e6da7ff7ac925c9b4b7f9eab6d3f912a6f616ea13a5f1c0c80e0c83228e838 |
C:\Users\Admin\AppData\Local\Temp\UEki.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\Akkm.exe
| MD5 | d1a66038a4928144b7cffc5b33832937 |
| SHA1 | a12fd877039766e96eb64d762b33f7227f8451bf |
| SHA256 | 7db933fe6677c8ed7742dfadb023a04bd447d9556e2ae8e3f1ed9e2956b3aa15 |
| SHA512 | d3f4a9cec65b33e5a1e5850b64e08cd72932ba126b7ac50b8bc7c0fdeff4548ecd4c70b744de2075f541d8a0bd87cf822cc4e737cf296af179a6ba2e44d00cdf |
C:\Users\Admin\AppData\Local\Temp\uMAI.exe
| MD5 | 1ee097494cea69f9ea68bf87768bf4b2 |
| SHA1 | 71009b92bf21b3bd2958e47a23f92c4a124c2fd2 |
| SHA256 | 1f3d1776843e38ef6922f57d32e42c548d688557337fda7217993b85ec84dff0 |
| SHA512 | cda11eb252d3e3989f35c8997416a5878062acae3b35bb6a668aa0dbd6ea841804d9a1fae759612646c3fbd3bdf375f84f879a4c9306f1c4da12350f8bd594c0 |
memory/4988-796-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\iUQS.exe
| MD5 | 04e75c097375388176ce6060f0946efa |
| SHA1 | 0d0c1f8562be568c8cc9ebf3dca113a8c1ab8dc3 |
| SHA256 | dc5cf2913f716e0108e874d19068b9ab1333fb12c4fd04cf15c185883ecb7576 |
| SHA512 | be2127649c66e90512206ccf89c697220e9626529f0fcfab7f35b9fb409831dee07143a0f99f170325d6cc679aee1fd6d99f9e4453c305b303f2e1c362b30404 |
C:\Users\Admin\AppData\Local\Temp\uUAM.exe
| MD5 | 7e46288a8f3cdaf960d8be5aba301913 |
| SHA1 | d048adaeb29fbd63953ac163ed9a2c2deec6f040 |
| SHA256 | 49f1f875a5b03589e2aa9da52da539d9471da32a46eae6d217066576a4f97e9c |
| SHA512 | 905c7c2ba159b9867e169dd2beabc7d620a2eff6e9cc928802d7f6a95ed81e64c03348f01f87e40139a1a49414449a3da5434a5941ed67fb2de1d383c603e448 |
C:\Users\Admin\AppData\Local\Temp\uMoY.exe
| MD5 | beec791ee78103968701831136f49455 |
| SHA1 | 16bc9ffe6b976e4337aa889a3efcd0487cab4175 |
| SHA256 | cad0aa5dda75793e8367e604c52366cafdbc8576f181d5a74143ad7f8c1e4c2b |
| SHA512 | dc889cc4124df9845b18fee58287b9592a7e26757227a1a0d08ac7bdbede7f91779ef73808d2d8639b5f12d0af2e7d5905a7155e210dca9aa5abd20220e3418e |
C:\Users\Admin\AppData\Local\Temp\EMYi.exe
| MD5 | 0131290c5c589fbf69f2cfadf095a463 |
| SHA1 | 591d11552ae5e7204b73d7b3a1513767d6d0a81c |
| SHA256 | 3048db0b576920f56bcea3db7465eb94163aff36be8f69b0d944271f2c4d03a8 |
| SHA512 | fd10e1f1e20737b09529138a8cb5795042b3f0b4066f976dfae69258694fc64fc5d46f39e599336d43b63f8ecaa026b7335794a8207c8fcda50894e8b7086b63 |
memory/4892-857-0x0000000000400000-0x0000000000421000-memory.dmp
memory/3812-861-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qkYQ.exe
| MD5 | 729ee11a90f5d94b0301e83ed35a4156 |
| SHA1 | 7323a737bcd67fd2f460ab73f53b75cfe00af9e0 |
| SHA256 | 5720884b2f9d889a8f699caa47ffab63003dd826c907ff969b585fcca94a701f |
| SHA512 | 751c14c6cfe26a0eb1c8eaff07c940053527d9b053ab63a4005722ff83f72c9fed23523e576450518b8a54289df1fd029633e4d63d5e4cae4d7e811273af0a3f |
C:\Users\Admin\AppData\Local\Temp\scgc.exe
| MD5 | d8c09cd0e24b9e16d72bc37940740a9e |
| SHA1 | 145f3038d5128b11291d98acfa66102a15e0bab8 |
| SHA256 | 4cba8624489901dace768410564581fecc7fe37cf24fe72f003b557b3b5a06e2 |
| SHA512 | c5c55e01974c8ac55e89fa0109a0b152ef0e7ee5ee96fb6785d0fc306313811b78605af88df30043fbf4fe07ec2125435fbfd28aeb2c30e2c837aacdbc396a67 |
C:\Users\Admin\AppData\Local\Temp\ecsU.exe
| MD5 | 06b8cdc7fae24278ff567e9b1430f92b |
| SHA1 | 45bec98a05a61bad4c45ecdff1b7eeddea7a414f |
| SHA256 | 1c6af38b0ded65aab9d384cd5dbdcfd41231b73913aead28c41f296e7b5f299a |
| SHA512 | 482909201c3747e226297edf0945306e782f1c5e92cdae49a163928b70c7a385020186a8d9d629c77358c6bde26fe093abbf2a8085e833b3ac09a1c5e7776c7f |
memory/4892-911-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\alertIcon.png.exe
| MD5 | e40ace71faa31cd4709ba22df4c851b3 |
| SHA1 | 6d6b3e94211ab31a101b8bc764c5137b3f59b219 |
| SHA256 | bada25d44ae22f1c1611bab97f036131f439120575649218090c6c5c63c56726 |
| SHA512 | 7bc213200af6e3f9be5071b223b79e699194fba7e2e14d028c6c7e718ee57a3e8a5c4f54f8bee199115c0fa6382607feff7460eb83aabdff288e15c2805eb920 |
C:\Users\Admin\AppData\Local\Temp\EwsU.exe
| MD5 | 7b0cc06120829e498fcbdcc9961ff65b |
| SHA1 | a994d1685fd16dcd7e0799e8237d034c0ab0d67e |
| SHA256 | e19716427a9f23c65d892013128f9e965b171c186cef661dc88408b4cd17fe8d |
| SHA512 | 410d3919bc95c9fb7bd3641c511055a2931a1d22b8f3a3a864de7dcf950df4ea5a8b4ca530998582af4d471a83089a5cb76f6b1aab26b621af802fd7381dab13 |
C:\Users\Admin\AppData\Local\Temp\EcYG.exe
| MD5 | 9c128b72fd2c69f48c9d557bdefad41f |
| SHA1 | b94ceb496e84e53973bc93b3cdafc071f6a65d3d |
| SHA256 | 3de9e04a898b23f1d1c56cd43c54a9546d1c01fb51e8d36dc91ef8732e8d53a0 |
