Analysis Overview
SHA256
8c2d37665861b2652b06805f38fedfcd44bac6fe889f0ce9997c3f13a43a5543
Threat Level: Known bad
The file 2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock was found to be: Known bad.
Malicious Activity Summary
Modifies visibility of file extensions in Explorer
UAC bypass
Renames multiple (84) files with added filename extension
Loads dropped DLL
Executes dropped EXE
Checks computer location settings
Reads user/profile data of web browsers
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Modifies registry key
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-10-16 18:00
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-16 18:00
Reported
2024-10-16 18:03
Platform
win7-20240903-en
Max time kernel
150s
Max time network
122s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\qukgwYcU\vWsMYMoY.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\qukgwYcU\vWsMYMoY.exe | N/A |
| N/A | N/A | C:\ProgramData\OGIcMUgM\hCEoYUkI.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\vWsMYMoY.exe = "C:\\Users\\Admin\\qukgwYcU\\vWsMYMoY.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\hCEoYUkI.exe = "C:\\ProgramData\\OGIcMUgM\\hCEoYUkI.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Windows\CurrentVersion\Run\vWsMYMoY.exe = "C:\\Users\\Admin\\qukgwYcU\\vWsMYMoY.exe" | C:\Users\Admin\qukgwYcU\vWsMYMoY.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\hCEoYUkI.exe = "C:\\ProgramData\\OGIcMUgM\\hCEoYUkI.exe" | C:\ProgramData\OGIcMUgM\hCEoYUkI.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico | C:\Users\Admin\qukgwYcU\vWsMYMoY.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\qukgwYcU\vWsMYMoY.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe"
C:\Users\Admin\qukgwYcU\vWsMYMoY.exe
"C:\Users\Admin\qukgwYcU\vWsMYMoY.exe"
C:\ProgramData\OGIcMUgM\hCEoYUkI.exe
"C:\ProgramData\OGIcMUgM\hCEoYUkI.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mcUcYIUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HAcUsYoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NeEsYkgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VowwEwYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nUMoAMUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ESoQMgEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mKAgUksk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\csQAoccc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YwIgEoEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nisEcsoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RmYEUYog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pYgwgIgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XqIgIAIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wgUIAswY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UKoEUIsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gsskAYYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WQsAEQoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OcYAIUIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PaosIIQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pCMsAIgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DkcAIQYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bYQsEgIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kkQgAQwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ssQogAIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cMIEgUEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GGMEUQAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nmIcsMoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VYIUccUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DOMIIsUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MaQIooQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aCEIooEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QIcgMQoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mycwoIME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kAEsEMUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FIoEYYAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rCcAwUoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BOgEAwcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TUwQAYYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eeQEAYIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wakIgAUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kQoIEgcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aSEAYAkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wcscQIkw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zIIwYYwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xksAAQsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fAsMsAYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RMEsAgcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gyAEMoYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qyUQgsUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sAccYgEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OCkgkEEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dqEEUsUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xCwEwAcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PwgAkUwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TcoMsMAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AAooYUow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wMgYYIgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OMYAsQwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WcUQkYkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XIYAsgcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PgQIwwks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tOUUEQsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZGEwkYEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZYkkQsQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AagkYcMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qCUYoUsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ocsoIUcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oKssckkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\csgEkMsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BCMAggQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tqUccogY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xgUgoIUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.169.14:80 | google.com | tcp |
| GB | 172.217.169.14:80 | google.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/1956-0-0x0000000000400000-0x000000000041F000-memory.dmp
\Users\Admin\qukgwYcU\vWsMYMoY.exe
| MD5 | 1ca76c5e79be9188ce89207b3545729b |
| SHA1 | ae0ba647ff3486ad7df54398541ae26def99c3a9 |
| SHA256 | ec8639127016e15450fcb215e0748712199907dca83aa446c1ca36b9443d29ba |
| SHA512 | 1dda78e2926e853faf8f369ac2fbaa17bcd84ef7dbcf47f906f99bb0ad82e7a38efc38de121efeff3413bf9f1ddf1a14492351c10efa5d9dc6729102e8d200d1 |
memory/1956-12-0x0000000000320000-0x000000000033D000-memory.dmp
memory/1956-11-0x0000000000320000-0x000000000033D000-memory.dmp
\ProgramData\OGIcMUgM\hCEoYUkI.exe
| MD5 | be9218952cd948af55f76661bb82f61b |
| SHA1 | 6a9837df14076c5c9f1d4bd57216b257f992cae4 |
| SHA256 | e9705e1dbf6ec27e63a4e181d3f49e82367e5023b103bb0d9064e56048e9d01e |
| SHA512 | 4d58f80609f46610479306410c80a59dc424ced77b700511613d314696add72da6545c938749704d58282a267f099014a6e78ab1a46cb58987a1c9f01ae10e49 |
C:\Users\Admin\AppData\Local\Temp\wuMoUQgs.bat
| MD5 | 5ce244f987f2eff580ec2b0ebc385c2f |
| SHA1 | ed587395dbac1b15b5e84f9df5c5a464d5aee339 |
| SHA256 | 5d58c9af29fce4cc7062d73736e11c72d95bd8f5d56dab8e59b9336b32b68dec |
| SHA512 | f2f6f3739a5891c114cfd25827629f538bc8a75f64cf673ef4c1544edc49083687491afeb157ed86c905429aa6182ee2604e1c2368c453e0ee17633c2ea3dbc9 |
memory/2356-26-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1956-22-0x0000000000320000-0x000000000033D000-memory.dmp
memory/1956-17-0x0000000000320000-0x000000000033D000-memory.dmp
memory/2548-16-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2164-34-0x00000000000B0000-0x00000000000CF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\mcUcYIUY.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
memory/1956-42-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\zwIgUQgI.bat
| MD5 | 53e4d3124b8a0e3ddabf88c13ec74a08 |
| SHA1 | 232125545bbdd49bbf501df82b87c8ae0eb863dd |
| SHA256 | a9df083637ca2bae6ba03c58de0be168192578fe4315e18eb2ceb6428fe5cf2f |
| SHA512 | ace856a75fe67d9975342f6d5cef7722def886bf9d6870998c96b3c486a10abe991f45b0a662f22e5a5af409315743cbf96073edf099e675fc44eecc523de2af |
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
| MD5 | d715f659c83f2b95e8a4ce1233822e94 |
| SHA1 | c2a5cedfe5e05fa74d17bc6c9665d27823c3650d |
| SHA256 | 8a3d3787c7a87042010865e1d0aff07486ed919cecf52b21746ab8c6ec7de94c |
| SHA512 | 1afe9f4713af2d2e0a509fcf2e727bc4fec2099291480d2edfa9f4e0853376d690a42d5c7af37232d21f21afa98d5e8ddc6c45fa8f2829e9eb6930792f92dde5 |
memory/1552-56-0x0000000000270000-0x000000000028F000-memory.dmp
memory/1552-55-0x0000000000270000-0x000000000028F000-memory.dmp
memory/2800-65-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nqkgMEsQ.bat
| MD5 | 44776a8f41ce696715a79043336cc591 |
| SHA1 | 93f9e30550161a47fc5eba1a9be35669213ed111 |
| SHA256 | dbc054d01efaa537ea4b57a1b5c3da1a56b159ed218ebab99a592de97a9b9e66 |
| SHA512 | 494f6674afe532eb7d66a5ae7cfdd82b1183a583fe969ed7375c7195f57f44dbd5350d066099b316872a314a8b9d788cecf7b05d18e72708400da625738e484a |
memory/2864-86-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\xqIAAoYE.bat
| MD5 | 2be510b529b009df2e2cccafdc11a935 |
| SHA1 | aaa0248c958d46bb29244eedb293d28765aa5fd7 |
| SHA256 | 190f1a02ef57d2b5a8caabc574ba73c3c823d615bf56c2edbb11d6d7e57841db |
| SHA512 | 7a0eef45fd1c21dea72adf4d83e62043e413cb1b617a940a7c711f6e674e46f73c03524498c58218ec454d57a5f7e40e5c763e50b005f110415c0b2e740016a7 |
memory/2072-99-0x0000000000270000-0x000000000028F000-memory.dmp
memory/292-108-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\XkgsAcAI.bat
| MD5 | b8ced1ab0f56db60904526823b40448f |
| SHA1 | 1693f5f6e52f87b8e695284946c55f818eb23f7b |
| SHA256 | 16d983ddedc1e148b5106efce91853d5b45a8cf06cb2949506a7ee4a8f8582a3 |
| SHA512 | 9fb626622e543e7b6060fe2ad470252eafa0ceeefe6c29fa2cd0fc5e9d59a243f78f781b23f725ed6056ef081c0dd9fd7e1befa7723b1a5ac899e38f6ac3c908 |
memory/1208-122-0x0000000000160000-0x000000000017F000-memory.dmp
memory/1208-121-0x0000000000160000-0x000000000017F000-memory.dmp
memory/448-131-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\okIIMkog.bat
| MD5 | 2789043679feb8745123fe5dd1901330 |
| SHA1 | 435263f48683b21010bbf8d0d64043f07e9d4bfd |
| SHA256 | d24a00855202102309e15839f46bf717083319be818a280326b84220c711e563 |
| SHA512 | ed206d07bc0d9b45df81e8584e1146597ab92e897fa3449753b488a9d99ec5d8410dfc9801d01b16f968c943bee0ccffb17b55009fbcea4424324b7909aa0946 |
memory/1420-152-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GYoowUIE.bat
| MD5 | 4074ff5f16c51d1d3bdc1750595907ee |
| SHA1 | a0dabb0bf6322c8614ea51a8c6130515611a5b01 |
| SHA256 | 743d6825da50660b59a3abe51aba736afc3ccd629d792c7f410ada75b71243fb |
| SHA512 | 25942ef463f359b1cd54a5a9677754bbf95a5ce5e0e61a13aadd2857a3f06bf5b8d64a92af231e864e6932d27ac199fd7c31c50cd722f5b4110ba17e6348fb24 |
memory/1744-173-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OYEMwUUc.bat
| MD5 | 15d672b545faab7cd003bc006b8b6ca8 |
| SHA1 | 352e6eaa4c1a8cc0f1ad0e26240fc3abc95961ea |
| SHA256 | 5ef739be40f9a90f45c10e7f85dfd45e02556aeec074ebe756d1fa2dc3029584 |
| SHA512 | 25a3eca5e52207be4e37e5a4002594a43c248034402e0ba59949b6335097d5ef7ce2862bc2b74278eb3c1b2f90e363bd4896a9f1a7aed19b4856180d19d48849 |
memory/2876-194-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\SCEkcsQA.bat
| MD5 | dca83fca3ea62c5a772e378f4202995b |
| SHA1 | 9f997ce0c4f4ba06ee80f634533fdd5210056e77 |
| SHA256 | 002afad1907f51a7897001b3f81c7b94b90d6ec47a0706bac2b1419627a1e1cd |
| SHA512 | 22ef512df3301cc677ebf1cde0019742ae0673fad4b7e27759e9d3c90cae852deb876a727acd6dbd47af08cefaac392ccdba791cd207d4cbb0f130d65b48c896 |
memory/1976-207-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2180-208-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2592-217-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\LEkEQQYs.bat
| MD5 | 155da8ed8df933cbffbcfbc0c8ed3370 |
| SHA1 | f82c00d065224383fb3fc6bfd648fdf8939d36f6 |
| SHA256 | 43a381bb1d8b3e194cf4f12d25da2a044d03930e8129629e2adbed7a997a5bdf |
| SHA512 | 7f02353ec91cc8e8203693588a466ad0f80b523da019abc310e050e608a76f27db7388c9bfb56db457c2219480d225d0409482ba821cf626cd2d9a5fb719c4d4 |
memory/1984-230-0x0000000000170000-0x000000000018F000-memory.dmp
memory/2180-239-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\xyUMMYQE.bat
| MD5 | 10b05a0d42204f0b49b3d55b037c151e |
| SHA1 | cc45f09ab422a110b4c22b0f54f3a9bc2fb080b3 |
| SHA256 | 01cb670120b818f6be8f2b31a0fa27a81e49905850a8b3a706483c0555d9ac51 |
| SHA512 | 01d5da08a23847a7eb65856a238ef023d279d41730123990e2d4bb0612f8e82a2836d82bd1f3136bc866bd67aaa604f7b6d398809bb5d998341783b8153df318 |
memory/1884-252-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1508-261-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TYogwcEE.bat
| MD5 | 653cb791f29ab4effd9802d1f5297ffc |
| SHA1 | e7382a27dfce42b22cb27fcdd4adb69be39c6611 |
| SHA256 | cb9c6fc03021bd26842e069d39dcbeef47b7e96e5b0ce1ff02f9c2c62cad9e3e |
| SHA512 | abd2287fb7a559528ff3277c45ded372697d3d5647dad000d25ffcb0dbdbffa3baa00600938abbd46fe5355ac1f39d6253f1191dd9b3b752d5527771dbbeb37a |
memory/1048-274-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2072-283-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\HQYYMkcc.bat
| MD5 | 2a45540784605a96ece612210c2e1e30 |
| SHA1 | 09f18c7ffed246aeb5e70b6e79bbdb2ca73ea070 |
| SHA256 | 986ac5356d9f9dccad8903743a24a2cb502323f35b42b2a7ed80b0ebba05b3eb |
| SHA512 | 535b044a215c84eb4e1b9435914cd0a66accaa85dc463676460078e39a9f330aaa7c4ecb41118eb93465cd4d2f9721bb69eb4fc1499823dc2ef41433a49da60b |
memory/2836-296-0x00000000000F0000-0x000000000010F000-memory.dmp
memory/1488-305-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\xiwsoEss.bat
| MD5 | a8ed44ef361b51cc913bb3e00e4726d6 |
| SHA1 | 79edc8be6ddbd7b037399e1df839237888f2a29c |
| SHA256 | 7e8721bd7328e6aba1c7d83f585fd81ae37777d632845351db8a790628825977 |