| SHA512 | 66951168c674d19311c00edf7140957ae32c393c525869c6c16a0e2323e4a96eb7d1b5b38ee0a9c231c5c54289480c1c17e7324209128cd1347c20c02e0ad7bc |
C:\Users\Admin\AppData\Local\Temp\YoEE.exe
| MD5 | 4ed7dc2f3a136dd83e27740c7009d33e |
| SHA1 | 0f08b0e860eda2a4f98ae8099ba5d50f8e59297b |
| SHA256 | cb6047de8bb348310cf515e6e32cde6003c470118472cebbfe76d94f550cb27f |
| SHA512 | 99e7cbe40392b017f1867047fcc9fb8d2d74ffefa546e98305c6c877839c393191e246ce03f65c98b058c86c9339be16fdcb84d75ef4624dbbc923fbfc6a75fb |
memory/2116-975-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AIMU.exe
| MD5 | d6ed27acc4fadcfdd8ac782e780938d9 |
| SHA1 | febb167804c38f82ce3c51744bb2591f132fab69 |
| SHA256 | 9d907ac3b0ff0401073888b8b2c99a21651ad57f8202399311231e11d252ee6e |
| SHA512 | 152c25fbfee86973f1793442cbe41bcd93901874319f8151fa26a6ea7a3e96adb676d55020320f96426839ef4ad8072078035d35f3d7242a695b9522f78aa675 |
C:\Users\Admin\AppData\Local\Temp\CgkC.exe
| MD5 | 2558cb6d9d7beff96e1a9fbffbc9f0f7 |
| SHA1 | e009d09bcc4a5ca6e5402582dcf130257c13e9d8 |
| SHA256 | a271a7c9a0d7abac138c6dbea1bd61950e7e0c2d4603d1343c65c6940a8c93b3 |
| SHA512 | 4b747561648b35e9e67c592102021867e8abcd8b6673556986048b9d93298076c4d07e56de6f4e33d28479d27ae64607e8765981c719a758dad5f4e8674d27bc |
C:\Users\Admin\AppData\Local\Temp\uQsq.exe
| MD5 | be5877e9a081902ae8e866d63d72bcab |
| SHA1 | 1a4c911bb17583d91802bb171e935f0e41d7380a |
| SHA256 | cacef8beaa36c4104b47bfcfd5a6cc5dc566f2718cdad17f0a56439ff68ebd9d |
| SHA512 | 5ef75ee1b7490b5b77080db4fd2363990ecc2a16dc9e90ad962b641ddea676d78a1db4994b3d1bb7eeeefb5b73fcac48dedb186b8318dfa7f3946a64ba9041bd |
memory/1156-1025-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OwwW.exe
| MD5 | 51326d8448dabda52904870782f56616 |
| SHA1 | 3ab5899521b6b0ac69b0b2cbce7727f0cf25f62f |
| SHA256 | 6344e2e88244b3a790147ebcea6fc13a28abed566948e02842e74b090d419c15 |
| SHA512 | 59064a32b8805e54637186a27c89f1f693aed48e98d58869b2b047a0eba357cf8f89ac72590f439b6ac6209cf045b065dfe9cf2a068153b471396e4d88346903 |
C:\Users\Admin\AppData\Local\Temp\egIy.exe
| MD5 | db4784422d106c96704f88e31cd10918 |
| SHA1 | 4894698b3bf250cc6430810baa16db6b50a629d1 |
| SHA256 | fa019a9808418e43216d77cb6ba72fbf81de6d2e2a021141259d5ecd1c02837f |
| SHA512 | 2d6380ef8e5c72312b17e0244673a4aaffd792cb7f61307adecb5149ada8f89085e68b3a2e231101fc32fd784b998edff86a66b76e7b2590be83038b103a6b83 |
C:\Users\Admin\AppData\Local\Temp\Moka.exe
| MD5 | 9d18d451742ad20ba0319b5e7ce8e93e |
| SHA1 | fad1bf851f6fee2e8bc8ff66c5b4980113baccd5 |
| SHA256 | 3a814e9dd7c61147f05b91237009fdb0cf197805827d96fb2d1b927e0a48048a |
| SHA512 | 2946fe542aca6bac1e4824ea5f3c63b33df31a4f1a6e7ed06df289c8c4dbffeffbc03b596b1cb4f027f431777504605ddc952af774d401b986ada546f912ac23 |
memory/2000-1075-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EggO.exe
| MD5 | ffc8081057241adb09e0655f1e715cac |
| SHA1 | a6cb9aa64fbe80e412a22fca8ae9030d75d63f8d |
| SHA256 | 71471b6f2e8851c1d24c601a0d2e1cb516419c14c18baa33303e49e17c84307b |
| SHA512 | 8c29b1c14d4538e81e4e67e0cc160b0fb8f54394d4db7bb5bee6ac2e3a7b31d6ec2ad974e4dcbe6830433604901712af5bb4fc520869acec0172dbd12c60481c |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\KFMHeroToast.png.exe
| MD5 | c5ebd078794f75982e3ace09edfa6487 |
| SHA1 | 5d1b08ddaa11ccacb431746c4808624a1b89742f |
| SHA256 | 7bbabdcc66daa43029aa1b2c72119424e88093cc5bcae88b783eaadcb1fa1c2b |
| SHA512 | e1285a955b9d2d62f196170ebd6e0ca22b95ce5371bb1beb69c01a852e249b2190d1acfd5d7151d9f47522467d498a9a3e3e6e5644805d1d44ee621157ba9f97 |
C:\Users\Admin\AppData\Local\Temp\CIke.exe
| MD5 | dc6fbc4a580acb81beca7dd6fed78c08 |
| SHA1 | 5b40c4250a11541793ed4722619b3749230859ab |
| SHA256 | 7b3370c043e825345ec95aa013bb82a2980ecc4fafaa180416b8fb85cd6e478e |
| SHA512 | ae81f68db8df7c22ff1c3ec6c6cfad38f49db1171bbffece227f130275b63d711a3ae5fe2d393f6e1e050a95d8a376e9ce59e0b1e4bb97101e2c8e05c479d758 |
C:\Users\Admin\AppData\Local\Temp\uMYC.exe
| MD5 | 612d8c52f78c03a826abc6a32ff7b3b2 |
| SHA1 | 1dac873b56ca2f167a6ec700a17cdd2107974378 |
| SHA256 | 3927a0631449ec1e6f1792e727200208c3ace65665a0327ccaece82203c24bbc |
| SHA512 | 67bc3d956a2c628cdd6d3ad059783d11925f69168454610ec12e93477544457b4314534a29c58d08815e68a6b06fca1dedfb15d648aeb19d1cb002f4c1b0edcd |
memory/2844-1138-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cowS.exe
| MD5 | 83d87ed287c987df8b85f8c858d04977 |
| SHA1 | 7f36650801212b735af7482fdc5f74bcf47adffa |