| SHA512 | 66fe95b35862cc8f4271468891cac2f03cd1be85cb851c04ad8ebb9075fcd1a3e864f33653b81c0862a024ae35a30f34476edb90a3a1c4e8e248610f1468f561 |
memory/2132-326-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qYMcsQEc.bat
| MD5 | 5a8f7d77db2bf412398ec5349a1c4956 |
| SHA1 | 33e86b4b0c2a7ba6fa41e7f5caedf210d99862a6 |
| SHA256 | 89623a2dd0063a627f04a663b95e098daf70aca54aff9779c4ece04755def8e8 |
| SHA512 | 6e9743d7f07c9ced3a0071100a2c3ae2e194de7c8c564ef002ee7845668b14f65be2d9d79db3cc651c93d63f466841291c5459e1eb692a903077cb9c6e9868aa |
memory/2164-340-0x00000000000B0000-0x00000000000CF000-memory.dmp
memory/2164-339-0x00000000000B0000-0x00000000000CF000-memory.dmp
memory/584-349-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ogIMkIQE.bat
| MD5 | 99f22a5a0eea9a2fd5236d53c089b4cd |
| SHA1 | 1cd42cb2346fb9766a98b1f159f1548effd820f0 |
| SHA256 | 56f0ef2ceda3e69202e181f834db7dcb556e30ccc98e0bac1c2575b049ca5519 |
| SHA512 | f2ba26517e0e01a77d3814b0c58aec38550e9d3dc7347962175d991876f0390edf3a8164b5e1d3d5b39d31bf43cbc267e1bfb4f33850d366976d2f34e36f8790 |
memory/1700-362-0x00000000000B0000-0x00000000000CF000-memory.dmp
memory/2592-371-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\iSQIEIws.bat
| MD5 | 64720af8c8671577fe087d3d037dd859 |
| SHA1 | 03fab5cc49f6409599342ae1ff3922cd61cdfca3 |
| SHA256 | 903782f46b6d433caa0845bc6f6d00499fa0aa77659f928cfa0c57eb091d2228 |
| SHA512 | 6c5150a78ee062a8313776e515aca49e9082faa1cd11e2070eae58bb1e60c5d7249415c99d963d53d4c2856b9963e8106855be95c271431a20270fdfe0f312a3 |
memory/2424-385-0x0000000000160000-0x000000000017F000-memory.dmp
memory/2424-384-0x0000000000160000-0x000000000017F000-memory.dmp
memory/2864-394-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\osUkIYYk.bat
| MD5 | 1f4c25f669035461837890b8ce1ea209 |
| SHA1 | 9d73021df81e0bef0b6e80afacbe4eb857a72401 |
| SHA256 | 11f11a2a718dfc4c03346a72a01bec81f8bd26cffe7f7c32d65d7c6b405be418 |
| SHA512 | b689c0157fc95bb4e7638e493167598ca056b9805b67b1bb133d4e92c558063d20a5b2291a2c52f5fb4f1b5392ad2e0c8dbd23fcb2c4dc9870d5e6a91bf38c67 |
memory/2884-407-0x0000000002240000-0x000000000225F000-memory.dmp
memory/1996-416-0x0000000000400000-0x000000000041F000-memory.dmp
\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe
| MD5 | 9d10f99a6712e28f8acd5641e3a7ea6b |
| SHA1 | 835e982347db919a681ba12f3891f62152e50f0d |
| SHA256 | 70964a0ed9011ea94044e15fa77edd9cf535cc79ed8e03a3721ff007e69595cc |
| SHA512 | 2141ee5c07aa3e038360013e3f40969e248bed05022d161b992df61f21934c5574ed9d3094ffd5245f5afd84815b24f80bda30055cf4d374f9c6254e842f6bd5 |
\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe
| MD5 | 4d92f518527353c0db88a70fddcfd390 |
| SHA1 | c4baffc19e7d1f0e0ebf73bab86a491c1d152f98 |
| SHA256 | 97e6f3fc1a9163f10b6502509d55bf75ee893967fb35f318954797e8ab4d4d9c |
| SHA512 | 05a8136ccc45ef73cd5c70ee0ef204d9d2b48b950e938494b6d1a61dfba37527c9600382321d1c031dc74e4cf3e16f001ae0f8cd64d76d765f5509ce8dc76452 |
C:\Users\Admin\AppData\Local\Temp\TKsMQYsc.bat
| MD5 | 63d8c04b66967654236b919eda85fa2b |
| SHA1 | a8830620d6234739e71f9feba177a7c11c2463ca |
| SHA256 | 53c464fb8f92ea058f909e45f06d9bf3d889e1b13a343e31b7aaa1cf9bf7c888 |
| SHA512 | f5e5cbf26d02a8ffc535bee86207923120a7632508c3e03e22428d8ce6396cdc5dce4660b5d7d57635c012e6406d56feb4df69ff66be9879a9c5a6fe1ed12ca0 |
memory/2916-435-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2780-434-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2780-433-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1492-456-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\soYQ.exe
| MD5 | d6fe6c8642ea4372620ffc565ba5a050 |
| SHA1 | 40eafb88e6a7c00171c89057ea12e56971f411c0 |
| SHA256 | 489feaa60f497655c738346accac6cb705611ec8f13e0e50e9c65738e41fb64c |
| SHA512 | b841580b351b5fc49de72f457d1e5dfc480cb12a289ed242304a2c30237d5fb90ca2c672a16d3625f25e179b3e7024ca3c0431235028367512cb7784ffd5ab37 |
C:\Users\Admin\AppData\Local\Temp\XsUooIIM.bat
| MD5 | d167d5c821e0945904ff20b876dd0f33 |
| SHA1 | 5c98fc07810d5c8af535bed044ff36ac9979ccd4 |
| SHA256 | 0df7f4e395fd6664fa45fef5aca963e27012e057b92f33728277144e9d9addad |
| SHA512 | d86c814907d138c4cf8e0a0ed9d10471f902c2910907d5f1cced29f65209c143c929d3c36acad561b5401ee0c56738791d9daeaa87916eb60b3da4b1ff097b48 |
memory/2912-468-0x00000000000F0000-0x000000000010F000-memory.dmp
memory/2912-467-0x00000000000F0000-0x000000000010F000-memory.dmp
memory/2916-477-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kscG.exe
| MD5 | 76b4e40a54ef0524adab9b2e0d399d1d |
| SHA1 | 87352521400d4c1876324684d88cadc4d9922019 |
| SHA256 | 896a667f7bb70f79c41c0aacde4c8c8288c834a56c934d54706cb7a2e6f06a54 |
| SHA512 | 0a8a85d9e6532f22056b62db1668758c57b6a99e2675b9900c7742f46f241d140eca1e1750b4690df18091a06c14291eb251ceb005d3a86ee774cc8b8a6a3a61 |
C:\Users\Admin\AppData\Local\Temp\ggsw.exe
| MD5 | 1cbb94a71472c69c9c2ead16c6d02c14 |
| SHA1 | ae1ff0299ac7360089e8563302f207e9a05ebf1e |
| SHA256 | c9655467cd1765e44dedbcca149745058207ee2184ce860aa6261a701f3e4be7 |
| SHA512 | 27e623f76664f184a672cdc5695506e6a659be5e108e730fb31d34b096cf228085b64f544b6de416c44294285e7f13abe8a5683806601810e8dd5bd27261bc67 |
C:\Users\Admin\AppData\Local\Temp\sooi.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
C:\Users\Admin\AppData\Local\Temp\eUoM.exe
| MD5 | 09f31a31fffa1d4f71f60d2541f6ad9a |
| SHA1 | adf608a53bf5f41b0af85db5664539fa34fb2a41 |
| SHA256 | 26d2275323379c99ed1e02510993e873edd95d38aea4baa2874a97e2a604c48a |
| SHA512 | f861a1669c308112977c95197da65a23101e9f81e049157f1375dc8a056ac6125f77017f03bb010f44199f49dbaeec9624e45d0671ac82d19f2076c3dbdd1d8d |
C:\Users\Admin\AppData\Local\Temp\RWkgEEEY.bat
| MD5 | 463d4ff8dcb2e3805a9105f0c1fd3b63 |
| SHA1 | ecb08afc35aa17eb021da7a441ce63386a7811bc |
| SHA256 | 8e3aed3902346ba49364792aa5050522693a438b8ca26c67de21299515cb6def |
| SHA512 | 3a7787f5fec1117c631e76d05050ad41ae3dbc5b7b105a1221d8b2e6851bc22dbac6da74810051d1d3458bae1e65a49c1bb097e0afe8051f5a0e1719abe56ddd |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe
| MD5 | 94d907b1c6d375f211882d374f1628ec |
| SHA1 | a68af0f5e44bbc540b166e83fd3a32c62a2415ad |
| SHA256 | 08ebe2d6cf1ea2fa1c5959147eafec9042b642c360f7d45aab98aa1e0cc13e7f |
| SHA512 | 4d4bf6141add5a191da03591a459a7bac6f941dc16b3bbf4f1df5a4acb6b68f217b6be1f60bb01db5f896ef624108a2f1eda2bbaefdacf51efa08f427ae2b21e |
C:\Users\Admin\AppData\Local\Temp\EIwa.exe
| MD5 | 2f5fd9661e62c9191cfa8901eda67208 |
| SHA1 | 36bb7a79f51b75ea84a4f48bba8639ce57cd6966 |
| SHA256 | 943438848574c30c3595217dfcb84da2d8a74cb08b74760bf7c174c6529b82d3 |
| SHA512 | e3b02a19e70ade2d47e2369637093cf50f4f73a25d452ec16b64cf7bfcac6d86809c1d743fed79f25fc149a380ff2e846bf00f3d6cafe8882d11d16fcedb6d65 |
C:\Users\Admin\AppData\Local\Temp\cwgo.exe
| MD5 | ea23e0105d600db7e915c76292ecfeac |
| SHA1 | 3c0b73d14cc1264531690630b47eab7492a5afc5 |
| SHA256 | 0a8a19500292d2e442268ec2043e79bcd21b264d86ab3809dff0b209d815fe98 |
| SHA512 | d13bcf26b82fa89dfe049c8d1bc1b9567b440eba5a188a3ad2db8707f415d433f1f64e55f4c13f9f8a6451359ba73081758b9a3c5e3ecd24969507545b95f85e |
memory/3028-560-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\UswK.exe
| MD5 | 3b2e1e3c802155bcaecef02d935cbe21 |
| SHA1 | b15cdcd39d69162e486ae4ef74ea7da507b81552 |
| SHA256 | 9348bf1f889702c55e92b3105eda628f967b08248daea889deb0d338c5526177 |
| SHA512 | 8c00ccd8ef57c5f6298049bb58b9254db053bc5cf3cf1f3a2be6f1ea1f441857106f38c38f284901dbb60acbda71aafe71101344a72b949034751ccc559fc960 |
C:\Users\Admin\AppData\Local\Temp\CUEW.exe
| MD5 | 06e7d62aefa6a65157fffd42dd42e958 |
| SHA1 | 574405d2042a4d737de5ecc6177b1742e82133b8 |
| SHA256 | 06118d88d0fa5fcde2fff028559a53a743c00cff4d4b0f7deace5e8502c434b6 |
| SHA512 | 7795281ee61583f68a314cb20a0541793951f35f4c11cc32bfd3ea4ff1ad10826766ddb5a8105ef5a5bc098e4cbdc3c5ff566ef3fc7b6b0222c7f460735e3c7c |
C:\Users\Admin\AppData\Local\Temp\KMoY.exe
| MD5 | 01411d77038a9611adb44e2888897b1d |
| SHA1 | 2ffad892a9ff057f15db17954dfed65bcb48053d |
| SHA256 | a44d12e7301baa2c1302bf6b10c096c1e993f51813ea75d9a79a915734fcb2ed |
| SHA512 | 3256ba0339064bc76fb91cf8a19734ee323685c21ae3c757103980890e4d2d2adfd862b9b567e150a8448a31a23850bddc304279665aa28d181bbffa6a9e57b3 |
C:\Users\Admin\AppData\Local\Temp\scIY.exe
| MD5 | 7343da80d5358171b12e236e566a9abe |
| SHA1 | ae18f1287dcef06a9a5189bf82e6abc4136ecfe0 |
| SHA256 | 26d26c01655305953c2d08e5cb5835c6704504a3ff269f632ffbf56c39e4e854 |
| SHA512 | 2b949773a4b874dae5545f545245e15c2f2d697bd4068f257855ed47fbef5e267244f6fd6fec676d96682f00a4a458b8d5eb981f17aebc0dda1cd8b7a4077a17 |
C:\Users\Admin\AppData\Local\Temp\zEQMwEcI.bat
| MD5 | eaa700f29134f159843245638a53f422 |
| SHA1 | a821b600210d0ca3dc5162ce99569481d5fe6a1f |
| SHA256 | b56f972d539f929ee19ed32c01def2e07bd77a2569789ceef01522222e0cebf0 |
| SHA512 | 3b3b23dbeb62ee2a33a6fffd35f39c42f6ea45a84af8515875bad3f7b5a3e06b7f25ce5782a174f1d623f635f5c55a7f3d34d2deef8c9d7455127c4d764e9540 |
C:\Users\Admin\AppData\Local\Temp\QQgU.exe
| MD5 | e07ebc223329c038ca96982bc05bae10 |
| SHA1 | 8fcc26db0c34fbfcf7b3b64baa8d88a9dd377083 |
| SHA256 | 2272f9d872b47e95af171830309531f2350c252298d5cbea5966a2ec1a842c87 |
| SHA512 | 2a35d59ece198a6758ff29ec403c46f3153123016478c7eefe8a63d60db84e2c3e90613357f73a369a0b2c44340957836cdf1866ca68c107752f35205f87fec5 |
C:\Users\Admin\AppData\Local\Temp\uIMg.exe
| MD5 | fea71e130bee9ad3c0c2e04ec0099061 |
| SHA1 | b0f2a6aba5ce4f16ea91804f34ae40f66b957c47 |
| SHA256 | ebc291c09d55ac9f6bdd8e7921c6b828fd39f7227747cf91a2713eb353618ce8 |
| SHA512 | d1b4e38ff0be34ff037f2ce8116f2543147583bccbe1e22a411f86636d2accb0acfd9ed2c72bb8280431d0cd40d417ab4d75e1c84098747ab3fd4eba5f1b5f89 |
memory/2072-661-0x00000000002F0000-0x000000000030F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cIUq.exe
| MD5 | e0e5204d76b1b5a76d84ef62d18445f3 |
| SHA1 | 2f1a54b674758aac2efd2fa0cbe72436a890ea8b |
| SHA256 | caa9623664a49ed0e5b18fbe538d121063a92562ae7b5ab336f1e2407ac1a1d6 |
| SHA512 | 425c3743d79c29b2922d6692d185096e9d67dc597f8ca9c716a124489cb21db20be4ca9b6a88210562c765663dae78606096738f8643b9b2040ca242da1eeffa |
memory/2192-673-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\yUwg.exe
| MD5 | a3f24d37e9aea4e312ee0ab93d7088b2 |
| SHA1 | b6335c2ae46a985308db98bd3bfba962311d9e8f |
| SHA256 | 006cf7f0d2d05a7d8a85585bdb5377af89efdc48b8f02ed3a9098e1e540e0670 |
| SHA512 | 28a504ed07eeefee92bce46015bef1773eebc1c6be32b40529454de1c31d44d099a5b45046233be25550b273df36ca65518def1cdbc3a6937f0d1adadcbef4fd |
C:\Users\Admin\AppData\Local\Temp\OAIQ.exe
| MD5 | 18b8d7abbea2c191f49a8e10d3634ef5 |
| SHA1 | 14fc7e333576f3f739cda3b2d18adbc39e746620 |
| SHA256 | 28dec85fedfa698785abba8d11fc8dd5a014ffe83173bb6955d816c7003c44e7 |
| SHA512 | 0bf5f148442e52038116eca670333fec01d9d4e3ccc52e6d5a2cc1e5e2b5d8b56be9f1c3d8a19df9091fa952e979a5fbcc67a97a70b005f012611faabfb3fd1d |
C:\Users\Admin\AppData\Local\Temp\gQIq.exe
| MD5 | 2fc9eef1f112dd7f2424242739b26947 |
| SHA1 | a9e70c1c689a1ce426ca652e04119f5d4f6f7d32 |
| SHA256 | c9c5aa8e86c2c99aad0eeb8d3374aaa2ae82428ddb1e539064380464b9c6f3bd |
| SHA512 | be13c0125b58eebaedad214e009e9b875bf2423b6494ad3dc77d851bee4e855eac8f20b0dcbf4530863f500e9c419e2cb03a4f7d8e7cb18f05954a4d815ba6d9 |
C:\Users\Admin\AppData\Local\Temp\iosu.exe
| MD5 | 887430cfc66c7d9b88862ae9e0ce01c3 |
| SHA1 | b07545d994f23c5f719ed92625ad0cb02c471224 |
| SHA256 | febc725351ff62d0a1c815e87856f74d560c55f166c1bc2fa46e1af0bed04a3f |
| SHA512 | 5bccd5fbe7c34eda56a0e4f40608b106644b6a0b77bc2f68433fbb67784ae7b4e6b57d1f6ca2dcbbdf9bbeb744c1d9ca966d4718e2e2b67f52ddc5e089daf6be |
C:\Users\Admin\AppData\Local\Temp\uwsM.exe
| MD5 | f630ad77ea6462aaa1461c7900857a2c |
| SHA1 | b3c419414b0155f498015a853e56ba1a37cd1bec |
| SHA256 | fa468b694e49c83a84aab6930231135474cc5d7670cd2a39210cd6b995b11c65 |
| SHA512 | ea5cf16134fec06a0857a0b91288b4ab5c2e0d426ecc1f8f7070ca22719b7c99af17c58baac5553b7248757d3f08f0b66ee31fa5bb51c3e67b188da081f2a7ba |
C:\Users\Admin\AppData\Local\Temp\sUQA.exe
| MD5 | f9a3c84c4d91b978ac8dbbbe045a49d6 |
| SHA1 | dbd75b6914fe9b0113e3fe42a153675b8bcb2b4f |
| SHA256 | 10b6e684213d6a35153ee80f0942934abe64369a47eff2ae0d3f6c2b8368ecf7 |
| SHA512 | 037c94c7e13c05e474b3763bc8fe6c575ac0a95515f25bb471e615a2f0f5056ca4c17772f5b349c048bffdb6a8e5ac957e3eb1320d0afa0fb93b0da6066f27bd |
C:\Users\Admin\AppData\Local\Temp\siQIEkwQ.bat
| MD5 | 385ef899e3cd01220b6da6dea3514111 |
| SHA1 | bcebcc21adf8db7c5aa0ce55373c6704ad8bb0ec |
| SHA256 | a33788b4680f4bf808d1e3ed01a9b272ec27204c54eeeca8ad168b069cdedd08 |
| SHA512 | 0150b4046f90d6a64dec88473435c7b9dc082b64cbd16941c317cf022c529c86307213b13b8acff14899d7a1153860d999b886f253d4b3446b7aac2511fe1b8a |
C:\Users\Admin\AppData\Local\Temp\iYAM.exe
| MD5 | 9e6bbb3acff6375187dd4e63adc9f752 |
| SHA1 | d08883b3a1765e397b9cd1e1c78b51d09f97860c |
| SHA256 | 36ea8466c39a873dddd328566b00573513a19e16ef08f6a1f27ae954d2ebcfcb |
| SHA512 | eba86112b1ea164b0a50d4404e2374cd93c37340fdf86bbc6c1f7599959f67fcfd5ed0f914b20abacbeeddd44cafbdd7e90d5a6d0147994beffa502aaf76f6d1 |
memory/2504-784-0x0000000000370000-0x000000000038F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CUco.exe
| MD5 | 3de5443824ecb6a6670e6f26c9cab997 |
| SHA1 | 7376fdea424d53804e054c9e9565bfd7013a5de4 |
| SHA256 | 74ff113b7891aab174ceafa69190433da24bf73ff1e31a5ad7c267efab01c9b0 |
| SHA512 | 803b085f0e6b114b3f7fb0cfbe8dc5ee0f92a9e32d4d7783ff1ac3ecb4811a8790383fcd001c71696d5bce5242b6abec441c9f982c0526a1aeb7913b8a3ff60a |
memory/2712-806-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\aMou.exe
| MD5 | 2b5cc92b627456cf8f2725c73c4b857b |
| SHA1 | 143fd99dc165cd55676b5e59d135e8a37604b0c3 |
| SHA256 | 9a4919ed420ee73a1ca675cac1d206488308af57677b98c28b9c59286902cf0a |
| SHA512 | 06d5b8ac7349b00c6ce8f267300956464374601ef9a0a0bdfcba51e3da550bab3a50061544e6bf3964dc2f628e5007c01ac61fc287cce68e60f7c8f15379a10c |
C:\Users\Admin\AppData\Local\Temp\IEsE.exe
| MD5 | c50a301bbf568f502f710412c38feae3 |
| SHA1 | c80d84f2e9e0831fbd2e6c136b40c3930e0aa64a |
| SHA256 | 95ace2b9fbd1f02ba367c1d88e6b1b90e5594c6c7e3af0678d03ce75abd324bf |
| SHA512 | 2ea143193afa8b00f7d0f7794ad46d0004223da2559f18cd95bd578cb6c71276981a5f71a010d2794713419246dd018be6eb5cdba42608d9916838331ba53d92 |
C:\Users\Admin\AppData\Local\Temp\sYsy.exe
| MD5 | fe853106e3a85e35840987ec4c114bb0 |
| SHA1 | 425764ff6e99237c5f9deb4af5cdc800300e2ddb |