| SHA256 | 14a3a34f0c22d913f0a1bd021d28c72bc71b04f9b8ef81d2550e3b73b7e582c7 |
| SHA512 | e0dbd57b933ffdfb09935be04232c8122c6f8aa6b4a5f30621e19554e8b4b065f57ad1e843cf09bc712065bd8151698393db36d310191ceeae996b2f2851cb10 |
C:\Users\Admin\AppData\Local\Temp\sQwc.exe
| MD5 | 1065f78b8af263c915cc17057e35d197 |
| SHA1 | 07c52c682815a82720dd34248edbe87033e9ab3b |
| SHA256 | b9ae952cee9967a618273c786b585385597b8bc0fa149f20c3ad897572fb7c13 |
| SHA512 | d05423e1ffe7e77520264e2aaa379fe6805e0ee3ad4c9d5c334df2cc8946bcb016f4173fa7754b4f9cfc993b8ef663661751de02491df5eb99a324df780c339b |
C:\Users\Admin\AppData\Local\Temp\IEAW.exe
| MD5 | 2ca98b85d8799b9958c3138ca65d505d |
| SHA1 | 2c898efd6e02b18cf748ba4419eea97298bac555 |
| SHA256 | d448c1c378844ca7081ec4ed779ec184c9dc29306d8e7b6416e484f5bf674d97 |
| SHA512 | 88c8d93125c0c5cd25e18353d8c66b665659958686f76ddb7a1a812b8a1b0118bff1e373b9b9c32c1dc88c8d295f7a498e71df3ce163f0a885f6a53eb650ad18 |
C:\Users\Admin\AppData\Local\Temp\wcgc.exe
| MD5 | be73afa4de2831897f05bc951b80ffe8 |
| SHA1 | f03521ea7fe4ad74d2118c774a63bbc647b69363 |
| SHA256 | 90ccb4be3b647b1cd5fbde1b3b699c20c015e17cd959ece255964d58771853bc |
| SHA512 | 8b818dff17e06a922ab427cfa9e03e2f84bf2323bdb6fe7293fddf1b0f62b2428a0ba0e0518c40e064b15306bb98a3bd898f8c5a5048afe66faa39386ce3f44c |
memory/3056-1202-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KAIK.exe
| MD5 | 4a691e7f840f1851ce616416fc202616 |
| SHA1 | 5b8f8d0a96fe29eb92b62f932409010b89683e15 |
| SHA256 | 48239444ace5861ab60bb7f924f46abf27addc00819f3dad5142c05573d3418a |
| SHA512 | 1a3587d3cbd0232ada1627d61d4b0883853fc03020df09b695a7f740c927bd66faf97218047451c4d19fb486163ac6e1f3540a8df1c4853da151ab988019c71c |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Warning.png.exe
| MD5 | 9ff7c38a0783e5c0b40462d5e51110d4 |
| SHA1 | 4383dce2b40ae473931fb6953dda6e2b94f84940 |
| SHA256 | d95fafa316ec9a0d41a91622651242c27469ebe40ab241a50c62166ab1934d1e |
| SHA512 | 122079a91f0774ba6a74b6caad5b44b65dfffd0ad84893ce3ffdc838a6c08410235f3cf28ce823930800b5426dc6dcbd43468d7b19f332191947d5e3b96fec50 |
C:\Users\Admin\AppData\Local\Temp\OsQE.exe
| MD5 | f23f8bff8c7ff0079086220e8b9181e4 |
| SHA1 | e689a45a7c7b5d0f2b13505da3484d559124b263 |
| SHA256 | 51421dccdc70f983beef2495ac88aa058df6b9dd3a821e62d78be1c25bd76afa |
| SHA512 | 8dada07021e36db45465a4ba9f81d57fd1905a0eec80c6e02807e2db6a221097ac0540c8af0a7d3b57d53c2d51c7f3543ee50e46dc90a6c270b28c9bd4f870d4 |
memory/4004-1252-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WAAu.exe
| MD5 | c7b009c19c21c89b460e4cead88a2a98 |
| SHA1 | 706398dea85cab354a78720a547fb94a3a7e7fa2 |
| SHA256 | ddf5b41f012d09281a4bccfb6229fe7136d2fbd6507c58b7ac84afd9274123f9 |
| SHA512 | 0430000a329d07e761458c74a26089b994f598803ac1f5922fbb5df436989d9030adb4b5f3ed2904f8c9e484673a1bb068e85b3ecd50ecc2b13cd9919c6030f9 |
C:\Users\Admin\AppData\Local\Temp\IUIy.exe
| MD5 | 4a858f37b9ffabbed81f86a00053fd5c |
| SHA1 | c673d6fcfb9e55668b72129dd825b67802c42e28 |
| SHA256 | 826b0ae118294c9666cd495ec69de16bf5a3052891e6f226ad49b03dcc39e8e4 |
| SHA512 | 91b64397808d956ed414a7dae3b4e33e4c2f6b7a06e0ef167867e4ec7018a1ea658ab49076121f90314ebc0c054cfc18b8a8b1630964456082f4a5ca5008bb61 |
C:\Users\Admin\AppData\Local\Temp\QsIw.exe
| MD5 | 35ba5f1e72c728dfed30e185e23a2b84 |
| SHA1 | 20ec5e53f5c08ea6e1d4331ae036721cbd7feaf6 |
| SHA256 | 54ff0a430c00ab990ce6e5127beb6c97c45ef372c9a734bc2de6290206407dad |
| SHA512 | 1d30e2f9e256eb567161a7f66b823e5eb38ee23fcc6cbf85707d45e9c9af12fd9552256043ed6c76fdbc7158fc55e399e1b4f2cb385fc5f64393dbdc2b6d62b1 |
C:\Users\Admin\AppData\Local\Temp\mIIY.exe
| MD5 | d4129b19acbd5a99f7d1f695c8785da3 |
| SHA1 | e3878bb5a1830f0a71f0e365b157d0501487a3f6 |
| SHA256 | e2fd092e73decfba899dd2b0f7be29133d3e0530850d8029b546cec81fc08c4f |
| SHA512 | 3cdd7ea5cb7f68f89d620197969cc09e18c574d3f776b4ef4233784dd5aaa039d0bf0e7014787202e8a31fad806e07819c283cc3363beb4789fcfdc8f9b7cb13 |
C:\Users\Admin\AppData\Local\Temp\ekUG.exe
| MD5 | c5bbeb3ce05eec51e5373b1901ddb81e |
| SHA1 | a30b8c3ef9dbb19e4fb7096f1466638e0f987988 |
| SHA256 | 03b4c081a9289e21be652d5988864ed02b3acaa08f1a7a8ab1995201f52c027c |
| SHA512 | 496be39e0c61108a325474dbf38d333adfdfd7f95926c5e67c39a32e5caaa60f43f0591274bd18d9ac73415b9cde76e2d4341a3d99584301653540c045442424 |
memory/2300-1329-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\sAwo.exe
| MD5 | 4cf79354c25b4efefea554b8c86f7c80 |
| SHA1 | 95d295ce9c1c3147a33ce645b3e9220f8b16d792 |
| SHA256 | 937d3d600ae505689f71ac955baa952ddcac4e5757179b569946e71fef3910a5 |
| SHA512 | d50bb56c5c23adb711235a85de514fccac3cd69e340031a6cd8bc78b067d609059bf7a1f585f515e78dace9e2dc9d1ea211dd864f7febfee97de002df1366739 |
C:\Users\Admin\AppData\Local\Temp\IIkc.exe
| MD5 | 1f2ff695355437d616eea12d64355cdd |
| SHA1 | e963193452dc683617db898ac527f06c401ebebc |
| SHA256 | 96b8fff42230bb40f979e0221a48b701ceaa0989e2ef1058fd56ab7dfe672a34 |
| SHA512 | f18d6439a23a4d11e8202561336b0294e7d2a39dec55f3e6ed39b4c4209ffe2dcf19b50ac1e0d4c43cea70ba4bbd1d482c98276add076a7580daa06c617af139 |
memory/3868-1375-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qoEG.exe
| MD5 | 6a4ae10162ea069eb9e484c8fdaa2fe0 |
| SHA1 | 0e89954d4526cecbf13b6321c5508c9ddbf3c2fd |
| SHA256 | 6d4394de63a2fea71755d516d78a61af808ebff65b2515c9ad9cf7cb0624c72c |
| SHA512 | dca83936a98a1ee52ca5c146a7587ae9db9a8c837d2dbecbd2c9f24c14d0a70ee534a4eee3125ca5fc64c5f25a51c5ed9728fc0ce957a2ff90d3090bee38fc77 |
C:\Users\Admin\AppData\Local\Temp\SYYq.exe
| MD5 | 7f6ee695ed49b224dbc99fdd2dc843fc |
| SHA1 | 4e26d67feb03bb17afe55ac07dbc35622b9a0237 |
| SHA256 | 39c07bd9c2e7e84d050704d72c4b50f95a6b7f8f942b580e7aa9af0260dff172 |
| SHA512 | b7029ce1b4835e4fd403b56716d34b7bc921f1bed3ec9012d42414df1b828fd07932316148f16f362dcb83f1c3ed3a5c3b0914385a7113a860ead67723e90793 |
C:\Users\Admin\AppData\Local\Temp\wMkI.exe
| MD5 | 00ed0878efd553f6a183ba07fa835d09 |
| SHA1 | 043ce2e88674d990b577c1fedb1625cbd14f1774 |
| SHA256 | 3b0cf4ab3e4f8a6ad2140edb076bdf1dfd1d3eb3ff0286dad81b3ccd03bb47e6 |
| SHA512 | d8cce59bc019e83a43876566e7b755f00e1f5daf7dac72226138388e9dd86f1d7ad39d1a8f830ff1d21ee136340578ec3d6bf6d09c1ecae612cc74872d5d5528 |
C:\Users\Admin\AppData\Local\Temp\wUgI.exe
| MD5 | b4e64b91e47935c5c99656eee75b24ce |
| SHA1 | 3ca776533f48aa6dfbd062aef0ffd23656ab6ff3 |
| SHA256 | d3d97d7ace95ae627585c2e0bbba56457cf71d59a4d076f2d77cd5cdb6197968 |
| SHA512 | 7493519141b630e45fde9f79f4c50beb3e931d5dacc34d12e5682a0a146d60f16359cb39a4ec11ac5edebe9c9d41d34f4734ba8cf7701ae5d6dd00768474189e |
C:\Users\Admin\AppData\Local\Temp\wsws.exe
| MD5 | 76a1d842c5e29f16162833504657edcd |
| SHA1 | a59bc327a9c1dea0480462b0d553f9c63d9b5356 |
| SHA256 | 05c7c966a6f5039c5712f411a8b0f30298acbda36add52a4ad92bc212fd6dbe1 |
| SHA512 | 3ce22079ca92037e752a856b876e8962c20701e5c91235c5a834d6775d67471fb4be3b6ccd3deec4366666c9d44a9f934fc5b7041c0cd2ebb1dad25654cf7db3 |
memory/3940-1442-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\osME.exe
| MD5 | 9232f0dcde4e98f85efb4af5ad18042c |
| SHA1 | 1c1b287b7653a2c00a8533fc7b6765bc5b98e696 |
| SHA256 | 4836904dd948c693284859e42aedde8ccbd36660e80b52389c0c38c7be48570f |
| SHA512 | 0a70fcf7ef82161c54e903e0b14d41175034f172b083d1bdf8ef85cd398854397aafc9dc4145422f6c953b5190465b4fa72c14e35ee35fdfcfe07cd9f360ce77 |
C:\Users\Admin\AppData\Local\Temp\qIIC.exe
| MD5 | 37d5f42239cd4519556364d7a5c473fb |
| SHA1 | 7adc4b576efa95d9b4aab1108c65cfc5379e8dcd |
| SHA256 | 4dfd2c0092bce2758594ad2ea991c7c9192bd4cbc1a1d8f0327666f18ea3291b |
| SHA512 | 6c3becb3a44f989ebe59fdd301a7157e03b68a3d34602d973a7faa97c79f7e173fee403550597163795a6056af19bf76ec090f8d4550ace8097b1469e159e6fa |
C:\Users\Admin\AppData\Local\Temp\AIsI.exe
| MD5 | 19ceb4e1db54aa016bcee8c22eca05cf |
| SHA1 | d2f9ccae7a0e19f0e07086186f821e0d7a9478e3 |
| SHA256 | 9fd6f3e5598aec21b9a98c52a331974e098f899cb683a011cf015fbe865d6c42 |
| SHA512 | 3ee19e6a5d4edfdb009a3e4588505bdadf9344b96945c9cc5f60e389fcc455a6866fe1b80af17949674a452b50001a2007312476ac989d5dcd41749dbe76f62e |
C:\Users\Admin\AppData\Local\Temp\WIce.exe
| MD5 | 55544b9fe8f9270b5246fadde61c94fe |
| SHA1 | 0b9ec9ba62ba7801de5540b469d68f3d12cbc4f4 |
| SHA256 | 9c0fa840e5b201a4c86d133de8aa2a6f91060ff7cd763a17b1f0169e033ee4f4 |
| SHA512 | bf8a950ac25b4d20799c33f2ac34a599c8f352884d4333f339eb05ae5d63c3814d3e53d628c4758589d17ad1794b5f8bc53cb4ff766c3c7c3a8f790cef32e2ae |
memory/976-1506-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\oQcy.exe
| MD5 | c0a66f61231d30f1a41d3f8f3677ff51 |
| SHA1 | f43b91e919b2e7ffcc34a2d30b5773497c95ddc5 |
| SHA256 | 0d6fc07c048a9ca714fb78b34a2cca8e2a5f4cc11cec196bb0f2e27d477868f3 |
| SHA512 | f9d0360af1c6077638546feded2ccc310ccaf2971b78854c0cbbad14a1efa11c88210f79a5c6252f117275809d63d9943f4ee41eccef00726ff589d58edbd95f |
C:\Users\Admin\AppData\Local\Temp\ccgY.exe
| MD5 | 56c727a9bb7502fda0ca9514a530f5a9 |
| SHA1 | a40b65fbbdb05bedacdcbb7317e81b69b04faace |