| SHA256 | 224f1a331fea128cd83f2bb19e288241de032198f2acc1ea5d3039894a367975 |
| SHA512 | dc12851ea9347b3a099ea4f60c4a22acfdf85af7daaae398f2ec12bebcd444486879ca8a8ea3972586ac29c2938b15a726018ff7520bfb0804c9c395cd10c11d |
C:\Users\Admin\AppData\Local\Temp\aUwk.exe
| MD5 | 6befb91b6b3d352bd8b186e601cb6fc5 |
| SHA1 | 0efb6693097e030173d2642f3d49389f8822ca3b |
| SHA256 | f32d4712937b9d5ec88f6c67d8f3ef1697b70aa951914e437155314d671ea2d0 |
| SHA512 | 36ad341def591862063de76b8f81825e5be39b44ecf7748502ccbf0bba88eee1ba369dfe722dc86df1958827c29351f799893a7117e6e29fc835640b2624b1fd |
C:\Users\Admin\AppData\Local\Temp\sgES.exe
| MD5 | 3455cc8ce90df069997dd67fbe97a617 |
| SHA1 | bbe83a43e2426679f11da2e743dbac431701eec6 |
| SHA256 | bd6e9311878a048c1f099c6a743dd78941bf8a767e77ac274b7522f6793854ea |
| SHA512 | a67354908e6415fc216371e8884400e801bfec87957a43b86f7fffbd70cfa2e147ce717a87b2af822995e4bfc6ce11cf237da5ea667dcf456e07d5ca63e612d9 |
C:\Users\Admin\AppData\Local\Temp\sCYkwkUY.bat
| MD5 | 9e3caa918d6ad92aa448792dc951d608 |
| SHA1 | cf5899780615398ad37aaa64ff202bff7595ca94 |
| SHA256 | 9fb68fab40b8a2de1ebf274a337dac834b28dec4fa898a96e578f2f6f3eefeb1 |
| SHA512 | bc8257f259a4f8cf04819748a97ddc4fb6c335d88f10ba87e9f5c57364a9d09bce7f24bc005bed46e381cefcdef0f7aa819f4f0dea2e7e302c536f607ae664e8 |
memory/2784-893-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uQQk.exe
| MD5 | 378ec6e227ffa633b64154a887460300 |
| SHA1 | 194e9aee08fe64221fb297c1005a484c05dd2e97 |
| SHA256 | 4cd25fa1155b0367360117671c497833e118d5c733e973b932f3e38d40858863 |
| SHA512 | 596eba4d8855bd2e088cb2497165642ee8314e0e02f3035e81f00eb26ee5bb0a21c450bcf65e1fcd5ddbbd1638fd54844fc3f2227f7165139b026c7747aa050d |
memory/2168-915-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OgsM.exe
| MD5 | 17a084480a25186ca8b93a7d24b6cfa6 |
| SHA1 | 3f06c91246cb451f3872d1c8575138a27cab09b2 |
| SHA256 | 012fbb9e69cd3480186214ce231bcf60b44012cbd08bd435e694c97400942006 |
| SHA512 | e74caa194eed312dd8714ae16dc19cc6501d408ba0cbf6fddbd1f72e955ae8d7002b784e7ff9583c52d56b99cb36f22de6259fe001ac96ec77466de515915b99 |
C:\Users\Admin\AppData\Local\Temp\UoEO.exe
| MD5 | c5fb7e6c8f8e1e58e16b42084528cd6d |
| SHA1 | 7b7e2a41d5f950c2ba8df7b4014881077794bd43 |
| SHA256 | 131a5ced1e8371833b74b7fba6465a2bfb404669228a2bd49d1c06c74a3ec617 |
| SHA512 | b3505cb8941b7493e2456ff03275dc46e168d2eed9ac4d17031c4d2c249878d38fa49e719e9af5e8a7dd86484c623aba9f67820b0353dd6df5888a8eb3414892 |
C:\Users\Admin\AppData\Local\Temp\wcUY.exe
| MD5 | cbd8bc562b9aa940ad7f30900bd4ed5b |
| SHA1 | f85c8acaa1eb698d2e40b4d623a252cb5168cb83 |
| SHA256 | 50266949e93d6001a210bae69d204480cd6baf0a27a70ed27541282270cb816c |
| SHA512 | 99c0d1084515c878d4e206038f21c8915a9ad729dbbfd3f7ccbf07a7dfc7611cfdc6dac1108f296dcd5cd502291b10232efb30505ab25ec897b57fb0cfb1dc32 |
C:\Users\Admin\AppData\Local\Temp\mcQI.exe
| MD5 | c0e94bd83d731c82cd4286f75327f86c |
| SHA1 | 32aba0784ed81b34e1bb28c97be3e0faefadc592 |
| SHA256 | f9228197d7da69605292a1d1398bbd5b9678259021f4f910c73b08c947f6a723 |
| SHA512 | 406b4fd9e9f16406aec17517ea18459959a1dc79bb0b9bd572a6eec7af8e57e7051f0bbec4d83101a83d9396e921423d733b7da46ba1a0b575fcd2ad773c4fb5 |
C:\Users\Admin\AppData\Local\Temp\AgUi.exe
| MD5 | a15e578b57e70dbc6ea1e4604aa92bc8 |
| SHA1 | ebc075df8fa49e2b90296f2d5ac0db7349f719a5 |
| SHA256 | 82066e4a9a7791f9ec0b40fdb8da367ec99429c6f963fad22659c0a20b0ac7a3 |
| SHA512 | 0803deb4a97f55841d0264c65a32e439fe5613077cdaeb36b594ae6caedb87058f54a0b6a888fd14be24389bd5ffa81f2feb089fe663d284974e5f2a0c6e849c |
C:\Users\Admin\AppData\Local\Temp\OOocAUwk.bat
| MD5 | 6cef1f286271923d4e4852e87514d11a |
| SHA1 | 271559b3182533480e5cb79005f9b5c80b20b332 |
| SHA256 | 010f6ca01e3c1be499fb8ee6dcf04116501f8caf3c6b6cca3e7e877204d4cb72 |
| SHA512 | 0e37f7104fa0d189323beb6a488ec16f5238b8ddfdf2380d78a0d28e5b842e735d1c59986037384ef14d0fdf2409530406bff150a9bebda3fe079cbca3f54d0d |
memory/2432-1015-0x0000000002250000-0x000000000226F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CIQq.exe
| MD5 | 3f13983701ef7c10a6f7c4420632317b |
| SHA1 | dccff6e458979126610f697ef3a588edf3f7cf6f |
| SHA256 | 4d9c5da7a2545ab4ea290c59fbeeba8142352a585eae6f37ca6aaab7055e7042 |
| SHA512 | 3c602bc0d1bcade5364050d8e42ccf431667b472ba32d6a466e9db2eb19aaa25b35f3b7f5885d9ba4e4216f98090676804b87bd9cbe074fdd236ac8946ee1728 |
memory/2108-1024-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\SkkA.exe
| MD5 | e3c80fa2e905b271c1d423f4d9416e51 |
| SHA1 | 3544f1a8ad6522e45d20158e3997237575525e4b |
| SHA256 | f68a18241a2de184c90ce2ff398de0cb00caad36bdae9337026a67d5733ab84c |
| SHA512 | 18614bfe7d6a0798dfbb7a9b15715d9ea9adb43a54d776ac2b1141174113c2a4f8dbc9ce83bb331b81f23a2d76e5cd187f6f5efeb49f2eaa4c4cc6cc265149e4 |
C:\Users\Admin\AppData\Local\Temp\KIEU.exe
| MD5 | 89abf3cc5e0677681ccf78110a65162c |
| SHA1 | 8fe1a0edf33bb5117060e3513ed5de19bdf296b5 |
| SHA256 | a43186b9387d0dd3c926d70201b0fbee79a36a8b74c235ca5fcb9b221d894b71 |
| SHA512 | 29853f7a2a4596c560da529154185490dd4f4dd6d5a31da57e1131bd78aeb4ed0514323589bd0f6574a899a6a19a0a4171e6bb418be1c1ab5865d0f3fb27545d |
C:\Users\Admin\AppData\Local\Temp\UMoy.exe
| MD5 | fe5561631eeec17057de18a2c1015c7a |
| SHA1 | 205882d6b40ca8cb46ddc1f9e62666f26a9e8723 |
| SHA256 | faae7004efa33bf7a9f909823ecc5fe0a5865780fbc140cb7d0a3482ac66291a |
| SHA512 | 6a4e3f8d06e9f7d57d50edc1e549d566ef4b8a46500802cd03bdd5f2657b1fbea8d6ef9eb75930df41e0a35170672f74dcfec4cc4a4844f4f204fdb75b1caacb |
C:\Users\Admin\AppData\Local\Temp\aQgS.exe
| MD5 | a3ac2e7e49f34df57f7b39fd2135ffbd |
| SHA1 | 4ab58804ff00d4189c15356f42fd36b537832f0f |
| SHA256 | 5114d683cf50dd66880655cc248ecf7f9755a82eed9af4a6b9ae84f7568a6a6b |
| SHA512 | 7195ca3c696ad2ae11b5189c49d37b959435021ee65b9c8b9724432d5c8cee937385fdc0e70c646717226d18e6065651bdb3c89d4a52669c21994435a936a1d7 |
C:\Users\Admin\AppData\Local\Temp\sKIYwAwo.bat
| MD5 | 3b3a1826d513ad8c71f98ee2f5bd84af |
| SHA1 | 4d6e74a46e304b9ae0a279d599830d00a4090f40 |
| SHA256 | 3af30f2f22d39c958517ffc343c63f48bfad81ec7ae9a8897625e3a65f810897 |
| SHA512 | 976c9251e736b675c4681eb1e3e2c3a6d1b69b83a3d810a7d9f7f83a719ba82c80b60d3a5be2d5ce10e74c64c158314513e3605d8a87c014c872b5517a3bee49 |
memory/2572-1095-0x0000000000170000-0x000000000018F000-memory.dmp
memory/2572-1096-0x0000000000170000-0x000000000018F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cogi.exe
| MD5 | c790ba31a79295ee5465018f9180b75f |
| SHA1 | 903a852c3114b598750a20965a34ecdb01d443be |
| SHA256 | d5f5ee9e6b906e20240b9bb24451319f606f5e256b24cc834d313dbd630f77d0 |
| SHA512 | 503f6642f8aac2037dd8b7067d5577bd1bee489b01f0074d6e354594ae7d6a1e57414d86685dd0b07a4efefaef7b7ee899922e83adaf5997aef9b3b15dda316d |
C:\Users\Admin\AppData\Local\Temp\eIUI.exe
| MD5 | 41c2fe23db8fbfdea39403c782c29386 |
| SHA1 | c458547dcb6fc0d03b104b1c4411d6765ad6e9f5 |
| SHA256 | 664a718d0bc3032179dd1d0499c9157d8d3b55ab8ac960442b9fb0a4915d792e |
| SHA512 | 22fec7119c33d768bad9626bbf77a8a6337c52f08dd8d9b077b53d2c5db32f39e3705d73ebb93ff754440c7f977fc579be20e6a1fd3a9b01b8ed42947ff82d87 |
memory/332-1122-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WIgQ.exe
| MD5 | e7ce71fe0ed44172390fe2f81bdc912f |
| SHA1 | 2320c79dceb994af7a72d697f19501ff2abc56d4 |
| SHA256 | 76f0db1776db54f1d182123caed53d89d39cbaffa7524116728231e7da3325cf |
| SHA512 | 32265c39b803495c680b20752ca900b25ab1d48b4cb0e722c680b9a32c0f881d9213e74ff6f8de4f5fb40b04603279f43399830c184b295b3820ddafdeff0c7f |
C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
| MD5 | e9094ee8eebaf954b8b618808c99d2f2 |
| SHA1 | 47c18cb694b4a3c03b6253d827f62c69a2b0ed5f |
| SHA256 | 523c5d9d20ed9048e13a7173877a3ff38dc69f462ec0fb4833039143f0338003 |
| SHA512 | fd7fddfeff3dc53a395c73cff10a35753393606ae113acc0ed9609b8dc73c3cdf2bf2d3701074fd4bfa683b35378ec0e7b85ff59fb88061941409e30b41ea956 |
C:\Users\Admin\AppData\Local\Temp\vEgYggYg.bat
| MD5 | eb657c3f3971a65c0ead2b8b40c41efa |
| SHA1 | e61ebf59d76a96bc4d58a89d00b87f2a06e805b5 |
| SHA256 | 3777892e67952c727ff2d744ebd1bbc3f414a3134dce3de936cdbf121791c909 |
| SHA512 | d1505b785e85e54faa768bd198e82be354a30cdca1dfbcc8b5846694b0a73f51ede45a671b0baa70aeec3bed79f8f2ce96887ab18eeef9f327727ad72ffaec81 |
C:\Users\Admin\AppData\Local\Temp\uUwE.exe
| MD5 | a92d49f203f366282fc3aac4962fabf0 |
| SHA1 | fbb6ca96eaa8864ca7833af7f28b31576f5e6afd |
| SHA256 | 07be11a63173df1ee8a4ed0833f6227168c4d2e12fc9f4e53a1d4f95b9b71fba |
| SHA512 | a9657e816d3ed7085f9ff1292d809481b112074227116afe186c562ade13423f130b20a027ee73a94414568e0577efe8b549ca4555495e12647855c8e7ea775a |
C:\Users\Admin\AppData\Local\Temp\kgoS.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\AkMA.exe
| MD5 | a038b5c848aeb20bcf121467792574f1 |
| SHA1 | 8f31749771cd95a3a13f82a414d4844bea47de29 |
| SHA256 | a35d5b234765d6398e4e8b1beee13195e02306e0a061b053c7edd01d350932be |
| SHA512 | 5253151b8193d563f704a007cff1d1ff732f293e160112bed43c74a896f8b38e494a77914195d260e65c9af670b974facecfae87af08ce26ced619cf439714b8 |
memory/2548-1196-0x0000000000400000-0x000000000041D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QIUo.exe
| MD5 | 22584fb665739b925f9aa528538e3957 |
| SHA1 | cd641ae6c99f44b9be73af36fa7a5e3bfda323f9 |
| SHA256 | ad74f2be00eef7854f3f1cf3b131d1e3e2fa3d0697250f056f853bd9770f7211 |
| SHA512 | 56bbfdb9dd6c6f8c89915a804f4d20be762293262d643c729be5dbd444913cc50f31e35ae84b0318791f5b7c525943d5e13584aeff5abb2aca7c4d66f37563f8 |
C:\Users\Admin\AppData\Local\Temp\IkgA.exe
| MD5 | c6161f77240eac5f679082065b594254 |
| SHA1 | 19cd8ee5e36493f911a2574716243b2f9b6e02ab |
| SHA256 | 22bf4e6ee8a3342dc9af08818ef2434e2c90a116c85d4d4b3671caabd542715e |
| SHA512 | a55b21ed422edeeb2c6969ffb827cb352b41c7cce7ca0248992b9f123c856465c940616bb23d736a1caa3b63eb3e88be0c1ab9f53c9760399be9f4969e7aedf1 |
memory/2040-1219-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2748-1211-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\UAcG.exe
| MD5 | 88641a11d157c20a62af2548b26ebbab |
| SHA1 | 415ec7f3bbdc8658ad95376f98689d49f5b4c14d |
| SHA256 | 1577543324e75e184cac8cd2220ac3b24d925cd580db411a2f4c49e88e0ac181 |
| SHA512 | e7f68a9d820dc239e3f6e7cfec961c1fbcf940576562e7a298dc5d47826908d3305f7deaeb66e48823f1b1e51909d3393e0ccd17fb529d5875d8dfcb418ccb77 |
C:\Users\Admin\AppData\Local\Temp\OAQs.exe
| MD5 | 441c46c9a4f43703b0a3b47bf85c5f6b |
| SHA1 | eaa337c8d0251a54f0d3ca13c221e3adc4024283 |
| SHA256 | c0da1da322976e763d09170aaee4eb3b54af44f21e186cf1c075e5039af8d63c |
| SHA512 | 8c92cc56453cabc828c9b500492480878656808277e6b764d2f9d79622eb287de3622eed72f117582e8034d252c03a7e644ce0b8d79984df11027bfb409b9b03 |
C:\Users\Admin\AppData\Local\Temp\yAEC.exe
| MD5 | 8664d20f26f097b96c2186473b55e692 |
| SHA1 | fc8d0fbd3e0f88a8a0636da24eb3e302dc252521 |
| SHA256 | d7d329b12e9a127ba4f6a6641e31560d0d816d8111dfaff0c4795ab0a48d3c55 |
| SHA512 | 2b355c174187ed6903d671fe474a948b5fc5fec9c1f81ffc6e1150ed3b084b77aa5c0fcc4a7fa8e653a04d869f61abb05ba4de8453dfe4a8764a6b5606513d2c |
C:\Users\Admin\AppData\Local\Temp\HSosscEc.bat
| MD5 | 2b195e194f1aea6c3121ac268870b9c7 |
| SHA1 | 3e82af8e852c3f74947ad5eac86c41623cd5c7f0 |
| SHA256 | 3528fec41fdb1e4aba94844049afcde6da9307427977621d8069aa0b35714344 |
| SHA512 | 9d463d068d5cebfea5a8008e40dec5639bf6cd4ac495dee7474e2c18bfbddcd88f466a2782450cabdc8161f1eeb7739c64e689eecceea13d1252065d586b7aa4 |
C:\Users\Admin\AppData\Local\Temp\AUAS.exe
| MD5 | 49824b9682634b807a5747119645e2e2 |
| SHA1 | 87712dd03ac44a98abb96bd0f946ebc7e37dee70 |
| SHA256 | 2af73d548848ed4d83634852e8fc1d5021587195bc860b39dc8d4cc7ca149a35 |
| SHA512 | 430ba48bb9a326354f4d8dd779ff3341bb9588d15000a4fe10670535ca7ba21f87d7a044a05fdd88f7c88fb0c2e3df8c09a8a1fe1ed39f15f829e04a1f0d31e1 |
memory/2356-1306-0x0000000000400000-0x000000000041D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cEgu.exe
| MD5 | 18ec8e617eeb34a429158a455f799fb4 |
| SHA1 | dac2a33106f37837b3a360add73de7a4f0330579 |
| SHA256 | 75aae6abbd21a1f406080b39cbc70297c5cf3055badc76c03b1856dfa34e0e50 |
| SHA512 | 4dc442b30a117f7d798dab1b3bef2fca111864ad7c9129f8eefc04343c014b37f891febbafd6874431f79a52713002ec30eebcd82369d3679876d3037cb8a4ae |
memory/2484-1305-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2376-1304-0x0000000000160000-0x000000000017F000-memory.dmp
memory/2376-1303-0x0000000000160000-0x000000000017F000-memory.dmp
memory/2748-1319-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GsQO.exe
| MD5 | 99e59e5bb86f43c6176f8d192cf86c82 |
| SHA1 | a0361f0ec000e72b66a1695ae4e6bcfbea12a18c |
| SHA256 | 430d5d21e66edd49dbb3423c126c638ebe6a4270e778be22dae670ca13f6fc86 |
| SHA512 | 660a3aa97f277d15caa0df009cfd8a5a16fb3b5f89481a5e521e03776970e47a4180c8547a09b191cb7d0fbf811dc123dc97f865fadec1fe82b013946922ae15 |
C:\Users\Admin\AppData\Local\Temp\cEoi.exe
| MD5 | 40d42860e0c861394fddb9b7c1ed574c |
| SHA1 | 1cbca0b4c9b73e559b696fab2496c7c1325a27b8 |
| SHA256 | 7ddd77b3a72dd02ccd677e91e36f87d414e15bc442858cdbe06e2c383103c31f |
| SHA512 | 712b300157386772b45106f524c859b61ebd971f3c829cd1b60e0531fb8ceb837de040426496f339a51caba28c2232f4bf5bd67b87f0df0c3ee3f6a9c792c6fa |
C:\Users\Admin\AppData\Local\Temp\lYMIwMoI.bat
| MD5 | 2298d375e0820f15e7ad7739437be654 |
| SHA1 | 550e5c316155f3b796bc874353233cfe301e0273 |
| SHA256 | a53f4037ea466be73fcfc9262a780966c81a229d37ad01f1dac88fc3aa75e50c |
| SHA512 | 1d055a9d614f8814bf3ecaa089ae77f76d7998a9c4197f805d2fa0bc34b1d5ad39d0ec781de463e5330cbe525f7afd15924734b1ebe4665fdd08d64b2195fef3 |
C:\Users\Admin\AppData\Local\Temp\OsoS.exe
| MD5 | b7f42b7e7de2dc46e3434f4b8a95891d |
| SHA1 | 50fcbb1d138fc2c8ca5b97ee41657eb8c81ef6a0 |
| SHA256 | 247a65c1164b3b033f67e0b165a56630d5986bd082ba53ad068adc0d25743539 |
| SHA512 | 46ac6e88299bbbd290d0b73db93d3281e6e5577ec70d314f6fdaa38b659a925b4e707ba0c7a911c52a710d9a8a3c812342860e3db4b639f538c10b2ad98fc98f |
C:\Users\Admin\AppData\Local\Temp\Qgce.exe
| MD5 | e2127c610e6973bb6cda9969208bf14f |
| SHA1 | 113dea34781a814add2abcc6e599d301e9bf14a1 |
| SHA256 | 5fea656721463a1fa9be168c632f8d7312374d2dd8e56e17ad5eb5c16979261a |
| SHA512 | aa2ebca2e60d7b93e95104c0fd72cbfc52f5d657e9f2608209f0723f81f635d9246ea88c089c5e9935fa2c74d55340929820a50b05d7cf401ae41e9b49624a61 |
C:\Users\Admin\AppData\Local\Temp\cUUC.exe
| MD5 | 0f439a54df9e8a0777ee5a08f31e2c39 |
| SHA1 | 1b3abe29ddd60f660fafdc7704047b8e465e8886 |
| SHA256 | cecedd041cc000c0e4cdd8a3657423d9f0d8c2c6738826c9e09a7f3e9b425cbf |
| SHA512 | 921c4097f6109446af5a15353558d296fe78a9086cc22546627837483319b117f03309c53a58beea7ff7b91f20d75411202d6b2eea800be04c886ce90a1581d4 |
C:\Users\Admin\AppData\Local\Temp\EkEg.exe
| MD5 | 4d0f842794ce969b92a0f6abd401a8d8 |
| SHA1 | 0bc05471ecc64c0db3aeae67d5f0058671b69f7a |
| SHA256 | 3e4d7aab7b8763daed35def230719a5e812233b0db6bb289dfb1832bc01980ed |
| SHA512 | 25da592cfb12e12411c73f6a02239b5b400f40af37a1eeacd4f2d404fd878412974166e6aab1c56cb5edc3c4a488afad36111c0b77b2bb139596de885c9112d1 |
memory/2484-1403-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1208-1395-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2096-1404-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Ukkw.exe
| MD5 | c7cefc2cb66480c1a27528e3ba85207e |
| SHA1 | bfe27f0f99cef263cd53f93930b586f01ff81f62 |
| SHA256 | d2ddf110876ef76eae7cf70ec43353a8860b8ee2d1aa0974b80821092e851510 |
| SHA512 | 00652518a1d33815dee747bb1dd2966de7670ac68d82ff78a8e66b55fe4eb725b325ce8f7d05da29d8061864e2df345b638364fcd0443ed2526c9eef7b044af2 |
C:\Users\Admin\AppData\Local\Temp\WcgS.exe
| MD5 | 921e158461f4b29c755ee6bb4022fbac |
| SHA1 | 955f400cf8f3b588f4f6efd9a37bfb2ecfb84cf5 |
| SHA256 | 38b3f15291f79370cbdadfc6bcdfb9dab2a306f25e57e0260875413a5ff44355 |
| SHA512 | 55e13470e755a9ffb76dcc5eba00b9487aeabacfca0e36aed9c8a2c14937507def804eecfee7edd8cb1373a5417942579fe32dfb9ee8b3e30d3b2b1b8a6f76d9 |
C:\Users\Admin\AppData\Local\Temp\KYIK.exe
| MD5 | 731c03c534048e876ff3469a4790ab15 |
| SHA1 | 5b1591354134e4126eea39b24c7376b8e3d5ab33 |
| SHA256 | 1a7bc78f513c964221af2400e16190b5f03d25e9a37f3473accbaf39afd60756 |
| SHA512 | 5156a8783b343ff350858cb0f0b47ca7dc6981bb9ef1c0aec8737374f13f41f6a854ae1c11c35055d107a1bbe626045fe9fb72727d7b9a2fc939c88a9289d791 |
C:\Users\Admin\AppData\Local\Temp\PaQUYgsE.bat
| MD5 | b89dae8f25330eb7c65958be7fc13016 |
| SHA1 | 7e0a3ffbe24dd94a8ac44fd0a388845760aeab4f |
| SHA256 | 8817db1abbf193110f949ac2796ccb47fe681c991d2d086ccdfe56d37fe8bc03 |
| SHA512 | 936d42e8fe20a2b2a86fa7436673a1281a27ed6c6b5b0bc47d1b6668d8162f3dbcbf3782d89f39cac2b044aa446b5dfe816cb6ff6831d16c70374adadbb69a20 |
memory/2096-1480-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\iAgs.exe
| MD5 | b0653b4af5b7954cedc79feb4302120d |
| SHA1 | 491e0e4827263203215517ebf714a0eacb1006dd |
| SHA256 | 06a0d5a651b04d17e6372ed732a58b48c1c011c6a0fc85f212b9804d9b64282f |
| SHA512 | 8f7324a2e8309871f894a0bf86357dde625a5b89ff807c8322a9389c8de470e1bb914a9d16767dc79828a27f299ac88360ad5287e6f66186970e6539f19f0a58 |
C:\Users\Admin\AppData\Local\Temp\Cwws.exe
| MD5 | f728c177e319bf2249ebfc767d9b79ac |
| SHA1 | 4791e89ce1073ee4a6a65788ea0eedef633696b7 |
| SHA256 | 7652cc19b6998bda2295ab25ba2e44206f5aa23f63e057cb51229383c8e5c7be |
| SHA512 | 4f485bb348c291f2a5b9788367bcd1731e0fa6ac153b23f130fcfffa5cdf350b711847d1717ab89df4f4c129b4c5b25607eae2688c3117467a6b32a9db80588d |
C:\Users\Admin\AppData\Local\Temp\wowo.exe
| MD5 | 8946e6291df304238b59527729cd3adc |
| SHA1 | 9e78d0f51742b53442abae17580cd89a10a24d04 |
| SHA256 | d25526129f2f5b0d3bb35781b1e12c0bb33650f41a28d4a1335ebf5a04d80f44 |
| SHA512 | 3432fa315a5d3321544884ee2ba7b56636e9efd41c7b0dd6a602800508077484cdb9e4f83368230252592da6fa5d56decd071865db7538dd98baf331cf58ddc6 |
C:\Users\Admin\AppData\Local\Temp\UKcUIoQA.bat
| MD5 | a4f9dd186f2bf24edb9eb3b1cfe27a7e |
| SHA1 | 77a9d79d33d659e75e6e2b3fbdd5592fd07b7033 |
| SHA256 | 0e82331e7063765983c0c6f314af6757a2fbfd0898ff9c27539e0d9ee753895a |
| SHA512 | 902e9c5f9eb76b414cb83751d89e5ffdfadfcc5a591c689d6728e28694c7e4b5ee507eb110c79eb2d2176cf331d31c45bfb1e0ba5887239d4b81803665c2fde8 |
C:\Users\Admin\AppData\Local\Temp\agkm.exe
| MD5 | 2ad14190fb9fda90af4fd0a34689f6fb |
| SHA1 | cd2932edc0fe78651079ec64cebbb69fbe024d37 |
| SHA256 | 8c13e3238f3027fffa91a2fcebe846410d075d6acfc43fd3166fd0c308ddf539 |
| SHA512 | fbb6ecc4e6cbf05ec774f17c0ec00315fd1a28ad4061a2527fe59d842b8c35869026787e49d6695b65e7b6110433eb5889db2bb00afee434e902cb87ebd88ee1 |
memory/1540-1551-0x0000000000260000-0x000000000027F000-memory.dmp
memory/2904-1563-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cAES.exe
| MD5 | 6a12a14ff808db63a7ae336f60d6dd99 |
| SHA1 | 126d26078296c08c744a0c5095b4af632dae4a21 |
| SHA256 | 1ce50b98dafc46f387063116d82d5e28744e9b81d3c5a2dd60dbbce67cbbe8de |
| SHA512 | 316a1f54a482f3b57eaab45d0e196beb9d07e318efb81ded3df4a89cdb4fc4d6bec6c900a44607df41c0a3ec151456e6cf8d049098531acdc2c3200a2286e85c |
C:\Users\Admin\AppData\Local\Temp\KEwM.exe
| MD5 | 444c9db5f14b87be74d0e2bdfe4fa399 |
| SHA1 | df96670de598f7578fd013a036390f5634167b5e |
| SHA256 | 0330b3fcfd22bd926fa04df38dc632f8b9f73d2a4c3d504742e5a21bd200ac3b |
| SHA512 | 9d2ce71b86e3075ff17d7933327b840ebae3b3a64fcc1bc711bcb3fd493bacf095de7ff775c65319a70b85c0d1a209335f7cb1ce32f7a2f5c0a2430781982281 |
C:\Users\Admin\AppData\Local\Temp\igYo.exe
| MD5 | 14855ababaef446f0ec1040302ab09bc |
| SHA1 | 0e1857a249375bfcdcf788b00abd66f38b253543 |
| SHA256 | 4ac314478c85191c14e9829665e24758fdbcd029059920348fbb798556ddecb8 |
| SHA512 | f96092e1fba7d65c5fd0a6935574e4f03c7f2be07f4887ed4e8719417ab904b49748d86f65b2fb0aa6a64b32867223e84f98ff72c9f934479b5b46db0f4b22fc |
C:\Users\Admin\AppData\Local\Temp\OMcIYwgc.bat
| MD5 | 6565edc1934d44c6c9c3e23a8aee3a57 |
| SHA1 | c471bb7e290dd7885307791ff2366c6bdf8bbf56 |
| SHA256 | c8323fbc184c36b93113d80780f38502b8defbfe0998cb0a8de2d5fd9a454fb3 |
| SHA512 | 851e9111706779633d611d966fd541cfa4e43b76f77a69e481b21ffd32b0363301c8ef24fab434d4c2b9e652d48fee217b23a3237c937d9746c716a7d0116175 |
memory/2640-1621-0x0000000000260000-0x000000000027F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\SMYI.exe
| MD5 | c68ef41f14b15f7a61f6bfae30431cd0 |
| SHA1 | 2002595cb7011cae6ce31b467a3cb0c8a11e20a5 |
| SHA256 | 95cdf297fada6ca14130f0dc06bd3243b5badda3e6ef1e5f730bdd6ff8f35fa3 |
| SHA512 | ce7c3abcab2f2b0955cfac4e177f7081571d0c193ae10f294114fcef203bbd51c066a1cf3e3b92f19f4182534a70ee64bcf594c0de99ecefd489c13a9ec767b5 |
memory/1756-1643-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KUkO.exe
| MD5 | e204ba7e4be8319815c2ca990d131858 |
| SHA1 | 89de558123ecf2810204674f0023ae7f6922d77b |
| SHA256 | 22a1ddfa260e6f71807fb7b7eb2c1f7ffae59fff8f7c0f41ac8216f3edc4da01 |
| SHA512 | 508fa2b2fe535c58315f90274f267b0196d89604851fba0102b1d372428ad804132f7fa17278b52a972522b81cef565facde7eb5a894ec9cbae76b09823b158a |
C:\Users\Admin\AppData\Local\Temp\IIAY.exe
| MD5 | 5820c2a5cf1e5d64f5853d7e4c9c397c |
| SHA1 | f574c3cdda8dea77d46ff6bbe99d41cdcacc4d74 |
| SHA256 | a785b10c641e484b23199082177f318d320c44cf5133b38a25b66a784fae6816 |
| SHA512 | eeb3fbb2ca6bec617478f320a876ca256b0cb613950504a58acaeb7f47824f7e5889cc016b37d972912e18072ae691d5e904c690e784f3f252644b104ebc6b46 |
C:\Users\Admin\AppData\Local\Temp\yQMa.exe
| MD5 | f7b9eee3d7cdcfa9569d4800b11bd1f1 |
| SHA1 | 55d95204d37f7940ddaae70e422df889a75e5680 |
| SHA256 | bc4df102881c960a90fb04843c2b1deef1dad9dc22f6e4746a198348a693c95a |
| SHA512 | ed735661138e330539c920d573c6d781c074940c334f3d9e3cdd5c4659027a1af8d028d0cdaa62417ddf66a506439ef82f309412511bd01c846407f1fa4cbb0c |
C:\Users\Admin\AppData\Local\Temp\ukYowIUE.bat
| MD5 | 3559e60abff9d15fcf10f9182d9463d3 |
| SHA1 | f5151d9984490fe8448b0224ca2b609b3530101e |
| SHA256 | 77d7ccb5bee264eb46b27015c9b66798ef34b8c69df2d8e90c54b3aa7aa6151c |
| SHA512 | 8d36cae2a5152de982e79c4afae65266df8d5746a12f1bbe59b7bd6d3f9f75cb4787fed3ed5d4e560da5351b8e5d5ad819598931a9c3cbad2389c75f1bcec792 |
memory/3036-1704-0x0000000000270000-0x000000000028F000-memory.dmp
memory/3036-1705-0x0000000000270000-0x000000000028F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gIgg.exe
| MD5 | 01a1339ec85d7253be73054931f3a055 |
| SHA1 | 904865e82f8885d31285b5d591368a25b682507c |
| SHA256 | 2002a57919dcf139a1ce769dcaf2a1f3390e9fa6dcf35d72686d00726b286d78 |
| SHA512 | eaa71c5638834cd2c1558ac76be056fdbb234f3dd71dea177cf0b462b349a04bdacbb2266e386e24c3e701dfae38ae669e68866b09b767427b8e4f6b9bb535a7 |
memory/760-1706-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AUYG.exe
| MD5 | 86a032a09f0ff1b50eb59a9e6a21a63f |
| SHA1 | 0895d3c4c8f6b1bdb3e52402b923db6beff2213f |
| SHA256 | 93c8b4fd993c8a739e00ac499b08c7bcf9a264eb23d37f91d119c7de9b204f75 |
| SHA512 | 783e0ae60b9f814cbd11d1dd3b1db360a07d2a04261b9e165f000d642454a9af0639f18a8d137220696bcae709db0f0dce9add284ce4aa1a02b90a2cb16b72cb |
memory/2380-1731-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IIsg.exe
| MD5 | ad7eafa34042e7e322f5d0279eabfa71 |
| SHA1 | ceb95da6f8c56a65d3a2c7c2d9c4d60a9035f72e |
| SHA256 | f74f39fb8cc1462b8b3749ac500220c8218c00f1e7fa9a55ea76a567be2e9084 |
| SHA512 | 9a4e8be15839738f2d9c7813a358891b658b63e91c829250ca4fc1e47ce774396bd5efb7dbb81ddea8ffd76a2eef0ce463755c69f574f9b68839bd98aec08f46 |
C:\Users\Admin\AppData\Local\Temp\wccQsAUk.bat
| MD5 | 13fecd524a8af3af517e8c203851036f |
| SHA1 | 5dd78f8c44d3fc25dbfaa829a2013fc210b2b6ed |
| SHA256 | 88b5c624e493191c5244bf9d0b0735aa13384e69fa7dffd6ffa02f4f65ed8891 |
| SHA512 | b55230f73ffae5d91022ff657b60f12cb9a10ebddaf327c09e5a6ef5f78c601484a8474b56c28df285ce288b9d6e9fcf1c8164c394bbd39f2fe3385ef98d0382 |
memory/1948-1775-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2072-1774-0x00000000002E0000-0x00000000002FF000-memory.dmp
memory/2072-1773-0x00000000002E0000-0x00000000002FF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\iMUa.exe
| MD5 | b05fa5c90d394991574ae41e85caa7ee |
| SHA1 | 0d37b85f3435258dfcf8230e6804c4b5918052a9 |
| SHA256 | b9ba89d522a933ea91aa3e9e2aee7c1b49e7274212e031601f02871e5cbcfddf |
| SHA512 | 4ac25ee038e956d0f2276241653ec21f3462de2dfb59b272f8d79de662f34e217f56ae9a9006c042b506abc0222f95fe5741e35c95f37fa72444f8596cdbe899 |
memory/760-1797-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\eYss.exe
| MD5 | 3c1348211768587ef2112c0a9f8488fa |
| SHA1 | 7f05d660cd6d934ed74009abc648b34bfe60160f |
| SHA256 | 19e23ace3febbeca1f499aee835a13e57bc33e27cf8dfdc2c24841434532b37d |
| SHA512 | d111795f6a4daf091f52391cfa407e45bef874c56f957c550781989c6469a9b61e467b2b220435f1be7ffddfc5fc19cd8c60ed9591e49c4c189f9b0b37b65e88 |
C:\Users\Admin\AppData\Local\Temp\JSYAUoYw.bat
| MD5 | 96449040d8e109a58dd237e62371e3a3 |
| SHA1 | 3dac43a0e79edd419f127960e50267ed0f1fb331 |
| SHA256 | 228082939f512446d5eeee24f077912d390c0431d74dfc1d5fc6275d9d2d9404 |
| SHA512 | 1597e3259eb510222477544edecb5b92084cc2e64b9fce5faaae3ac8b12d73aa4236a52f46b270c30a004559c37c5e31584a552d5b9694a14baf15a3e9a3f591 |
C:\Users\Admin\AppData\Local\Temp\Assk.exe
| MD5 | ec5ce417f1f0fc9325dff2697b5b4b17 |
| SHA1 | d79c0e29ca5a80a0db107f036bc03d6e4eec132f |
| SHA256 | 878361dfb34572cd08f71c534faaee97dd64d8553e4f3ce6ef2cf708aa15e667 |
| SHA512 | 187509d354ff7cd0fa79c404bfdd3466a5f2d7dd132324a8c9f279e253a288bbab5b3b00ff52f6bc92d020912957105f0a0dfa2fdee1eaecd196e18512014e51 |
memory/1744-1841-0x0000000000400000-0x000000000041F000-memory.dmp
memory/848-1840-0x00000000001F0000-0x000000000020F000-memory.dmp
memory/848-1839-0x00000000001F0000-0x000000000020F000-memory.dmp
memory/1948-1851-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EscW.exe
| MD5 | bcf0b8659e7024046040551b83155e82 |
| SHA1 | 1817ec4b13caa3ea86b407d2d7a63306e84b1129 |
| SHA256 | 4cd48746102949c30921c2a401e84d98d391d69dfb9a2f5a5886e13a811c9318 |
| SHA512 | ab47f544da5b16b281b2772c1bfbd9c29cd8c3324504b6af412a899d554c48a1e4fda43ee648fcf32e353d9b629b1c3cdd72b2920b640b30bb3c83ab016c5530 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp.exe
| MD5 | 38aa2097c5e81e4cdfcf784b5921d66e |
| SHA1 | f555ea26c06eccd954cfd89b7f6b1ab5d0e39bb2 |
| SHA256 | 74db65bad279d1f6e2c18ac6e8be0fa634a5c31255ec5caaf7529551bbe478c2 |
| SHA512 | e703027fb254ca4e8a6f69049938c6a0f177f6e882e5ff4563888ad2ac50f9f2fd5d2182e5bd4d1871f33ca7569e0166ff3a7547f29b9097a7b30b4572dd75e4 |
C:\Users\Admin\AppData\Local\Temp\ZikAUIMk.bat
| MD5 | 782befc692539a9f0b6f9ccb997f28d2 |
| SHA1 | e1613cf0e177fdfb11259f8402191c049aaca887 |
| SHA256 | 2f53cc09fc4e4fc27c083d288d4fda7fd524781ef374e2df640e7c499660b058 |
| SHA512 | fb8e10eabb61be36ed96acf081157d43d91c9df2bf58eef031e4eb4805de8005ed90ba452766e7203d298be1e6d59e1bbd264fe547c792ac745864dd8fc26530 |
C:\Users\Admin\AppData\Local\Temp\CQgw.exe
| MD5 | e2d92e7ac89c40806675ec26673dbd05 |
| SHA1 | c20d33730ca36707c2426ad2b731eaf9b5829d43 |
| SHA256 | 1f26538514c76ea9bb89c58fefea46d6be7bb20a236c9738a0eca087db895d21 |
| SHA512 | 867f2cce6d79d8da6e40aae873989d906d6db852c407d91ef4bb2d0b883a9aa28eb6dc7604d57c8fe2e92e97fcfb9764b2ae246d320dcea4670609ab930a4fbb |
memory/296-1908-0x0000000000260000-0x000000000027F000-memory.dmp
memory/2580-1910-0x0000000000400000-0x000000000041F000-memory.dmp
memory/296-1909-0x0000000000260000-0x000000000027F000-memory.dmp
memory/1744-1922-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Ggkc.exe
| MD5 | 1d86bdb8b2276dfad9c4376bd913e12e |
| SHA1 | 7a3f152ec704267b4ce29c343acdd538eb7a9e95 |
| SHA256 | 0fd8c6fbf19a1c581495b207f02dc7334ca20a1e712853c737a60e71937536b3 |
| SHA512 | 8e82c9d0703a8a27bc194ce3e3b035fb97f3f3ddcbb0caeb4598d7073204a5979d57aa0dc9fc481478f7724e66783b9bc793e9b910d83e1c907978996d3d78a4 |
C:\Users\Admin\AppData\Local\Temp\AcMs.exe
| MD5 | 3779817ae82960880098e3dd9535b7d0 |
| SHA1 | 4f2030765970f4365566cb80a28574d11a082c7e |
| SHA256 | c087aa2dafb9dd266b75e36eb3962276bf31973a4a9d95edd864a3099c6b993c |
| SHA512 | fe2f454661bbb393707cabf3f5e280d1b53f4340a6c2e068ac83732601197c97e40d40c1f27b78f2b37f47f3e31c0367bebce72d5a2cd85abb26f76faa90ea7b |
C:\Users\Admin\AppData\Local\Temp\pQQwwYQs.bat
| MD5 | 24a4223d8e1612aecbdd3940b0ca871b |
| SHA1 | 13b596ae293b97cf2419b881a38410c2e35fc393 |
| SHA256 | c6a18a1d96ae2042f07072893fad585aede95a597522da7155ea8764d390f902 |
| SHA512 | 6a77981d0e5ad416d217be03d21db6b6c505d337f9ecc5dd68bfd23d9524d219f4cb84910de8c49bb1dbaa0de7c01ae29a8a6c980b0dc6fc7675be57583c67d0 |
memory/2692-1978-0x0000000000130000-0x000000000014F000-memory.dmp
memory/2692-1977-0x0000000000130000-0x000000000014F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AUQA.exe
| MD5 | 584780bcdcf59162fa26d6f4f8756127 |
| SHA1 | e2cf943efc7866d3f8539e5a8fb509794ad99664 |
| SHA256 | 67f25ced5474b7dcfd22500678fd317a9c634eafef09b6d9dab466a5cd8be3a1 |
| SHA512 | b3a31fb1ee722e4f536c5422569b8fdc051d0b12cc2cb95df411a806ac4f2b50e7770ca9942ba8f1b44b54961039378d08d9cdea993837c2dfa35c92dc825ddf |