| SHA256 | 91d9015a6f5cb96895b1f4704c3b033c068d15fa2ea91ef8cffd8a7bd0518869 |
| SHA512 | 7f59d610fbf963dbfcba2c25511a3835a9b65214034d6d8d686ac9cecb6d4ba045122d76e3857d090896ba74317ecff898078e18e11a186dc0e6be9e988d8790 |
C:\Users\Admin\AppData\Local\Temp\kMUi.exe
| MD5 | 8c01c4d62a0378e2b7da23dce15b8d10 |
| SHA1 | 05890733e3d9b9822fa65531f8d41a90e64e8bda |
| SHA256 | e30561f7967b620586d4a28dae7d0eae63a0d9e979f62d764c289f892587fc5b |
| SHA512 | 847bc6b347223b7812a80bd368401ee67f316df68882840f206b71958c7eb7b94f9aee9f623c90671d84854fc9a06498be9df449bb4ea9a2bece226e3607c844 |
C:\Users\Admin\AppData\Local\Temp\ccsI.exe
| MD5 | 751f656c6e0d09e9a12a0a29c0f5a935 |
| SHA1 | c707c4e8fa8c67d633950c4bb62bbae27751126d |
| SHA256 | f43ace9483ed4cfa4d67f0e58dd993714bd6cc7634826ed5783d00ae4a95620b |
| SHA512 | 9dd635ac9250d164fe90f521471b02c72e81b4ba0f8ca9c18e31fa9e60ef9be80b6eb9e3637a4eed40cc55f807969be90d02878d6d4d88beb5faea82ee55ef6d |
memory/4460-1569-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GoMA.exe
| MD5 | 42d2bc07f1389d32d7738d1c1a78d971 |
| SHA1 | 96cdac6dcd1c3552e34415afe37f7c3d644622e3 |
| SHA256 | 3814a3eec8fee815b51b9828ffd071807b791243841c4f665dea3291cbd1fd68 |
| SHA512 | 1f60aab677d5189b0cb48e413403fc067f940d55ec6cb03162d5ebe692a619aaf874fb96843fe460f39db71926c91a5a926f2538dc1984950b17307ad607e471 |
C:\Users\Admin\AppData\Local\Temp\egMe.exe
| MD5 | d8ca25bc2690385ed6d2128b70ef83aa |
| SHA1 | b118d46b91e70d115f33443ccdac1e72aadad2ab |
| SHA256 | 44f1e39df2231d568c4745579d3d125d8669115960896b93877d7fde8de3b346 |
| SHA512 | 4a4d697161233a6b750b532995c35230f86d1c8e5a5a4e1ea67fdfd2cefdba6e471896a6a29f271a1ec3ca9fb99ea0cd04fd4508f7c7e7446a5a40857b917676 |
C:\Users\Admin\AppData\Local\Temp\sQMW.exe
| MD5 | 691811531e9e03b14e6fa97d4c0df2f7 |
| SHA1 | 08ea0ed3ede0ebe1caa92598bcbe68c9c772ec91 |
| SHA256 | 92324b74ede954c060c7cac80e75fe3386aee603f7d998f190e7459fb8702135 |
| SHA512 | 23029be1708c93714f0a2e75f82adaec72150ef6ff4dc23dc4d13e58e6f733b48842f80d8547ad774b8613f0fe17946089e117f39777357710baa0f8c0512fd0 |
C:\Users\Admin\AppData\Local\Temp\KYYy.exe
| MD5 | 727ff8e9cdf0f03e27cb29c488536103 |
| SHA1 | 2dd5e698a3c4c9d35a5e7f7326f0ec199617bea3 |
| SHA256 | 0f987cbcde13340ce1daa881e70d908a38b930bf0a8758acdd8b0e143e7a5631 |
| SHA512 | e0a7f3eba5cb9f5e70cb749e8c9be223418bc60bad2294ea20abf9f1ebef02555eba69e1b1ffed5b365d0dbf3da521c029e38c69c5596ace5366f1343a1a09fb |
C:\Users\Admin\AppData\Local\Temp\mYMy.exe
| MD5 | 96e664eb733b08ac7027e39bcc6d2e9e |
| SHA1 | 9de22d422346612ad18d962361987e8b22855c09 |
| SHA256 | 27e87169012966fec0dabdff3972c61b64a745259fb8fb54844e344ddd63a818 |
| SHA512 | c339bf3ebd0d0fb29b4d0389f9e10a93f5d1b2d2beb5028934bd0037abe69362ee5f5249d3306caaaa206ff38e9fcca3e63cdba5cf2134c79ddf659e43d73dec |
memory/924-1646-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\iAIu.exe
| MD5 | c2e86a6d6d0f73f7bc567472ed3805a5 |
| SHA1 | c54ec44f2d1e3e48c7aa993008caf117a5f512fb |
| SHA256 | 02c8f85c7e8958df09c452f3a6ed41c817e2d867a5f173150356451b945db974 |
| SHA512 | 8dcd661b8eb5925321178e2ab1da7ef82ab090ba64979ee224188f38aef38c71832f42671667a5a76f3ca50c2b051dcb355cb9008f4f831914a63a2ba0dfbced |
C:\Users\Admin\AppData\Local\Temp\skYU.exe
| MD5 | a5dcf53dbcfd92cf44fb338a9a82a168 |
| SHA1 | 341f840dec4a294a4f3e20323e8afab3b49ca39d |
| SHA256 | 56f1094066b3131d6e4df04567543f953cf24929218311657fa25812e1efbb40 |
| SHA512 | 02c9aed047b4486a8d7ee57bb806a6792b22c811c50d963b6fd4fed06bcda1a5fc5724b309bb5696a148869dc3b27f60b47f3461eda04b50ad385a4c6cfb88d8 |
C:\Users\Admin\AppData\Local\Temp\AIsy.exe
| MD5 | c823f440553e7332bfc80bdd9a50bd43 |
| SHA1 | 3062df68cb9770ed174805407be0a3f5c0b5e451 |
| SHA256 | f29b146d7ba7a2977326e539a47ead64675c06b1531bfa097dbd095a5c58ac6a |
| SHA512 | c3a6b6519726ecd0ff5026831eb834f5f23e92e73993adcb26927285217657fcbf80a53b5c65f236de40b947289dbb7c4844fb472165131e723428bcfe7e8a83 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-400.png.exe
| MD5 | ed56e652778124c43e6d73c6f671c959 |
| SHA1 | 7c2824f9c518c4d67ac995b0946ac7a087f4e04c |
| SHA256 | b3e1b69ae51c3b3f3c4a0c12849ae60c1a4167a2995047f7b3c84887c80fe634 |
| SHA512 | 39f7b90adadf78064136b3f94b80b365f701483b352f9b99b174e3bdd1c224e1940f5f1710def0843ab9b6d57a1dfa406f5490ca01b691ff75031360d82ca71a |
memory/976-1710-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OMsO.exe
| MD5 | 2f8b6280f25b8a882cf560da113ff830 |
| SHA1 | 2d1c2ee7c94f2f3911124234994f05f99e7dcaa7 |