C:\Users\Admin\AppData\Local\Temp\egUe.exe
| MD5 | eb61efbceab63236ef2fb4f5d5ebe585 |
| SHA1 | 54fe0e5f4bb699a33a4bb1a28143a5308703c56e |
| SHA256 | f0d733ccda25176b6f0042d75bc3cdbce53e0b962ceb5253bd3055daa22c8c56 |
| SHA512 | 174335926a7beea6f5316653c3d46c7cd670355649afbf55be58ca4e41eb0dd3655c6272edf345e2734ef1372b3b95170e928a28487f72219ca5bffbbd204277 |
C:\Users\Admin\AppData\Local\Temp\bSwgEogE.bat
| MD5 | e13e9b965750e282427bdd86db6de545 |
| SHA1 | db7c2bdf038e54d1a57fc22d93dbd207419bd9da |
| SHA256 | 58f3a2a244f29cf542509fa28bfe8436c8c1ee25fe94f622f14a550ac36faed8 |
| SHA512 | 66a4b971fa168f7761a2f32553576b94530862f4506210c84d9e345522ac0c43791a1c0daa4548c54cf3e07625bf68f31205700fd8337a3deddd2f18d842e0a8 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile30.bmp.exe
| MD5 | c65c33a5230d9e5771ec04d661910b1f |
| SHA1 | 492c1092fdecc83e97abb9cada75409832b3f32b |
| SHA256 | e3f94525f1cdefa66d0696784b651019db03ae75fe975d9196b003f6392a2b99 |
| SHA512 | 8eedb3528b9b093a5734cb8f886d77bda1761387311877bd8687ad742a26e9e6d5e548294152aad2375ef4d3f0d8b52f5a37356546f38aa0d9e7fde65f43d16b |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp.exe
| MD5 | 8bfedb45d3d0e68151f7309e00bf199c |
| SHA1 | b8a8350f951776326b676757f1a8e587a58b2b3d |
| SHA256 | 395df0e67bb695c0cfac9c6d8a0fa13b45bd5bb4c4d1f766de101f032f60bc42 |
| SHA512 | 1069b063f7653b53efe25ff352660a97989ed5e82f760479c7ca1253703187f72b79eaa17e99fb8acc2a3987f15cd7d72128017e17562ec28751dd748d5de611 |
C:\Users\Admin\AppData\Local\Temp\KEga.exe
| MD5 | 445659fd7ddc95014506466ae6fc4757 |
| SHA1 | 2de3d8fe7bc32543b64ab35e9faf2dfe24c98a4d |
| SHA256 | 5564de039420684186d1e7dd85b632b133629b986238d872baee338efe919ae6 |
| SHA512 | 10e1a968dd209438c2b185d5b661b6b3ec46ea533bf9deabf4c88c0a1743faea059cdba221b96b5657788f40d4e3741ab06ef401ad38239665a5bbc8035e093c |
C:\Users\Admin\AppData\Local\Temp\mMYQIkYs.bat
| MD5 | 71319c2ee790cc08713f755917fc2695 |
| SHA1 | d17e78e174e09277edc586f939c225a2eae394c6 |
| SHA256 | 3386778130f649da023d7aa2a63f1006e298afe3bcfbb4d341eee0b3062519aa |
| SHA512 | 8726e53e9678e1a2bbb69c928d02e69078fd1d250f3812fcf84f5c1f806ca8720833d97b2f08024fdf7b697fabf7b28d71aeb93b87ff1d5d5a3eac13fc456c21 |
C:\Users\Admin\AppData\Local\Temp\aQgK.exe
| MD5 | 2db373b8680e0ef64ebb054703537630 |
| SHA1 | 055ae6f3650ba1132a3376b2208e32b33df7c7dc |
| SHA256 | b915f1ae6ac085159ac6a1ee4dc5a1c664b70f522633a390d19de85b6ef7e684 |
| SHA512 | 327d5528e5faa0716ac9d8bb413e91a7c6dd7ec33399684ce3ad2ce6e94b654832b00e67526b940778eb2405a4f3858d37ba24485c74273ef9df46fee885a748 |
C:\Users\Admin\AppData\Local\Temp\gAkm.exe
| MD5 | da9867548b76c269adc442e23324bc80 |
| SHA1 | 56e8b442b69b18ef7eee9165011309c761177098 |
| SHA256 | b9e2f7853d1ecc6865c1f63b884808f205c98edd49fcd15f2833110e3367b407 |
| SHA512 | 478c9514164c3e7eb20dbed7ee9f409a61e6fc2b7311c2c22aae1acaa579c9d754ebce08ff4a5329bb33080ad467be5a67ace3d2fcd11a336975902df6c3b915 |
C:\Users\Admin\AppData\Local\Temp\coIC.exe
| MD5 | a9cac946fc46019df8865ef5c2424a7b |
| SHA1 | fd3523b9769e29d0af5e9e1b910ae92552dd0fcf |
| SHA256 | bd77b9c1374a146cdc534f3df7599717bb2774c4111c181721e22fcef4a4a182 |
| SHA512 | 1bc45c51e8c1ea0fbdd0e0fef9037f4d343d4b93e06ca12a1e8874da2b98f193bbf477beaccad336d4a06cbd6b23c121c7b8343df96dcee6f66aa3ec636c9ddc |
C:\Users\Admin\AppData\Local\Temp\kUsG.exe
| MD5 | dcb7934122401ed81eefd9d9403b7c56 |
| SHA1 | 5f1c6cd0ad4bb44e5bf5e9030d38397cb2a7085c |
| SHA256 | d2c59b8c5e95bb4b7e29947c0dd4279f5fde9b8e8756a9878ead6530975e954a |
| SHA512 | 1c2ac154f6a8e8d87f84d7ba808f7563ef1efbb832d5246a9a616539bebc9993b47da8a746183cf2aebac3cde91e47ae4ebb98225f3b4416e11d920f55609bb2 |
C:\Users\Admin\AppData\Local\Temp\UAEIQAsQ.bat
| MD5 | b78f3dc53b6355e9b18fe7620d7cc8d7 |
| SHA1 | 7f9152852952c03fedd788807888190b91a462e9 |
| SHA256 | 9fbb542aaee71bc27f9669a87a55c28e0d0569743c5627240b1a1ce6fe66d849 |
| SHA512 | effb25807abafeeb47b6d15e533d60f963eca9bca13d4eaab824d68278930e4a0f2e59e06e1e78c2a5a6ea16004619293dd8256774b4b1d31138201f6ed6bedc |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile37.bmp.exe
| MD5 | d2f2d5e0f46c42799defbb3ca8ea4647 |
| SHA1 | 3098ccb3c4f96dc12fa9af89042ccfaaf46815d1 |
| SHA256 | e75aa708eeab5ab6f44a615a2b0468163d9e8d62c5f03172ddb31bb56b131ec3 |
| SHA512 | ecd43ebc7dae4a02ce46cfa413b000972e9db9b1ef1c23c0701ce737f70964b1f153247f7990cffa07e6849e5814d60367665ef41fa1d3b0c2a3e7389d74fea9 |
C:\Users\Admin\AppData\Local\Temp\KAMK.exe
| MD5 | baa4d64764e4053762a9ee88f13920bc |
| SHA1 | 381dbb0baa0a46d5fb476c9e06529a9d46be9a0a |
| SHA256 | d019957cc7309071dd585014b38a2e7f9f15ccefcd4c55453911b17800e9b723 |
| SHA512 | 30ce5d75e8284bb4a1c809c5051164b9f1d47ee12756308033e73c27410b2da11ded16eb49fa19abc56a360f1ad953bd7eeee54f1a1e66ddd034307e60e6e611 |
C:\Users\Admin\AppData\Local\Temp\yQUm.exe
| MD5 | f5601870f7b51a0cfec8ce94e0792040 |
| SHA1 | 962c472372ab62a63d4c83f37c5f6c5880619a80 |
| SHA256 | d4a2692545d424dcba76260e0862b92b7bb0dd54ae4d20d528ed86d4be6eb607 |
| SHA512 | 3450b0832261757212566adc26796470a5a3a778b47ad9e41c50ac8909e612fd695893a63736b911f4b70311a52a74a2fc42ec05c1d3338cd5fa901f7a6123c2 |
C:\Users\Admin\AppData\Local\Temp\qAQIwQkc.bat
| MD5 | cc8c0dbee512129ac9f5ff82db0ae345 |
| SHA1 | ad435d27af7f9b54ba4e6ec58b35310868040d3a |
| SHA256 | 8041856e6553a5dda652ad052f08bd3962ed590124b6d0fe6410503dbcd6f7b2 |
| SHA512 | ee0ae5a76f79bf52c9fa93dc50f9d070a6eb8899c7a04c8b87322909b576fa11aa3b4a7b15fa9c864da4c13259255f3ee3bca20c64da21188a6ce38834d204f7 |
C:\Users\Admin\AppData\Local\Temp\qIQy.exe
| MD5 | fa7d7becba749dd08bd8e228286fec88 |
| SHA1 | aebc19b1837ee9bfcfebc82799b63386bf64caed |
| SHA256 | bbb143fe0bc3667cb6f4520791be2edbbf2896dc73fdc2009d37afe54234e8a4 |
| SHA512 | 92b4753f7fa4ed6c1d0cadf531bf9636ea96f5de46a0cd47468fab3df7c8f18baaac7a5aa602b443af576bde99d84b615adc206936e896758741296addd8a41b |
C:\Users\Admin\AppData\Local\Temp\icUy.exe
| MD5 | 6f6ba7a6573084f298bf8064ad57fd05 |
| SHA1 | ef91d524700442535d4b36b37bbf41c27cffc707 |
| SHA256 | e59237feae8f0344163c7ca8f111e7e748f3cc3ea352bafba1f285ea9528737a |
| SHA512 | 88e82f4b860ba30bb5329eabc1d7c03e52951a670f4db6d317b86a93eec3dd367f57799a99a36266f1ef42b14d71df24fb3d463b814700b2c207c36bdfeaa8e7 |
C:\Users\Admin\AppData\Local\Temp\IuokQgUQ.bat
| MD5 | e74da03487cbf54e5103cef523fb60b6 |
| SHA1 | bce91d0f3bb270c55ca437be071e0f32f26c049e |
| SHA256 | 372ab3c4b7c575334ad702b45270afe9f9062fcef637aa3a839a58505b01d016 |
| SHA512 | 8bc69b58dcb78ea10adb5c974af5e6d792e8a013246612beae4191b81be0e73f21e6351868552b9eec811fc69e4bf1decba5907e49cbc486539a69b693c276aa |
C:\Users\Admin\AppData\Local\Temp\oUAo.exe
| MD5 | 5572d550be420d973adbc4a987b77a7b |
| SHA1 | 7a9168dea55045dd0dd6380bd154b05ae1643766 |
| SHA256 | 5fc929cb8af4dde7056ca788b1d72b9f74f7ab2f5a7590c02bc0dcdf0166c9d0 |
| SHA512 | ad6742124bde9e0cfab7f84060c42e32c228b826da0b194560c0d10d2ec103aa78ef0872dc3f2def8441f7b4410a94e4a9014050db2f2bffdc4e6f3ece4a78e4 |
C:\Users\Admin\AppData\Local\Temp\ScIC.exe
| MD5 | 74f9dfe5214e9ad4c552f46560b31bb5 |
| SHA1 | 7080f570b2966c1d05b37048bfdb13c1a643db9e |
| SHA256 | 48716c509311b086f46bc6d4f8dc2d1c795e967a7c7fc779c269783092bbc602 |
| SHA512 | 9a19d9b83c8ec6ef9bb79bb8682fe9fda55b49cea03a23012551aac5f529867a24bb9f36bd97eca11d806371323efde5f92ef8780d4c3e7f7e9c668f9d577286 |
C:\Users\Admin\AppData\Local\Temp\EYAkQwoA.bat
| MD5 | 0dfdbfe400d4c2b3f4af91f0bb815324 |
| SHA1 | 7ac6ea19855ceef5c219bd29b0d94a2f4458532a |
| SHA256 | d791ce5b066b9008d4a5df7afbb88b1b5c5b380a3eafaccb468548b739f2ff9b |
| SHA512 | cd06f6197d6bdf3b128e9298884fa183b920900ac46ec53505bc64219d6e2343d689d37f249afe61bd0a1884f6101cb7145a53a459492f5364e72f8517807f36 |
C:\Users\Admin\AppData\Local\Temp\cMYM.exe
| MD5 | 2cc19e02af0ab4e196ef860b6de923bc |
| SHA1 | 08ee1790b9e13f2e85abde959299fe9486cbafac |
| SHA256 | 818d5b64404d83c6a66b19d20e64502d820d3114e511293f796db3c0eba7de54 |
| SHA512 | 392206dbb29e962e7241509a642f6c40b43965519df8a70185d8a4cc38d348f966e77d7098ac80399d2cb36b0136cba7dbc75651df76be72007a5723c6841c6e |
C:\ProgramData\Microsoft\User Account Pictures\user.bmp.exe
| MD5 | 32bffd6adb08f0664ff3a956ddfac28f |
| SHA1 | fa841d07bb8bed70683f13121bd7c8c7e3493eef |
| SHA256 | 43eebe6e5a93bf70ce526822fe4f01b5664ad9e82b29dfbc144fb928400e0e35 |
| SHA512 | 10d94b37b0d670e98678bcb010810d8e8cd16aa956cdb3a445660f673467a32c638f0512ae6ea296c19997733058d9ae0c297fda160f222bb92b36e865ae9b91 |
C:\Users\Admin\AppData\Local\Temp\RwkUAoEA.bat
| MD5 | 464fb530077e6e5a17f5088f25c8ed1e |
| SHA1 | df5d875d7a5cfc8f9e8e0df139428ef7810e0e34 |
| SHA256 | 7ce638a644eafcdf90354fe6335047b41ec830c64e2b119b832643d59ae4fd0b |
| SHA512 | 90c31b632f17d4f20d4a73dbe7bf0b80a8cf24861ce77a936d481dcf6f025dc9e79f5fe5da2e17ca846a810144281ddfebb9a928d566e534233c8226f8e34b44 |
C:\Users\Public\Music\Sample Music\Kalimba.mp3.exe
| MD5 | eeefb63a1959ddb49fb8e053a8a60230 |
| SHA1 | 594056cf28b37c33589b2e28f69aaa09ca65bf9a |
| SHA256 | 73f500d57b89b9de18f665a7cd470641058d3ea2f0b20e6038bc9d357e21938f |
| SHA512 | 5ab08d39bce1ca3c7495e6f2aac63523a0a5fcff8bd9270c7308ad9a30cd74e92fc65d0a00404564ca6f57efc40a97eead5ed7aee83400c03f2432f00f094059 |
C:\Users\Admin\AppData\Local\Temp\TCMwUgQg.bat
| MD5 | e4a9d9a91d024531ede3d245b53948f3 |
| SHA1 | cbfdcc3ccb6d222018f856bd906abf7d389b9b5a |
| SHA256 | 4db07a07978748ab0dff7b53cba125979822b148b471466892a83eccd140b318 |
| SHA512 | ba0efc45a44a8446155219ba16b93cc37be689afd5757e774274433de50484744d23901d4937090ae30d2b4be565d65ecbc1a531e63de019cd685f6bc37f7d7a |
C:\Users\Admin\AppData\Local\Temp\kIgo.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\GAIg.exe
| MD5 | e0b52410bb0e675eaddb4db3fe9d1e00 |
| SHA1 | 9fcd0745e9d50300b41da7de0b2dcdd781c4ab38 |
| SHA256 | cb380ebd62cc8d1edaab114748035b71ad02a60b67cf64f989eaf1078b0e0663 |
| SHA512 | ceeccb6aeb22118221a143d7bbacb22d227c3d537a1c4497ca6d36c85cbffdf068012af6f9a36531851a6834aab7a2f9924b71b3748c41cd61bd6e170bf854dd |
C:\Users\Admin\AppData\Local\Temp\qAsc.exe
| MD5 | 3f55281c0c3a782ba560ccdd9c8a01c9 |
| SHA1 | eb2f69ea075bb1bcdd382c53e7610c30abe21a4e |
| SHA256 | 352d2afe4d4aff3826ae0c1e0cc4a474bc85bdaedd063f128691f1dffa91af04 |
| SHA512 | e8b1369fbb4c0d8b93f38eb70f9e2e8366ff4656f05b76076a631649076a067b55a4ffbf384dc4d313bfda8318b859dd50e9fc2b5d699cd0cffa5ff52b836610 |
C:\Users\Admin\AppData\Local\Temp\uEge.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\AppData\Local\Temp\ugMS.exe
| MD5 | d530435c8df511947d56434f1e28cc59 |
| SHA1 | 12e6c8664eb6f4848f35daf63c6b6b9e43e19d18 |
| SHA256 | 79f634021e6d89fe81250ffe1c570d96411180fd3ee38cc218b3133f4a851fbd |
| SHA512 | 95e6033c1e4f2a31bb896c6ae35098931bf04369d23b2721d5cc3d63c1352c1ca4b7637ff1ac99f4829b62aea20614125bade8eda5d091382b0fb76e060562f3 |
C:\Users\Admin\AppData\Local\Temp\gkww.exe
| MD5 | 87160407f4bb324ecbe65bcb354fa801 |
| SHA1 | 67bbd5e4cce67a126eb771902038b58a1f84a4f5 |
| SHA256 | 0bec8d5f619244a92c3a692b32a72a0d11a904f5caa10fb464d99555ee6f670d |
| SHA512 | fb32200d9f47a7ff81893f5fdac083891e0caeef0e6a5daf3f6b0d8922c4279ccc8f7f233e0b8cd3dabca99ec1e13a7c9f7706bc94f9c8f445b0e43647931965 |
C:\Users\Admin\AppData\Local\Temp\yYAs.exe
| MD5 | b05da87408693b4b4a8d75aa5c5bc1d5 |
| SHA1 | 137826baea9b3688581b39400c9a0954a8b9d847 |
| SHA256 | 123d85197ebc4c1cf6ebdaab2fbfd4346c32e8e810e54c834c0635775f58dfce |
| SHA512 | 5deddadadd25860ebb189cf61e9b1ac9cd86dfd260343c7f15494f19d1c03be6258e4969cc450b21b350bb6c16882c51742d24e9a92bf3281424b33f7a59f545 |
C:\Users\Admin\AppData\Local\Temp\IgEM.exe
| MD5 | 00645e35d1e57834eb3a99d347bbc50f |
| SHA1 | 3f8e38376da06ca120e86a2fbc3e4821c9c35ee4 |
| SHA256 | 1bed878afdbb9bbe8f269d1d6a348639bee70fef106ccf6b672efc6eb459c108 |
| SHA512 | 65e09e8ec0ad691986256261da21aac2f2667c7b90c666767988f51f0f6fe811e31a51855c3ca7d7406f7d08f2571354417a81dd5deebe900711634bb30c6cdd |
C:\Users\Admin\AppData\Local\Temp\WkME.exe
| MD5 | b76bc8cae23b28c537719f6be2221f3b |
| SHA1 | ad8a69893cee3ccc4aae94bdd17b26b0835888cf |
| SHA256 | 85fe4ac0acd3790e080d51138e7ccff230de3e27911a27098369566b61c02afa |
| SHA512 | ac4333ecf98192fce5c93320d6657c1646223c30b03523c273c1efd1606e5f0f545fe76e7cd6df0d444a742b534a704a585f29e172d4cf2ae7a50b3b60b786bc |
C:\Users\Admin\AppData\Local\Temp\PMYoAUks.bat
| MD5 | 6ce3413259a48fd470cfadb75ad0e470 |
| SHA1 | a0da8a72654565746d1599d5b05af26b3691efa1 |
| SHA256 | 3a08679e42eb693e49fd9dceffd0f49101c58830924e30b852f5af840fd7ecb7 |
| SHA512 | de02ec529ff69d5066ea908e1956d9e739d0d72c33a303bbd1ec247852f7d3659022135096a242d3351551edcbadc7c7e8dd81980055752a0e61b7455fd62a4e |
C:\Users\Admin\AppData\Local\Temp\RWQQQkcU.bat
| MD5 | dd1b4f0f87369d40d9bcfcee8b4a31a7 |
| SHA1 | ef2516a95451570838eb4d543f0b393e54639ce1 |
| SHA256 | dbf3ec0255be48cd63fa9b522c69cecc3fced15485db581f32d6799f3cc39a3f |
| SHA512 | a2b84fa52dd0328514b323b959b50eab338775e27ceca8e384bb175a4a4ce13c759aa0c15137a1a7b5c1bbfb6b941418e2281fbb0a868c84d7495ac4bcbb86b1 |
C:\Users\Admin\AppData\Local\Temp\mMsu.exe
| MD5 | 10a81a0a694e1afff4842d7f62facf0a |
| SHA1 | 1042563adb2f5bf48f35c61419eb5cf8c89385a7 |
| SHA256 | 20a5cff5b4e02fbf4de363bd67bc3267a1c5cc3b2f46f963ba7a192b79992dfe |
| SHA512 | d0d2e9c29752f73d92f0233601358a9e85003f05ae4e55989c95e440eb079dc9f16bbae81ba99cff59f3a36bd010f6c5df7a5a145d59275363c54785ef4d6fc0 |
C:\Users\Admin\AppData\Local\Temp\MEoa.exe
| MD5 | d59474fe957a38b9f7817de9f701e707 |
| SHA1 | 34cf86c0f8a39e52b938887802a77ac716f2ef8e |
| SHA256 | f05a56a615e111597af411b30ba292cae945ba4b924fa59f5f312ccc8c1005d7 |
| SHA512 | 17afec7d806f05fd393df2077726b67e363b227d42b0fb55c8bfcf40f9565bee6e1d74552008eb1b51a3688e15c6072124087172f0cd527d3419ade00690000a |
C:\Users\Admin\AppData\Local\Temp\ccQm.exe
| MD5 | a2d62fe94b7bcbd4473c926cf882d1aa |
| SHA1 | 6bb68e3fadfb59605b5b498712addd85a04d154d |
| SHA256 | 423480290a2d5423feb3c040bda37e59189ec3ec330328f20b0394b7b84c9986 |
| SHA512 | 69ccffea893d249fcbaad5ec59c73c55e75d212924e59f0aab865f0e35273903fed131f12cdc8f9bf8eaee8178a3a7f90a75f30baca262ee99791f0d4b7c37b7 |
C:\Users\Admin\AppData\Local\Temp\WWccogYU.bat
| MD5 | 19e4237670a7d588c373b946cd25d4a7 |
| SHA1 | e1e85e1de664d15b53cbf19fde34b63609405b4b |
| SHA256 | 4940f754405a5c23806411a3f971090c7443a8674bbb37f77a2c60b74f09025b |