| SHA256 | 9eb232633093b1253ed30eddef4f49e84ef5c883371a2a3957081d92f100befd |
| SHA512 | 0aa93a553257c3f0c6f64b6c01db918f147dd712dc3b9a28d4f424799c4f37759ab67028b402985c22de1e6a91338f40d6e098e8a10355f236dd10ebd0c311b2 |
C:\Users\Admin\AppData\Local\Temp\yQQS.exe
| MD5 | 624814d799a1aeda9af23ce2bd72c444 |
| SHA1 | 5b6ea94879c679251a8414e98b9597ee56ff7cee |
| SHA256 | 0604b483760a870c28deef72035d5c2eca1b3d61e74f3ecd034ad2f3fa961c58 |
| SHA512 | 151e9cd5b0dfeedb9f471431beba60c2137ea0b64c16c4ae9e293dddfe32762d7e326a2a32929127a467a4d0dd6f0eea768fb0c9c8ff5ac2ae3f22583895527a |
C:\Users\Admin\AppData\Local\Temp\uIUQ.exe
| MD5 | decefebfdb815a8aa5a8d1f5315afbad |
| SHA1 | d2cfa6d869d1bb9454d662c9f10c02d8d9b964b5 |
| SHA256 | 04638789121265ad134adf4d204717e3b5eb3326c35895c5e6add1c802f567e0 |
| SHA512 | c82f63c222ca2d9bb52821ded7854a8daf860f883c2ed2fd1b3b2b8c033df61b885af55e627987fc3c2c0ffccd17bd9206ae57ef6b6a09bbde51b6646bc16902 |
memory/3804-1760-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\mEYI.exe
| MD5 | 675039fe2c5bc1e0b81dd31c81433134 |
| SHA1 | 4489f30e64ecfd99c9f0818bf6a686101f31ceb3 |
| SHA256 | 76d7b76787d875d6a6b88a0dc90b27755dbc7338c89f64b1b788fbdb553096fc |
| SHA512 | 8a4457bfd30abbad666f40184a5fad9cefa45a162500b64f09ee30dd801a29a34046d8f5a2fca01d0dadf33379e21cb0c6f7e594de305ec4fff32830028c0ba8 |
C:\Users\Admin\AppData\Local\Temp\aIcw.exe
| MD5 | d250267f9a789dd3dd4ca2d47cf260ce |
| SHA1 | b4a589ffd1c168e5d50ea61851973b86adfce6f7 |
| SHA256 | 659a1d125dd9f2f21f77f90173d468b9e610a7756ac126a4414c081be1bf2edf |
| SHA512 | 8da8cfaad6beff798d4e8849f7e166cc6a301c180813e53bd2dbaacff42e593491023b18cceaf6d135ab0e555e991dd12465a2a5355d7ab7381f0392dd1b3f10 |
C:\Users\Admin\AppData\Local\Temp\KkMK.exe
| MD5 | 93e240b6232cc282f01ced17786bcb3b |
| SHA1 | e523b5af11fe1c8b8987d5c64b35fb3e90fef7fc |
| SHA256 | d9732536db4fb7a60e65e5e5295e5569388c2b4bd7c48972a5101f0bb8e9b28d |
| SHA512 | ffc2e75c1bbb4c76eea5d271f0e2e7cb2f711467a80f93c67053eedf0436c923dafd87ac8c4714f03ace8a24992a1c641bf7dbee57d030d9228ae20b947d3eda |
C:\Users\Admin\AppData\Local\Temp\wUsU.exe
| MD5 | ba882a9a61452b19e4566ce72e404d41 |
| SHA1 | 01d1b5be30c7af1d8375246c6cb313222858ab5a |
| SHA256 | 54f6c44df87b96577345f734ece27b0c9f83df04d8945fd4efa751dd633d3917 |
| SHA512 | ec3d99d5e2b5c7239357a0e6aa08c10175cb7cf58ff856dd9da820b7531945016356402e854daee7c087433e6d69eee7fcd4ba68a04b5f2dc99102f7da616256 |
memory/4768-1821-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\7603651830\squaretile.png.exe
| MD5 | cd609da409d0566173449e3a7630b35f |
| SHA1 | 4a00251b4581df8a1a59e2dac65d1995cf4f2025 |
| SHA256 | ceb685da3f694eb57a4e36e079ffec143c6f37c9d4d72ca7f2711aab31d9d4cd |
| SHA512 | 59eea1c4d92e67899264a8138a636fa4ee9df17829ff9e7965c6f704c3b56f0093a0992d0d638b5526d5989634798f56e54a333f0114f353d49d02db0a7c28ef |
memory/2316-1839-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KIMu.exe
| MD5 | 03ac4ecf835a29da4917d4d1cec26192 |
| SHA1 | 4f90643a0a79b47b3ee706de02d8932fd2088584 |
| SHA256 | fdf434b9afc7ab7046ff91710c85b7a3df9df139d95403c8a530186db0f3b951 |
| SHA512 | baa0393ed169712f979cd77feb314dd6564025bff1deea14d6517d53bc225937516bdb280237f0471920b1517ac1e02e6651dbbbf4ffcc94f8add81f661e8b48 |
C:\Users\Admin\AppData\Local\Temp\AEIc.exe
| MD5 | 1aa37813981de6bc37440dd397e9b09e |
| SHA1 | d4558dbb793f04317b09d1893446bddd21958c3a |
| SHA256 | 6d8dc414b13e3e092a4156d833b5a03b9e1602f42aa56ceba119839c352876f9 |
| SHA512 | 975139a8a8c927691817a5498e4d20d9bf422409e4246c837e949c51d0109cf346d857e28eb268de2d54b02d9188eea91b7b7e8b9cc1efdff2de5378db770bba |
C:\Users\Admin\AppData\Local\Temp\iEMi.exe
| MD5 | 7199b1e90f8dd0d68c9755db317dae4b |
| SHA1 | cb0bd397cf1298e853dfe82dc687ea488c19e008 |
| SHA256 | 00c3d24ef168b96ec61740fc6134ccfb8c21388a8bcd608ed26350b94351bf04 |
| SHA512 | 662627ee3c8d8f0a9e418868ecf50749dd25fdd711fad34297df68ee0ae702c717b791927ab1b7f2ac948ed2265060c7f4ed10617544221c903d251ced673b3d |
memory/4768-1889-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OwwO.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Temp\QQsq.exe
| MD5 | 5d1a9f35c04445e85b811a5d0dc86229 |
| SHA1 | 0d3d8e037de8d9ca72c9e143a8defa844300bb13 |
| SHA256 | 4f34c1208151fe44622fdf03fa3e087a52925428ce3d4ded60c1a2228f6d1009 |
| SHA512 | 2f216262133ad53128c1e8fbc8953f503b0030ab237a3d81e1c2027ba6dd03fb7657cc815a7d0db2bc2421e632dc38f3d5c42d0401a72967069b842a50354f0f |
C:\Users\Admin\AppData\Local\Temp\EkEW.exe