| SHA512 | 23b58d046de54f4609f2c73874cece1eb213fafa1d82440af19a1fb0e3861158fab512a2697061a7eff80e1e49c2ea680178d8e2d68695a1aafedcd10e59c626 |
C:\Users\Admin\AppData\Local\Temp\aewwQUco.bat
| MD5 | e504549cc369c5d45f1f2fd7a0ec3fd1 |
| SHA1 | 8b29afad6c3aa70933969051f1a1b52fae94ef1a |
| SHA256 | dd407c4480f1996407444501f114c1ef2ec5a2b7de5d699ebdde68b12cf34cc2 |
| SHA512 | f56a01a42068329a76bc1955fdc08c25914436b71cb487552e0417135bf05d8edb2dc93155692cd19d62eb799c3b9c9f8fcd29d6c788f0ee0ef6f4ebfe858f52 |
C:\Users\Admin\AppData\Local\Temp\iMkcgksE.bat
| MD5 | 2fc2af01f475ee9d01ea8d2e942bc095 |
| SHA1 | 9a97491552f6b86f24ec3405721462d6e2b6027a |
| SHA256 | 4776046147ea3d4dff3d48d1ebc0129dbaa8e54f7e4b329287818f03ffcb0e58 |
| SHA512 | 416ac7e6ed5877ad4ba35f76a627212b1038172eb7631e6cdde099c4c81e1fc6ff4189dc26da8d529d7957c3cf1255f392dc7350fadd91c654e2618ece6eba7c |
C:\Users\Admin\AppData\Local\Temp\UwcoAkQI.bat
| MD5 | d61c70703b7dc6eae0afc5bc244f14a4 |
| SHA1 | 7ef4cf9bda95e54961ac276a1b305030fd31eba7 |
| SHA256 | 8d3e07911805ca0f026876da19056312685a35aaff720e22e3d51b1490105de2 |
| SHA512 | 203194d120da0e2ef878920a2c442cc6d793ef2ae1ef715d2f61a5c8d99871988b619bcd9ddc32e963beb415bc74c6c01821b843a8c3c0ca9675665967c47d51 |
C:\Users\Admin\AppData\Local\Temp\dawUwwUA.bat
| MD5 | 29ad90d3cf4b6c147aed7aa14e358e16 |
| SHA1 | c6c6354a60b6f0f282bc30cf3afd4ebd14640191 |
| SHA256 | b0f5568bb5bf0afaaadd53fa566c72cdb4654a50a5310807b9a0da7fa5a1dbe8 |
| SHA512 | 03be4f38954361ae16fb1fe02f12bec2b85fed2e565e2f350ff21e2a65f153b256c3c47ab44d7de6d68a31f900797b897c4de2cc55fb99bd23827d25e2c3fa84 |
C:\Users\Admin\AppData\Local\Temp\PEgUQwQs.bat
| MD5 | 3488913c274d74beaa312cb2cd70a948 |
| SHA1 | 320a7b990564650886fa527fcb5f1deede8e6d6a |
| SHA256 | a872c46813e96b0789062d7094ba6884e0180ade03d9b1a4509a22059b3a8c71 |
| SHA512 | b4e0d871141ed8b641483d33cf85c345f38e3b13c29572a0f0d5a005f5ca50711c4413550d09642dc0b1f7bc0894f4a8b7509807d6b7d2d52375151cdb4064eb |
C:\Users\Admin\AppData\Local\Temp\hYMYgYYk.bat
| MD5 | 6cf0d169756ece68d286be7c0c5527ed |
| SHA1 | 0f6eeda1dc6cb2852cfdc66dedfa8d2393432199 |
| SHA256 | 4a47f7592a6a41a6b6766b8b3ec7a61df8f4c8d6f7d57e2119dd0a76f84d3226 |
| SHA512 | 13a0855ab4bbf224cd284b77c45fb3c93eda5b53e6516f5cdcee6afdd0061c02328e9942533a9489731a0b419e1832523539efd8e697155c23184655a2add08f |
C:\Users\Admin\AppData\Local\Temp\TeIQossM.bat
| MD5 | 42d57e45f851f3958890b69ec96d0f9c |
| SHA1 | aa59f272a357f2c95fdb4acc089c68d6a8d42317 |
| SHA256 | cc85c489c13a0e6aef76894d4c870276f01133f6cf1eb2197f57a8f64fce9ebc |
| SHA512 | 1e4bace2b985316fc2b98e682ecd748e57a6a596ca51ffa3fb48cc078795ef4fade8e6dc9f03d0f14c4408b36d598a33eae3ba9c7fcea0d5292563b383642a4e |
C:\Users\Admin\AppData\Local\Temp\wWcgwkks.bat
| MD5 | 1bc2810b59721effb5f428306a02960d |
| SHA1 | bb67b62c87f6fb705bd07f504e74d8b222f8acf7 |
| SHA256 | c60203e194a876eb5901f088f44e0960f5d2a21b533995384e87a128048316aa |
| SHA512 | c77d3ef4b5d8a1396704084d9ed10fd0ca8da1cdf85797c1a01d1873c51ddeb0c41bf78465529a353b94d9a905bc56248679c890f78ecee76279875acbed2a1b |
C:\Users\Admin\AppData\Local\Temp\uesoQMAQ.bat
| MD5 | bdad788b4ff7e5a4818b256ecbbffb87 |
| SHA1 | a2fb51acfe7086d447d985f323394a4a99d606b7 |
| SHA256 | 1bd113a8eedc4c3e0b2d1a954cffbd72ac21e6c6446da900453260340ce3547b |
| SHA512 | 0cba565399aa186453dd005b3dad1bc47584d8bbcfdd589fb65a816cea48a0a9260a57d38121dc19d89c2c0b0c6d25367a8c26ebb8d634160fd28be845d73cc0 |
C:\Users\Admin\AppData\Local\Temp\WAEoIAMY.bat
| MD5 | 58fa3cffc21414e6b11814b29030ff32 |
| SHA1 | 7085549b6b6afe6702dfb5f947217b4be5061dc3 |
| SHA256 | 06d5e441fb78d36054fcfb3439b802f013140fe62f748b245b7dff85c327a765 |
| SHA512 | 17a2bbab360b754f611e463f7793cca66f57a65cba3457a227fb76773e150530649e7a3d4802c7c46c05f0e6a21054efcb64d2918e6673b15d395bf91cf63dd3 |
C:\Users\Admin\AppData\Local\Temp\GeoEYskY.bat
| MD5 | 2bb2c44d9f6b91da06888c84ece9c149 |
| SHA1 | 1b08dec98754c37a5c45f6067986e13e0189d48e |
| SHA256 | d4fbfc1fb3bdafe4dd5a94e1db2e2ff8543f90e795aacfa9282f37f5b074f476 |
| SHA512 | 58773b9dcd5ed15d9db40fa2caebd6d59fd6683f8fb54da1b9eca8bff4a65e4d1f6d2e76e5bf60b2a829ae6e4df4a88787618ba5a1befc8b1bbaa4f32bb04053 |
C:\Users\Admin\AppData\Local\Temp\iEgMIIgk.bat
| MD5 | 2ab720f5ac8e249f0ac46c86145267c9 |
| SHA1 | 534d92380ca38d4d092f94badff1bdf251f978b9 |
| SHA256 | 699b00c613c4cebdcb379fbcce9b2165f9aa3411c5eff9d308a218f4e52f0099 |
| SHA512 | 155b49a36c630f377b9ecc4fcc27555bef2e26f366f61ff48b79e95583995c48d6f6bf46e9ad00514d8ef404568431ddb2e3d35aade9f79281b51b178cbb8833 |
C:\Users\Admin\AppData\Local\Temp\TQQsEYEE.bat
| MD5 | 07d799aeb14d8376781b2e143e23ea7b |
| SHA1 | 7a697e48be96ed5cbb640ed0375b1b6fd72416e8 |
| SHA256 | 1c2b1e4cb759cc88094be12554f23946105d03782b269bdceac672d8de5efd7c |
| SHA512 | 3e2d6db39dda3bb20db00b1f50ae237425a253830b267131294fe30f2915ee699207daf78def7e0da33c6e79dac727353aafb1a5a2f5de4f165b445e52dc0678 |
C:\Users\Admin\AppData\Local\Temp\liIckYUM.bat
| MD5 | 21ccc4a49b55f0c86888ef04d388dc08 |
| SHA1 | 4c761193e5cfb73c554166e1b9aa7fe8d3731cd9 |
| SHA256 | 45f5ee95b74c47e01216b1a89f1d81baa017c5e7f84bd4d3ff08449375b2f18f |
| SHA512 | 8f716c6ef6ae7811683120393e3d25f2e9b55e7e11e105295a46422bb16e70bcf69bd5a7a418523aad3a3729aad814668e18e5e7e9cb239760bfb6a399e42e8c |
C:\Users\Admin\AppData\Local\Temp\dUEssQwU.bat
| MD5 | 8353a02d675f0b91b05fcd22a86fd6f1 |
| SHA1 | fe3d152fd9582e66060fadafac89246e72866b88 |
| SHA256 | 451f384fe86342a9feaeeb9c3631e7664ec0e988d051a16a0460cb7b375bac92 |
| SHA512 | df26b70e55a7952d0d0c0db9a1fa174fe61e7c26b02e41435377b825477713a20f297d3b784a4158449fb6ef08c762f48231688b02078c9eab2b3a4205bf7bce |
C:\Users\Admin\AppData\Local\Temp\dcssMwsI.bat
| MD5 | 311745ba931274d88b59864c361d71b0 |
| SHA1 | 81b979bb71254902889c2fedce9c87296222d6e7 |
| SHA256 | cc4acbb37bdcd875a480a152fea2c9ec057ff8d0f6fb803a8ead1409fe5788b2 |
| SHA512 | 22c5d085a7982287fc92cc82a12cfdc3ec4bba272c854b189849f30650a33771fb809b86b91f2ef18a0a4cfdbde2e40c80231d25ed69da19f2b85e19654dbb63 |
C:\Users\Admin\AppData\Local\Temp\AqsUUoYg.bat
| MD5 | 9b66b32c58d2ee15b82c15c182436129 |
| SHA1 | 455e486c76937e5b48a6cab7a9bde0c6a4579f0b |
| SHA256 | 98cc7faf085481902caac6535e9f94683be3c545a40331ff315b010ce4d5bd44 |
| SHA512 | 9bb83293860c554023f05d045c915bf1ed4560f6449aa7334eda931c040785da2f29b65cc120b8e89429701471955ddcc311a318deff72ef32f2f64b20c48e35 |
C:\Users\Admin\AppData\Local\Temp\wEcQQYsY.bat
| MD5 | b91e96a620523504517f15eb09a190ad |
| SHA1 | 79fd1b11931a07048de7a323b2001e6d8f5b6863 |
| SHA256 | 9a22375e91fbdbb11fe5fb0090e33353a7b556f493d2304798dc553e45667e27 |
| SHA512 | 2a7f62caace487797dee6d0108ff9cf71422da6dc965b0775025612febfc6095fe4dc9b03b2ec276f038fb227762110958affc16d60ae283b7042f0e495f30bf |
C:\Users\Admin\AppData\Local\Temp\YucUcAQY.bat
| MD5 | f762d01c893443892656576ce76c8144 |
| SHA1 | e974bcb50f8724945835ba4fa990da105f80ef82 |
| SHA256 | 81488b5b50ced9e56abc73cc6bf5372baf9fa4b0a730c5ba83561425b8f9a76e |
| SHA512 | 3d9334727f245a0a5951c1eecc087814d1f326289c1e90d8ee7c71fdb73e7044dd4f9fe4effba251424f5d367a9259a755cf59c6b7e7aa9fd9019265cef458a6 |
C:\Users\Admin\AppData\Local\Temp\iUMgcooo.bat
| MD5 | 8807547207394884854bdbae9efe232f |
| SHA1 | 77a9991865a1a5c1ade61b889f8205453a8184c1 |
| SHA256 | dbcb5e1e0e838a91678e1c8391d4d52af0ddb09a42a486a51498c45a8332f2ab |
| SHA512 | e1ebaecd993fa4ec9717de9e9efe23a90865d87c5da2c9c13c0bbd6aff78529dc0c9e56c1d2b598292eccbc5d8aa3e34b9f57326d7bf36014ea34a4078bed43b |
C:\Users\Admin\AppData\Local\Temp\cWAQgosA.bat
| MD5 | 1b00dc526bab6526fa8ee3eec62bdebe |
| SHA1 | 66d187d2ee65ecfec6ede3a3a20d229c5aa06a2a |
| SHA256 | c3e439904e06d887adefc9bc3998737db7015abf4584181b5dfbce19e3b47410 |
| SHA512 | 8f619ba69d8eb5f4f4df4792cf2e558c2b99ad6a3ba84f233c59f55b062a79f72ca5ed3eda84a2606833c8707e693187b44bd5cee103e5729c67ec86898e6ada |
C:\Users\Admin\AppData\Local\Temp\zUkAAUgA.bat
| MD5 | a376a32a90fb0d7d2b569e914c484f01 |
| SHA1 | 04e69dfa0f564909cdb78cd78936f7a87c46f940 |
| SHA256 | 4f214c69cfd4e78c3750a665bc0a36299f722e7a9198a47ff661c9ea2dc2856b |
| SHA512 | f7f47f044bdc81451c1a66c0fc87406495d458534c0143bf5673434229529fd319a87cc248ad60233836ebf7efcaeea5ffc901ac2d4964eae6dafba3be8ed8e4 |
C:\Users\Admin\AppData\Local\Temp\jagIowAo.bat
| MD5 | 1a5aed3fa6729aef86e1d459966666ad |
| SHA1 | cdafd16f445768b628b5c9ea9ace924fc2217c54 |
| SHA256 | 91a8c1f08893d2f3a125afc28d163b25ba6c492848a28cb61b2beb6dad1d8fcf |
| SHA512 | 70a5490d14ed2fc61b1f08016c877cf8be4a1fb6387aa16cf334ffd0325f6c011c3606f979bdd2687692b65a9943e2cf25b6aec79aa9758919c6f15ba88f87bc |
C:\Users\Admin\AppData\Local\Temp\PegIoYsM.bat
| MD5 | 6960c29e5ba6cb8651cbd1d95a12b9bf |
| SHA1 | f6b88021d94681f274254d39493378b285c10ad4 |
| SHA256 | d130cfdf418805a66441e32912e2d1bfaf65c0b780da479051dd7abaa82107a9 |
| SHA512 | 60651e1215d66a7174c1aca6f8f87d7337100a6b04de563ca3593f30b1ccf0deb52f20bbc5a61b642a8d0e7d43194f91a49465d0382102742151a0f1e0524fd2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-16 18:00
Reported
2024-10-16 18:03
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (84) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\DocsUEgY\BOAQcgAo.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\DocsUEgY\BOAQcgAo.exe | N/A |
| N/A | N/A | C:\ProgramData\sAsoockM\WAwQUoMU.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BOAQcgAo.exe = "C:\\Users\\Admin\\DocsUEgY\\BOAQcgAo.exe" | C:\Users\Admin\DocsUEgY\BOAQcgAo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\WAwQUoMU.exe = "C:\\ProgramData\\sAsoockM\\WAwQUoMU.exe" | C:\ProgramData\sAsoockM\WAwQUoMU.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BOAQcgAo.exe = "C:\\Users\\Admin\\DocsUEgY\\BOAQcgAo.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\WAwQUoMU.exe = "C:\\ProgramData\\sAsoockM\\WAwQUoMU.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\DocsUEgY\BOAQcgAo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\DocsUEgY\BOAQcgAo.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\DocsUEgY\BOAQcgAo.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe"
C:\Users\Admin\DocsUEgY\BOAQcgAo.exe
"C:\Users\Admin\DocsUEgY\BOAQcgAo.exe"
C:\ProgramData\sAsoockM\WAwQUoMU.exe
"C:\ProgramData\sAsoockM\WAwQUoMU.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bUUYcQUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ukAQUEoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IWQwMIwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uGQQMUwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EIsIgswU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xwUkcAIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tIsAEMcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tuUQcQsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lSAcwYIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UOUQIcMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mIsYokEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qyAsgMoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZkAsMkYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lUgkksgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VCwYQUQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dgQAwEcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QykEIEUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UUIQocgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EuYYEsIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WAwoUMIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hccgEEYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pygoUAEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zysoIQsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uqcMwYYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GOkAgscg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aaMoUYcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eIwQgAkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LYMYEQQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pAgsgYYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zyYwkUMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rMcsAIQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kicQoAAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EgQUccIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YiIoMIMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HooQwkgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bsscwQkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GKYAoAUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eQMUMEMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KQkkwAIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zMEUUUMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DsgcssYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Xqkccowg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BcAQoQgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QcUwMcMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wiUgoYAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CScAwAAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QykwsMQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FUgwkoAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vsUUEMAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jqwEwwQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dyYEgEEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uMUAsIEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CUAEsscg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cEUYkUEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pscsowEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HIwIogUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XGUsgEsU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KKwMskEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\agAMkcQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\woUEwAgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kaoUosgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rqYgswsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NQUoQUsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DYMYAsso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nacUUcIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eugMsooQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QaUskUQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qOYowQww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ySIEgYcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xqckswQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nigMYQcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hSMwAEsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QMAoEAsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cGkskQkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cAsMowgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HWAwUQEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xSYwsswo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fAEwkoEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SOEkEEwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Kygocwok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gmwQsQMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gKcEUIkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JUYowoYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jYwMAMEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zacUIMkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PcsskkIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wUgoEIIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\quUEEkQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EckEsckg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aEscIssc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hykMQwwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LsMwsAIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BEMYsoIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZAIYAQQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MaIwgEgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CuMcEEMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SYoQYkcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DQIEcscs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\busYIkQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jcQgIwIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tsQIwgMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CGAMwoAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sCoskcEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\sihclient.exe
C:\Windows\System32\sihclient.exe /cv kuntvdUWbE+3wBSbvdMQXQ.0.2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\imwUQkMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LWgYQwcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.169.14:80 | google.com | tcp |
| GB | 172.217.169.14:80 | google.com | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | 68.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
Files
memory/2152-0-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\DocsUEgY\BOAQcgAo.exe
| MD5 | 2654db924573af9971d9f517bd64321e |
| SHA1 | e49510a7405faff4dcd633cf56e0153b9337b604 |
| SHA256 | e562b04c745aab66949565d980fb3b4b9426e501fe7d236232db95f271170394 |
| SHA512 | a822541e50b2cc2d83f9b7b6c662be2c04776171face1b0ed88a78b0d9c8f0dbfc8b8889d3436692f2065119798b531e049f05fd7c9c0a2316d8e62e32e3bb3e |
memory/4120-7-0x0000000000400000-0x000000000041D000-memory.dmp
C:\ProgramData\sAsoockM\WAwQUoMU.exe
| MD5 | cd9ce3db3a6f8fea752380dfbbb427ae |
| SHA1 | a06a51a5b85e725159c1f9ff1152f1583f0af931 |
| SHA256 | d5524f6b42e86ed2d5324f597b3a0dc9537ac1febed351a0a8c04c35b4a51280 |
| SHA512 | 0f5e8a2af64d06317cd9ab21ffe48089e74b3ff5bc6d36ae0b38dd43d8cb2bf6caeb3aad639556244b802ce5e46da1c8cbe4c6c5ede53788087210e0a75180ae |
memory/8-14-0x0000000000400000-0x000000000041D000-memory.dmp
memory/3124-16-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2152-20-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\bUUYcQUI.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\2024-10-16_70f0066d643916ed531583f3b3b6382c_virlock
| MD5 | d715f659c83f2b95e8a4ce1233822e94 |
| SHA1 | c2a5cedfe5e05fa74d17bc6c9665d27823c3650d |
| SHA256 | 8a3d3787c7a87042010865e1d0aff07486ed919cecf52b21746ab8c6ec7de94c |
| SHA512 | 1afe9f4713af2d2e0a509fcf2e727bc4fec2099291480d2edfa9f4e0853376d690a42d5c7af37232d21f21afa98d5e8ddc6c45fa8f2829e9eb6930792f92dde5 |
memory/3124-31-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4488-42-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2580-53-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3548-54-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3548-65-0x0000000000400000-0x000000000041F000-memory.dmp
memory/864-76-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4936-87-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2224-98-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3952-109-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4540-120-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2172-131-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2220-142-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4388-153-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2068-164-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1032-174-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4900-186-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3684-197-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1720-208-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4360-219-0x0000000000400000-0x000000000041F000-memory.dmp
memory/5056-230-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2732-241-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3968-249-0x0000000000400000-0x000000000041F000-memory.dmp
memory/864-257-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2272-265-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1000-273-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1604-281-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4384-289-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2472-297-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3092-305-0x0000000000400000-0x000000000041F000-memory.dmp
memory/544-307-0x0000000000400000-0x000000000041F000-memory.dmp
memory/544-314-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1624-322-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1236-323-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1236-331-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1312-332-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1312-340-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4148-342-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4148-349-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1788-351-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1788-358-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3320-366-0x0000000000400000-0x000000000041F000-memory.dmp
memory/532-368-0x0000000000400000-0x000000000041F000-memory.dmp
memory/532-375-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4344-376-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4344-384-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4964-385-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4964-393-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2656-401-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2888-409-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3252-417-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2408-425-0x0000000000400000-0x000000000041F000-memory.dmp
memory/5032-433-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4360-441-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3828-449-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3308-457-0x0000000000400000-0x000000000041F000-memory.dmp
memory/540-465-0x0000000000400000-0x000000000041F000-memory.dmp
memory/3932-473-0x0000000000400000-0x000000000041F000-memory.dmp
memory/212-481-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2912-482-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qcAs.exe
| MD5 | f8d5dfe8f538e1e28a9a53b705ea15fd |
| SHA1 | 5810546591b4659b7ab2d6cc403299252481c6b5 |
| SHA256 | d306adc5df056eb893ec40d617cd6dd117935b5efd1b2220e047ddca5b2b1363 |
| SHA512 | 69fd2f07b80978509c34e78aba8e5704d7e383bd9d0a498cd73051458b9b3d1103b2aa3b90a598bf991fb80735181e6f0ad866109211de746ab250fa625b0d60 |
memory/2912-505-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KYEe.exe
| MD5 | b5406010c21e7666a899df001b4c0509 |
| SHA1 | a8b146427c367bae6d488e400662fd618e1f0563 |
| SHA256 | d6b12a53a7c080eed502e378b6fb89c6058c907bf7d2df1c6ceebc207e390079 |
| SHA512 | e174911431f2049d641d9f6f28e31b5be886c22fc88b5ccce15bf2a5db4ceeb80fe156b62c2231b2320a8e547a8dc1e4c9d050a6b25b2b736248b767612a7338 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.exe
| MD5 | cc36bde28ddc468b7e9cb79b853a68e0 |
| SHA1 | 0b1f47a93495c287428fdee67a9ca71c3dbed15a |
| SHA256 | 593cf7587507e894741712a5e956e8a6845152b2276ba241857f9dfdae55045c |
| SHA512 | 56cb6e8cccf87337d6f45e13636993c08cfa0438ed03d14560ae6c33ae743ed15f23af7bda73529572b5f4cd214173bde0f9b6613986339ba485f996ee2b1652 |
C:\Users\Admin\AppData\Local\Temp\YIsq.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\Users\Admin\AppData\Local\Temp\OoIa.exe
| MD5 | 1aeaa5a4251a91a3c6adb8cbbee09fc7 |
| SHA1 | a1a9d4b2e602cf314c2ac7d7eaac9fc1b1bedb9c |
| SHA256 | 6152c9e54c8aa8ca96d2e6bf54c05fe7a026a063d348a6f0310754b018d5583f |
| SHA512 | c277dbe3d046b551ec70ec9bdef2ef57fec4aaa490c992225f9adaaf6c1cd91da4df89cc74d1b5cb3fada7058eba4e65a3d107def594e0bc780c3d7400f8847b |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe
| MD5 | e6b7bf6a1c483fd9ae877bfd7fef26fa |
| SHA1 | cf2ad307e9c5c07fd051de0845f42f1766d1f528 |
| SHA256 | adb7e5dbfaa4b0f311745eb587204b20cac74ab59f699ac4bee06bfd6ee33d3e |
| SHA512 | 04634b2feaf5d6e4d1bd905f2f1807a4af3a3e8f76c4e5992482101126239e7153b7237309e7aa1f9b816993cbdbe1e1c09556d5b419bcf170b45fc90e7aca33 |
C:\Users\Admin\AppData\Local\Temp\MYEO.exe
| MD5 | 00b878a1df8e5c70535fc092294636bf |
| SHA1 | 9ddac8084e5fba94f849bd73222afde4c1959731 |
| SHA256 | a42642194af84f226e4194383c15db7735a587db5f402df6f33cdb4e618d3458 |
| SHA512 | ed57adf3e69a1e7cba7e729e9cf355486869664e132250aef1d70552f3cbb0293238a6b359a2eea2139877b4e94e58a333e18a40d2d715d91aedfcd305ca7682 |
memory/2656-583-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QUAc.exe
| MD5 | a45e8537163d0d457dc842ffb905b9fd |
| SHA1 | a3b389864520bc7794a52ae73e77bd515f5ca151 |
| SHA256 | c9182440b9a478a75b85d42878b9dba4a6321238493018cd90ad06afdd1b8188 |
| SHA512 | 9304e13f11f512e30cd32dea03c9c23950c606cdb9ddfb1d64f20ad4400c05ea7475c7f2c7e9d627e93d93d35cf14cc9d8c19b68bd160a57c966e11e918fedf0 |
C:\Users\Admin\AppData\Local\Temp\SUQM.exe
| MD5 | b6820cff22a8dc50b3399608c750be4e |
| SHA1 | 147a94b5e1bf7e6166cccc13087086c7470288ef |
| SHA256 | c5b7f6e3c95c2e69da9cad24704651dfb6ee0b35ed3152cb7e5445b98bd7df5b |
| SHA512 | d6ce226c2fa054a90455f9a34959cd9d346da71481f34fc0e4167b7c4f4ebe1cae52fd28bec04ed05e01e1af220becb769afc60eb9f8e873d44d19288cce266c |
C:\Users\Admin\AppData\Local\Temp\WcEM.exe
| MD5 | 6d6eaa8d2528189828e375d758660816 |
| SHA1 | 73d06b79c5e1431440e6554d0ae28a63049b0b3e |
| SHA256 | b67349dfdb64b7bc556edf4288cb7bcff8e9e5bb660e1afb88d49c9ac9468fff |
| SHA512 | 7500a6ab743334db1a9193134a762fb55acc62e031eafe145dd6af6c0a156ec551bba83f8a0c1074b85f73c2ef6fcc1c8ba920490295ef84da0cee657c97c22c |
memory/3152-633-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\UcUk.exe
| MD5 | 673855de7a9b08ca62d07eaa7edfa152 |
| SHA1 | 9fa2e40dac070c5c638c162dde5bdc898712e5ce |
| SHA256 | 52d393b93d31e7bb8d6d55d9250ce428b8d132a007dfd86d3a575e03f538e2a1 |
| SHA512 | 05d1ee26ad125480369402818e13b77ab0471c6566f35fb84cca6e636691590dbc0ec6f236e5bdff15a86a0dc0c19f122eb3fde2760a33811a4ead3ec0803565 |
C:\Users\Admin\AppData\Local\Temp\YosI.exe
| MD5 | b17413234ebf6e59ca09305f347d94f0 |
| SHA1 | 2499732b5f040a82fe25810efb374c83a110f918 |
| SHA256 | c381c668d9bb76649e23ad28c8a15387f2add00d3cb8725f0f762623f860a46b |
| SHA512 | dd7cb064dc1c62051c35f6707ab32ae4fd7c59910863975e53c62438709f7bd924f8719bcb86dbe09c827a32e3847013f1d249c19342f8874392d773e16e7f0c |
C:\Users\Admin\AppData\Local\Temp\qcEK.exe
| MD5 | 6f6066029de794b4f24a1af63425ffe9 |
| SHA1 | 81f7e462dd303b47aead48056b0cfa4ba0e70521 |
| SHA256 | 9dd45924dd56aefee61b9686de5029468c2cbcc0dca5741bf0ff8b1cedf32b47 |
| SHA512 | 6574ba5bec599564607547317ac2afc2ab9ee850e7574b8ba158fa3c292071cb139eba13dd1abe90f54a03a5b1b2be150ed7e79446180169ff51251c3b5f9183 |
C:\Users\Admin\AppData\Local\Temp\AUUA.exe
| MD5 | fa3158284349eacda703c86957a3313c |
| SHA1 | 6701f4c0942185b58c092d9dde83e78c0c783d91 |
| SHA256 | 423d5dabd808ff9f51d0f3886f96c3eda9d8d12153b23884a994d66cfd8f5053 |
| SHA512 | 0dd09b9c204edf46f6b12b0600e3bd89e99af32104dafbde97be920d39b40d8f4ace75681449723e9b530d0352c7a1246b34a1cbef36c2b59677e307fafce53a |
memory/2288-697-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2772-698-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EckU.exe
| MD5 | abd345264a073afd0de31e936a086c58 |
| SHA1 | 791af5099ac851109a566b5fdc7b1e0b6926b23a |
| SHA256 | 4da737c5055f8db03f039be11322a17bd781c8c71ddbda02a029de506cd5afb1 |
| SHA512 | 035f1cfb47f2b2d2c485515e63e26b859445f555ab1813c8da0281f5aeb8ca8db6265d0f0dbfe9e3745fc8a1205e739f4dbfb54e9b93b2d5444219c8ee4c1b60 |
C:\Users\Admin\AppData\Local\Temp\ikEU.exe
| MD5 | 42307ef617320b2933c2d8c7534bda81 |
| SHA1 | da0ebf380505217d8d4294b694037d42fcb0fa96 |
| SHA256 | baff5532ca018c111e10b12bf55d8c5a3d88463f2c38efd34c380b4c63919ae3 |
| SHA512 | 41f55550fedebe64777ac717538b931947fe47c4387cc778ad6b379ad0ab7ccd2827ff589cba33ad896b04ed3192b867cbf51a8522636e48e14af6382f5e42ba |
C:\Users\Admin\AppData\Local\Temp\qEsa.exe
| MD5 | 04c4af1a2ed1fc89f953a7ddd269508f |
| SHA1 | c94c4cdd535eb4b8873d7b7ab538c0d431304837 |
| SHA256 | 727868266751472aeb616ce9fc5271bbcca3c974677a2728760bb5d82fdd8d62 |
| SHA512 | 3e5494c7424b2623cf80fac14c5ff2d4a85a462874a3fab80c769368284ffeafc37695f6fff5e2b58e786826b75d12692c3d69211486b33e55194c12b05a2dd8 |
C:\Users\Admin\AppData\Local\Temp\cEwC.exe
| MD5 | 245a5153adb40a13cf4f3cce068e6e39 |
| SHA1 | 31b2401520e47431f9698e28fee8afe538a5d728 |
| SHA256 | 16682971cfa50a349360927cae2c1ef45b2e384c4d69bf3207792d31fc96c3d7 |
| SHA512 | a9253a6125ccef905c7fc2409e870870f7f585bf508f30c406e4c9050a3d1ba76bae687725cf7b49f41548bdb31a0daa1014105abd39afa82c3d4fbe138a306a |
C:\Users\Admin\AppData\Local\Temp\OYQm.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