| MD5 | ed1c1118837b2b807c9942c953a3b373 |
| SHA1 | 8b272a7bd3497a1edd7c629b3a9623aca98f6c8a |
| SHA256 | 7c5e18ac72217812903efa781024fbdc998d4c92a9aaffd39499d066c51d478c |
| SHA512 | da85753930b34a26f4907e14e2dcaba3b398cc4adddf4f7f5a6852ae9d679aecf784677d066b9a133440521caf4e28d696852a92ef2b5889ad00e753bbe508fc |
C:\Users\Admin\AppData\Local\Temp\SwgI.exe
| MD5 | 7b7cb321d9082c7a7aced40de5101839 |
| SHA1 | 3315e896749a5ecf7b533da3e55f481545fe0b49 |
| SHA256 | 5c927664a4f0797f4e73f67bddb5df58bc80860fac8268c7255f7bfec5cca2c6 |
| SHA512 | 335e15e754fc310b21c7de16db966629d62a7e409cef8bafc033ffd9698aeac3a13a0e3e4414220e7a29fee5bf13989bf69e822cbd95022e023d65dacbc69891 |
memory/5064-1939-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uAAi.exe
| MD5 | 277c17ff387ece5626e0f094dfc30868 |
| SHA1 | c0b0cef488b398d6146753d5183008ce7b48bb94 |
| SHA256 | f3c1303211f7ce7a8836a1faac4dcbd18daba5e7c654e19b7b77bfa6d03c9839 |
| SHA512 | 6e7245176788a14fc90ae976406e25fb164ff136f9ba5582cc084a41f4908998d722527703ec00fcea61da40c12677b54a14a57dfc1e94e15e8a0e7e4134bc98 |
C:\Users\Admin\AppData\Local\Temp\sgUG.exe
| MD5 | 4e565af15e842c1695b5ef52033123f9 |
| SHA1 | d1e71815e709fb8fb7190c2d2a48ad14e3150657 |
| SHA256 | 04e41e7948bea29c27bf198d55b6b774f52a0ffb830c5834900c9e83522a590d |
| SHA512 | 54b2cf013fd43247a2a0259ca8d2178493062fe424bbfb26ee950b87042f8b1179dfc1ce93fe366bf09b031ae2712c6f0bda3ee974a0c573d803c626922faedd |
C:\Users\Admin\AppData\Local\Temp\QYYg.exe
| MD5 | a3d8da04fca384762688fd13af4dd71b |
| SHA1 | 65f27345f00498d6c1c256d9459d9fde2b28e8ac |
| SHA256 | 2bc0d2e8f77bd9e20382953b76010723a4f4c3e053e9b8fb16782d22c5a5d17e |
| SHA512 | bd6ff57a6708c450b1fcbb37c9f18c653295041e37a313063fe71e86b17d9af35f362bc537a9148a2a56590ca6224d2f0b4c1f593e09211cf90198c3f7c7aa10 |
memory/1016-1988-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qUkY.exe
| MD5 | 34e96fdf94de5f02d980cd29817e3ea9 |
| SHA1 | bf414c889afc44918ebef8be736619f46724a3b4 |
| SHA256 | eda9e6b72614784f69a61ac543aa5fab7149f2202d729929f5180750c8060934 |
| SHA512 | 3e4df17e4a2b7fa1f3934cbb474b38c8a02db3730aef6356085643f93ca46d0f123e88aa7b999f3e5dab2fa0b008a3f26a68a95ca00a91208d60fc4298ac5e59 |
C:\Users\Admin\Music\ResumeGroup.jpg.exe
| MD5 | 0be2c27451121851c94b7091fa81a2d1 |
| SHA1 | 61fa129d5bc40c4f951a3c6361f75c086bcefd50 |
| SHA256 | 8299d317962c61841e28c0b90880ed6606846abcca50e9c76e2cd5469f5b1b9c |
| SHA512 | e5c36718d7560447e7aaaab2ee475a2ed1ab37dca696444b461e3177ad19a27e0ba33dae2c97e5ff13dd2a11b227acaaa173bb030078b61062bb93d3dfcdd250 |
C:\Users\Admin\AppData\Local\Temp\iAIY.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\EUUG.exe
| MD5 | 8b262abb88a2c1e0c78768a74488771c |
| SHA1 | 46c05ebd66e8a29c0eec2385351d584c402cb931 |
| SHA256 | fa2a100821dc54650ed5793f78a74861db9f712fa5029b7e4e9c07d284a69d5a |
| SHA512 | e85d52cbbb711ebf6040b2a70aa43b33d5f718fbe636c6135e5a23fdb21683e2fef761e232f8bc008d681e4ff59b24e0b5b2f26e21f5a29723c1093ec63440ea |
memory/4784-2035-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2560-2039-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ocMg.exe
| MD5 | 8602462db5b0e3ad5c54314af2309ad4 |
| SHA1 | ccb3b863a2f0c4582195dc7aa9325fd5d2a5d954 |
| SHA256 | eaedf3967bce062d143ca9148aed558648a790b17c762f5560ad36411001dff3 |
| SHA512 | fd3d08c261d3286437bbdbba2ed6d5928997aefebc9547e58bec4ff2a0a0bb7729e93ab517ad9fad7a478cc7e2ccb5c82ce8b780be4738081779025ce7106c98 |
C:\Users\Admin\AppData\Local\Temp\gEIc.exe
| MD5 | 604819e90be32dc5e89e30f6a198bb59 |
| SHA1 | 2352e0f5d1cf0a88d61d86bddca86a634685b190 |
| SHA256 | e71bf37737a340edc9c1175ef4b154bcf67aea1db2114e910e8b26d15ae78181 |
| SHA512 | 8497800e07b6527e4822bb0a9b39c3b91a6b88d841ec9a1840877c567b283e731dd3cf82d484cc85fb58556e6e0975c3b81193920d1b94c9f5f9f573a6b80016 |
memory/3908-2073-0x0000000000400000-0x000000000041D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\YwYS.exe
| MD5 | 2582bd6434c92f8016cff97b26a2365e |
| SHA1 | 79ddbf19a58e03953d95ecca0b04a778c48d3979 |
| SHA256 | 32896bb5f3fd0dfb31125ee845da734a4b30169d86854ecfbe362b22e7c9cd7c |
| SHA512 | bb08cec2b07dec3800742039633e4452a2d33b426ef23c4980d6812fd0b8fc4b63b281a61cdcad2a58ebcd9dd55920ec075bed1da8ff52b00bb4398f5bc27199 |
memory/3364-2090-0x0000000000400000-0x0000000000421000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EIgw.exe
| MD5 | be430a2aebad7e114fa65a6a8492534f |
| SHA1 | 501f2156baead857c569cc2b66d7377faaa2d818 |
| SHA256 | 706b6c325032f39b96f32c4bc1f76771af9fb87bafbd9e33a5b9ce7472e9da09 |
| SHA512 | c94535609bf1071c74afd81f22d8e6c3ac7543b06c8d1b682b28a00a804675cc5eb357a9c17ea5032ed859352c07afe24808ae12719737107908347539099e38 |
C:\Users\Admin\AppData\Local\Temp\ssUC.exe
| MD5 | b73e3ded5bcd0d19f136f6de7015e01f |
| SHA1 | 526bfbd56e67833ead6979457bb5a99c5c4cb64e |
| SHA256 | 709da43e453413a9c1b821baafb149d1d62b10d583f78fc0815c3166c49c96e0 |
| SHA512 | 71323f33d362ba51ca032cd9a9f0b0e46a1f1decd3f525fad579ed46cde3b00407fc726e4218795e48583f6962c6fd8ac2c2e38f6da77ec6a0ead39e37953d04 |
C:\Users\Admin\AppData\Local\Temp\SEQa.ico
| MD5 | ace522945d3d0ff3b6d96abef56e1427 |
| SHA1 | d71140c9657fd1b0d6e4ab8484b6cfe544616201 |
| SHA256 | daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd |
| SHA512 | 8e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e |
C:\Users\Admin\AppData\Local\Temp\WQoo.exe
| MD5 | c2bf5585c9ded192cca2b10c65032871 |
| SHA1 | af45b49166b6e0fc06810096d3ed808fd42bee9c |
| SHA256 | c87fe71482011128a8ea59665a290eac40b20b97301fa42ae31287d60fe1dd3d |
| SHA512 | 2b4127214a19c8b1f12647fd56dd792a51c2951cc12d5f00676022a83f0f5b8c75d58b920e555895249ea6aadbdfd5a4d3f9adafa09981b6689127c21f25dd6b |
C:\Users\Admin\AppData\Local\Temp\GYog.exe
| MD5 | 33833e574351e172e6c2be3baeaadf94 |
| SHA1 | 08a9ff6c09aa696dd7d334f6df3b6726a363e6d6 |
| SHA256 | 8668491afb56151f4a3474c2b18e19d21d640c1bc3dc3a885950414e208d5afa |
| SHA512 | d4c6c656cce8fd5717f5e42ab1477062f01e783aa68b33cebbc710556dd6d1ff508585f67c03a1adae8bd66201711f8f8518fc1f38add6523a9f46c7e3ca2fda |
C:\Users\Admin\AppData\Local\Temp\oAsk.exe
| MD5 | 2c9a14e0ae567047da2984dea470601c |
| SHA1 | 224ebde030d71810a98f0b917653e130cbe7fab5 |
| SHA256 | 591a3098746436a5f400d96b3c31120a3e1516770be207a5387825c8e9a284cf |
| SHA512 | 8abc30136e491de34f41dd6b948d93aeb338c5d1e53f902145c5a1a385b12c02edce975e1793672f079d064e183321a8a3ddcb8560a124a6f7c4c8f51a2f3794 |
C:\Users\Admin\AppData\Local\Temp\CEgC.exe
| MD5 | e627ee0876fe164756faeba45eb7c95a |
| SHA1 | 2fa933d1538d2f8cb6867754ab519276c2bc8f16 |
| SHA256 | 69471bed4a28668f5bf034829603f86720d1fcab84d3ea8960b5c26e69b11d10 |
| SHA512 | 675c81d62c7e009768b3db61bc38a617cc9570a20158bd02e6b84a9507c52bfd70c2dd73c199330bf22e1e8e7be6da5b265352daf9e1b2b6414fb8e646a4fe27 |
C:\Users\Admin\AppData\Local\Temp\qkcS.exe
| MD5 | f07e88451c2e02963c0a007ead2c4595 |
| SHA1 | 38ba76054edaf6dc5992e22fedc3a033cb2df6e0 |
| SHA256 | 977db59b524b0aa4c2bea171deb99ef885c9934d3b7eb5f3b9fc2536957bca4f |
| SHA512 | 80fe8a2fe4d6885a3738273796f8c812633b66237dc531b0abe7d6235fbe227173dfaf61bc58a59cc500477826b4962b8dcf2b0cb828ceabc70645518216257b |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.exe
| MD5 | 923a50ba0615b19dbdbbbf569d496e5b |
| SHA1 | b8be0315078a6056fe96e34bc47cfb39c1b09213 |
| SHA256 | d9b7f06b37b788d9aa0eb4bdddbe856ea7ac93482783e5b9d7b682ff707c683a |
| SHA512 | 8511334d915b0daa8e2fb0405cfe19559aae521cf3eaf9314667e9eeefe61917322fd055cfc1ab8a7009f799db5f55df3747b6b1b68e408bee9c779c2735874f |
C:\Users\Admin\AppData\Local\Temp\qkIA.exe
| MD5 | c3e00b9383ad880c8723a853f18efd28 |
| SHA1 | 5b7e80930c0bf6d2372ef1ddd66395333a480c3b |
| SHA256 | 40bdf4c631ec57fbf63084d1fe65719847bb8d463610c4cbac1744050ec9c32f |
| SHA512 | 9bd545f538bb24537901001120a1d6e50b9d972f23f25f8b0923661cb1d3ea2531fb1f2b8fcefb36842f3814484dee1f8a03a1debcdfb4833a464c59fedec7ab |
C:\Users\Admin\AppData\Local\Temp\okYO.exe
| MD5 | 2b21ee6cb45389689ff53215675ac023 |
| SHA1 | e266e5e18f27c024ea13068766111433b228ea20 |
| SHA256 | d43385f5141bfe2a3fec006d6d375b675852174f5becc876f626c6f21fe64dea |
| SHA512 | fea0abc7f8be01b22506db3b713e6c7545819852c320eda9ff1125e4d5e0c0b49eaf84ed12f1a43a3ceb3b71313bf26fe390e183ad3ab3fb73049ab1b2a18c9b |
C:\Users\Admin\AppData\Local\Temp\ewEA.exe
| MD5 | 5a98a3d4798eb804572c5b55d91b7bf3 |
| SHA1 | de1aa4d6ffc170990b865ec496a4837d381416b2 |
| SHA256 | 508d704d873be2d755b8936837c43b919e1d778e5f28ec9fc01fe76f39a35fdf |
| SHA512 | 87bb67f2bebc318634992b00b516185774e5d02fd0854f2bd2040a5f69b7822ddb879c082ed0adc1c2c1c04e1bf0c56e135be0109c9173690117af6be419d09d |
C:\Users\Admin\AppData\Local\Temp\yUcs.exe
| MD5 | d58b052e75caae93fad57618829a0d9b |
| SHA1 | 8b8c2e377701ef0bdc2f6791532913d117f4e933 |
| SHA256 | 5819e32cf91d838ad2ceb80d32282e0d7bdcce1e34a4b3f9b52454812477d8bd |
| SHA512 | e4cd8b6466bdf96e5bfa0dad8af5490cc434659b2a37b740bcd84adf08c10dca4edd08282cf6f859de688624fcae4ca6a5c03c10701981732984830b84f405b6 |