memory/2288-762-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CYwC.exe
| MD5 | d6331de8ac81cf4e70d58864f290732c |
| SHA1 | 88861132a761cc09f84acec5c3b9e5082b5680c6 |
| SHA256 | 2984342c02517bcd7503e2f158b41d1bbb6ecbb9fd83578d304b18cddf9976a0 |
| SHA512 | 9e14e71cc6ba9cb720c0557a4eead7d044c6baab37b5828f683daea73f9347385e5eab12238a4ac53092de85ca21349016f63d97230d27fe8efaab2c86f503fe |
memory/4708-777-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CUoE.exe
| MD5 | 106e12ab4fe7f4133231e133d1f67ae5 |
| SHA1 | 3bf35cc532f766557629b6220a8170fbb3dfab89 |
| SHA256 | de25bd3ff5be8d901aeef0fba8cdd28fc8d6f7853389afa7898ee84c3e6486e5 |
| SHA512 | fa38da1a79884848f90fe22716103eabc079fdcf3376f1edba8746ebc22bff7e5cb6aa02bd30ebbb501b2f5ee7b0b30b997ec041ec6d5b8f890d23e5e828cffb |
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
| MD5 | a80ea4ad844b87f494641a85caab27e2 |
| SHA1 | 187c90a09a74330302dd78189b11cd3872ee90c9 |
| SHA256 | 1c89fdefefc69239bc5daeafa324c0c93b2d210c2b1c74cf903f5c43e7e7a8a6 |
| SHA512 | 2de4a64b236025ae5b78837dfa81e6c4bca9491a44df25d83f8e63888be1d3f936abcf0edec0105a08d80551909dce154b5ae1ea8df5548bb3c09af9949c0a64 |
C:\Users\Admin\AppData\Local\Temp\uAgS.exe
| MD5 | e27e0e88c821147d6cd02b2bdbcef213 |
| SHA1 | 132eb36659954f22f4b33e062fe4d892f5b6686a |
| SHA256 | 9c5f6bd6672b13a32bbdaedb85eb3417d81f864f72897469148307dae51e3b1c |
| SHA512 | a41a14e960dda7a1403e58cd06198e590601cd568da016c4a622fcf41efc39505a037e07271e90ca8d6775f753f5f0fcb8edca3ec457350a45d0cd27fd7adb86 |
C:\Users\Admin\AppData\Local\Temp\IUQW.exe
| MD5 | 1f1c39eac5c8b89727a8540f83b27a56 |
| SHA1 | bf7921a0265ad010310c22ab0043acf029b340b7 |
| SHA256 | 9a7209f6d6353c1ceabf85511382a94376e45a85a08961dbb986ed61e3a142ac |
| SHA512 | 239291ea75654b869b3a89360e97fa2a7949e6de1c6853ad9249641a3dd872625674c11c3f72b4d3b5ab2dcd03b15832cf29324b0aee90330c0a4a362bc34143 |
C:\Users\Admin\AppData\Local\Temp\MIUW.exe
| MD5 | 4667edf300c15c615167e5099d3680db |
| SHA1 | 7156a28334d1127a6ee2294e31043c09e027fe76 |
| SHA256 | e4cbacf6aaea596d86612883282c254fd1543ad1a9416e2a79c1c273b041baaf |
| SHA512 | 2a9a69f4e628ab73417045e331dd668395376c147bc8ebc3383a11588797b3172fad44ed24ce7230e9076bfecc29503c1cb55e7791e5839132121c62a0ffd24a |
memory/4708-855-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CkoG.exe
| MD5 | e97c598d5a67d05138755b55a48dbafc |
| SHA1 | d634cb6e18d1cf52c31c8e3025637d8a74e53829 |
| SHA256 | c3a81c3cbfc66a04f2abaa3f3295e1cbde91676d1b5ee1db37cafc9f6211bd07 |
| SHA512 | 71bbf77173348057af8b6ebef99a70f1b442cb3eaec9465064b23c3d75f93e75e2cf5dce19ee5e42937d6ed99e9f8df08ab8bc2313a44c78e4eb22fe8d70b7e8 |
C:\Users\Admin\AppData\Local\Temp\cEEA.exe
| MD5 | c582c40465806a4e7d4574d49fc155d3 |
| SHA1 | d8d9d7feb8f08495a6b9eef3a102662391e08a5f |
| SHA256 | bb7e0acb67ee52e42ac047b7e7d5ffe45e7938d7233cb76bbaa12ddb812cca6c |
| SHA512 | 668f667b87f72907374381f80beaf8ad0930e7d463c6a5af0d98a00a1294978fe2428247cb419f8999940700114e6f86693cd786d69026d9b52dbe8bb5f03abe |
C:\Users\Admin\AppData\Local\Temp\ecww.exe
| MD5 | af94f06bd8e3e8b60f101fe2de9edec9 |
| SHA1 | 07dcfa5bd1ef047eea5f97bbac2a376a4c708117 |
| SHA256 | 6b4a739700507b3465f3378245cbe9aa3d565658d551167b6f48f0eb511a8473 |
| SHA512 | ad41f4606d25da153deec13603ced0a2c5e8b2e5bcc1f9df57827e92b57558b54140db9cecee35f28e3e57ba1b6d80ef8f95011d695bf1c843a40fb6cbe05972 |
memory/2656-892-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CoMc.exe
| MD5 | b803227a3fce0a9932569f286db88403 |
| SHA1 | fff23acc3eac1fcf641c450b8f550b5e188897f7 |
| SHA256 | 60e40b60f027438ddf51adcb8c3b1dfebc7074521a08202c73e7d5cb18d745a8 |
| SHA512 | 34f0e909c61b3dee682047aa94e16011aea0b27450d6344f8b986e2c0e4af388878ffb07d8f986ec13d5b31bed42b9eebad081d57745fd245801b4a5560b6777 |
C:\Users\Admin\AppData\Local\Temp\iAAU.exe
| MD5 | 6403830fbd517a7d13e1947b598f327e |
| SHA1 | 9cb696ed5b598b9e63ddfc7c0f350a474f2c11a3 |
| SHA256 | a84765c642ad5331abcd77651af46ecce2392e2de8be7175cf10b9b141e1cd4e |
| SHA512 | d9869b1bc569779ae8af819e26c0ad1b192ac91b784024f65d040bf84802359d021320cadd89ad4d4da0f169a85cd5bd94022cbd6bf7491cbc8fd06678701120 |
C:\Users\Admin\AppData\Local\Temp\qgoa.exe
| MD5 | dd4dd66355f7b083459b8e8f192a541d |
| SHA1 | 9f4a278954eeccf0a9a417d984b9e82035168890 |
| SHA256 | 29302a1699961cf0f3d78c07e0b5448e6d6c27f2051c230ea0b2e4bab72b11ed |
| SHA512 | 506f9fa51ad0ceb8f47ad278f32b2a288557f387994cd821df8098425d771052c99e768c5026d820ffbb91fb37119be1c5038b52b21a31de4e91b82beb3bf50f |
C:\Users\Admin\AppData\Local\Temp\YYEG.exe
| MD5 | 23d87af972f9a708825c023c29a46106 |
| SHA1 | 91f46340a73a3e6cb6c27533f14f50b5ede8580d |
| SHA256 | 46c84698af3783830c7d0a1ffd23ca806f0011500028a94157431372064b96ba |
| SHA512 | 6aab304f60ac97b958b7b9adb9316a82b63a95be80fe0ea2a9eb95fac09eee521b0e79c7f5f0f5fc6832fe325496bd41daa474d7b1af3332238d39579f62a22c |
memory/1468-983-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1612-984-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gAsu.exe
| MD5 | c3ffda228b56dbc080d9b01b353339f2 |
| SHA1 | 2c53637fd9f98bf4bef587ebdbd622011ac34828 |
| SHA256 | 3c73306afedeacaf8c9413d157dcce240c0127c41f35cfd235dd2708a096bfc7 |
| SHA512 | a394f0e0c23a0d3557a442e852c7438dc613be5a9a6a81341ac829c5a51959cb3fbf555890fb85cfa0a9eea09d2e6d9e65449f7bd0a529470b22a0fa1cd2101b |
C:\Users\Admin\AppData\Local\Temp\kgUI.exe
| MD5 | 3f559efe1b7f76df01931e0be50e99fb |
| SHA1 | 8622877f4810248bfbfe0186844f960e76f58948 |
| SHA256 | 90e0b9a24549b7ded47ff53a63b45342f50dba975df7ec2463b7231474aa0b59 |
| SHA512 | 590292eb0587aca4c26416e890464c7d1454ac6eedf1a59ed6a3df82bc060ee7d9aaa9fac11bed20aadc997400d8d62ebf2a945ee5ac180529bed5808196265d |
C:\Users\Admin\AppData\Local\Temp\okQw.exe
| MD5 | 2d8d49af0665f67a0de2bc387d8bf33f |
| SHA1 | b4013b2b716b2cf8eed824170b06e83ebb570250 |
| SHA256 | 0afa50422c1f0a6a9042896ec6342dca3ae2c6de1e539d1ce8196cabed68b101 |
| SHA512 | 116ff012eaf0fe31ec909cc7fc90c04fa4c9e2f194452a8d5719ae55e30504e96be5d42c830e4c3d0dcc63eff166377178fbc51fb8fb1eebb1489baa08f39784 |
C:\Users\Admin\AppData\Local\Temp\oIUk.exe
| MD5 | fa50ee56f8b547c84dc2249b315ccca5 |
| SHA1 | 7641d0b6dbd3b4117419b6fd48d63df8c2a5cd59 |
| SHA256 | 44832c0979e53dd6f73540f6b3c452b6a78f0c51fc9622f65bcc2a21c525460e |
| SHA512 | 94624a593cc0eff512b3c51e0f9e4e4410da0a3950faabc4b64409a54bcc04376bfc7b8c16d05f9d1d5f71e6d37ee464e9ca6fc498fa21e25232463888f9ee83 |
memory/1612-1034-0x0000000000400000-0x000000000041F000-memory.dmp
memory/4336-1035-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\UAkU.exe
| MD5 | 1fb4748aa03edd4c3bc33c28e6c711a6 |
| SHA1 | e674c61cb34ff6684e51824252172ba959305d33 |
| SHA256 | 5d950239c02dbc88202f3e255c4cacf956d285b104176a6be8db23b1844813d3 |
| SHA512 | 250752d99558d877b90f5e4af60b7fe87a47824ab4388078d48962a85d84a93a6b9aef69c8ebbbb161a2be506ad3fc11168bc36079c29b66ad74c7484efbb845 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\images\blurrect.png.exe
| MD5 | da3227a53501edad25046b1c68022a81 |
| SHA1 | ba32e3d53fa481779205b1eee26dc4f903fbbf9a |
| SHA256 | fd2330ce57c22ae71e0440a120c5d22076a2373063cb9a4225d37c4b147a8b47 |
| SHA512 | e407a9b62a8286406f22ae869e27cf911a530552246adfe90a757d9e720e1bdb300525a24eadf135e09f24700134816bc2dc4a0a69225f8daac0272ea77a24a5 |
memory/4336-1076-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\iYgq.exe
| MD5 | dbe8dac3d1e27449205a08d779fbb331 |
| SHA1 | b41c02fbdc84d21ac45f44eb1fff8de32fdc9672 |
| SHA256 | 4dc30b6139b5ef0a10dd0d3fde2854c28001bad84c39dd9cabc719861cf1a9f9 |
| SHA512 | c5a2530b3da1c876d19969c7313fa13f47147951c05b5ba9d4c57c7bd9ab843b03fdc0d37099e31028af23402131836b25965f2c55cf59ba287bb85c314464c7 |
C:\Users\Admin\AppData\Local\Temp\qkkU.exe
| MD5 | eda01d24edbebd182f54c316ffe1a082 |
| SHA1 | 99d90b8ba68226244f6827e8b87762a9813ba796 |
| SHA256 | 20ce03a25c5bf077cbedef17981434fb987358512b62413059a3693e79e4a4d3 |
| SHA512 | a963523fbd88dc225ad5ed4a1218788c37e48b3e2251930afe228a594ff3a471f253a5f2b85df1b1d6ce874b01fc36bf2c3d5464b42ea471870724d26a4d00fd |
C:\Users\Admin\AppData\Local\Temp\CsQo.exe
| MD5 | c4e9b1246a04fedb7d7dc6a0f5766eb3 |
| SHA1 | f991ca622928a37a4e5b75b80c835e2c35840433 |
| SHA256 | 388d8a9f912324132c1e053606d25876ffb597ff4e4e0407612312d948e2844a |
| SHA512 | c090873505c3b41a06c1880f2efb22d591ecf044fb4762f3188eb37e331edf062fdb3b5a4ae6f629d78a6c4ff3f4e0eadeebc4332de79fe5c8e69482b6fc669c |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\OneDriveLogo.png.exe
| MD5 | d53a6c398dbb88f4ed65bb7f6c6bac96 |
| SHA1 | 6119fc4e864a1d24ecec8417b30619dc8b935d39 |
| SHA256 | 5b99f39b3cff3aba13f6ad9aa45b643dc93cb38a01272823377e48b546c6fe57 |
| SHA512 | df6e0200d93939d22be8b79171fe247c7a9e0f2590b5503c902f88531862407e1cca0334196c8e3661ee7f106d942c60bb86c3ba639f00232759fab032acea1d |
memory/3860-1134-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\SEAu.exe
| MD5 | 273768624fd45e84a78dd776657136ce |
| SHA1 | e751adcf7f49a2161cab2ae1e1b3626e8dd819df |
| SHA256 | 8fee2820fb0e01c580067c07c472e7bb5a4b66b744eea010927f0d280194cf46 |
| SHA512 | 5797826bdf65e6b019d47f7fac7514a5b86b4a7e7d94691f3a5b30583e692794f54f1102bbcee538c48f3a5a6e65da8c9649b44096dd215b2c347104c12e1bf7 |
C:\Users\Admin\AppData\Local\Temp\kYgC.exe
| MD5 | 57b15b319ad0b5eee6f1dd0e82a91cd8 |
| SHA1 | 7a20eb375067e48b43608d57d831ea54265702c1 |
| SHA256 | ddd7e6718ceb2115b326802a561da141170d661cbec3f3030b3fc303a1a49a32 |
| SHA512 | 75f9c236752f8322917c560495967698527fe3cf422b6154fea7b5cb75ef146def5f3cc365bbfdbfc613dc0c56b57426ca5319c3702970344b188628e83a0b3f |
C:\Users\Admin\AppData\Local\Temp\qcYu.exe
| MD5 | 439f356b21f9f44bd45f851cacb5dbd8 |
| SHA1 | c8f15e199c1b0525285954a31f19fcbc77082286 |
| SHA256 | c1be162b3ee9b51efd628cf5b7854874bb5a84b4fe79bdd9ca46760288065f32 |
| SHA512 | 85b9537d73de0d413332385ac388a2945080a21be8727973eafc35338e8b3d579cf41eba467fa92cab5ef126afe3742f71e54267e351287fce49a26dd8b2bf95 |
memory/3132-1185-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\iMww.exe
| MD5 | 1a327898728e6954f2217ce9c7fc6d24 |
| SHA1 | 4095966b5ba7669500cb4303c381c6c6ecf7c898 |
| SHA256 | 9b360e16e5e7928ea65f91fbd3749114f0b253483288102429c69e9794a22309 |
| SHA512 | 4805ef7b517e1ac24560896535485cd01aa4085baac3ed027fb16511f390abcd910291eaccb2b64e5c47b86479b38ced40b6c1967282d8e3caf0c9ad96cec56c |
C:\Users\Admin\AppData\Local\Temp\ywUA.exe
| MD5 | e53b365ec2e8ec16d8c762751f105646 |
| SHA1 | 7ff3138c4e7a60895dd68aed56bbf04cbdbaded5 |
| SHA256 | 59b96697d29658d617c43a494f59145c301edfcc634797d9f023b2c0f203614b |
| SHA512 | 1d08f38d990621eeac7826b93fc7e4f41e92a78b027ef4fc6a8227f844e50e936ee6483466cfe447b9e539a321d92f02815e0060791249cb43943d23fbb018a8 |
C:\Users\Admin\AppData\Local\Temp\uUYe.exe
| MD5 | a81d7ab3440acbd2d4afe5b92b62958c |
| SHA1 | cbd06be17b9653279fdc0a60645cec4fc2de51ee |
| SHA256 | c2bb9be7880390baeb7c2615d6603f0379896d419d3cd9995694ea89fc8d7339 |
| SHA512 | e6e23a2042fb706954824fe302b6f1464020854a99ff163d709e01176355b10dd67b923ba8fc644df3affe8ec16b23ec61b68cf4b774f86d6913b07eedab7b02 |
C:\Users\Admin\AppData\Local\Temp\oAYc.exe
| MD5 | 6307f21c5ff90063a8c0d5da64126c26 |
| SHA1 | b4345cf2ccccff2ba6046529715b8c61d3bf1c71 |
| SHA256 | b159a0e7a78c05c25cb3818ec223277f3c624b68ca7659a6fbfae19301ac8078 |
| SHA512 | a099ff34b639e6f2a9800aeeb5f76fb2f33d4d414e17a89b65b11dd3acc91705e8785e3e1fddfa86b6d39745883155e47aeff0c8651e6661ea91da835ef7fb64 |
memory/4100-1262-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\eIwW.exe
| MD5 | 07758f9f343b14df0c5b026ab0e5de7f |
| SHA1 | 3bb65108318ad9d54dd4c07f63ee46754f7606b6 |
| SHA256 | 02bcb931198c37663ef96872a6a4d7af96e18626eee0016fd0063a0b2b654c16 |
| SHA512 | 829f41337f5161d7c4f3e2bec4ebb6128ddaf633345fd04157e5ea0722ca9aa1da828acd5a1213cc593ddb7533703b11b98a48d1afd5c1e137a5362593c4adbc |
C:\Users\Admin\AppData\Local\Temp\akgU.exe
| MD5 | 30ea6c24b41b7c23cfdd90e45a54a35c |
| SHA1 | 06895ebee5c1e816bdca3556252eb0be3da5c142 |
| SHA256 | 72c4c74d3b73d7d3028a4eadc635b097d131ef03d2a9c770cd8874e0c42e5415 |
| SHA512 | 0f0646de93868af7436ed4c4a63b6d09b37a4dac67b29182ec232a0d582752bce6dae2403a4435713ab4f155aca965878961e42cb5f9018757d657523952f71d |
memory/1676-1277-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\wMsy.exe
| MD5 | 2270cbdddd54339456509c886c455cfa |
| SHA1 | cab3b7f811eff6ea3fb04d2caf078a302e3a6e24 |
| SHA256 | 518c5cf91f83216e07bab5333bfbf7d3e71b5cc3aa1efab2990cfc8edb2e21a8 |
| SHA512 | cbf919c59617690e1b6f1d049af85f21c5d841a1667c280bfb51fbf52d2fbd7dbbb6498ca20d8f20971112c3ad26801db311d83f7da31c239f61848d4a08a6a0 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-100.png.exe
| MD5 | 926270055a26dca9cb29046526caa47e |
| SHA1 | 578a63c8996ad3480ab67e11c92ce5bdc265c2e1 |
| SHA256 | b1e322c224200a0e8066bd8de851e9117016c5173bd6b167013f270f5908db6a |
| SHA512 | ab69198590cba553515258dc5a8613246ffdab092d06a352253d6735b315951be0fe0da958ffe446d184f7968a3f2a348d135ebedafc4042316a3c701978de59 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-125.png.exe
| MD5 | a9de2a48a45eb2d245063b53050fe1e0 |
| SHA1 | 086684c51120545808e42df8d08ac52d33cd36d5 |
| SHA256 | 11bd91c3a270d7c9cfa9ce6ecd9ae4e21cf5e4722bbbc91c8baf1eb4e09894f8 |
| SHA512 | f3909086f8c9405f960a599cb495047e4f482e5bf8e63cb51938b1b9ed8ad71e13b40a7ffc2f57e7deca4d9589d0bb62e8aa70bbec6cc0efefa4afca3163c9f7 |
C:\Users\Admin\AppData\Local\Temp\IEgi.exe
| MD5 | 10f1b8326b0d3da47b30020b4eb23eab |
| SHA1 | 88f9ecea3a5d62915414f1d245fded55d7d31fd6 |
| SHA256 | 597f2889a6e6c6fba0cb802c2640348558f5e69ce845d5716886d702ed7501c0 |
| SHA512 | b2e9cced530176465641f61299f24880b6cb2f2f333fa0473362b00edb7c442ae60df68146dc237e83ccbf42b925c6f6a324cb994a1b16a9c79b768c654f0770 |
C:\Users\Admin\AppData\Local\Temp\UMIG.exe
| MD5 | 926146b094388922c4be6957c9256165 |
| SHA1 | d132ccf06a2db97deba13d2c97860ee1914b9097 |
| SHA256 | 9e338215bb5709f0384bf78e57ed1eeab982bfa15e8dc8f3e1f3df6b9759e170 |
| SHA512 | 65903df8cb0d9d2432924a7efb195a004cd75e195de03acb5847e96b47eb276f0188875e1f4125b8c6b4e63c99d8a35b60ddaf3c39ec1d6aa5409eb39847c396 |
memory/1676-1355-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KoQq.exe
| MD5 | 4b9b151e37eb87773fb7d9f51cbc7733 |
| SHA1 | d5ea39227a52ec3c3155ed877997eafc0754db16 |
| SHA256 | fd70e371f5cb8d209d6738fafcfdff5b35a6bd008899bdee92f691b039bdb8dc |
| SHA512 | 3e11b88dbac40eac9a285936b4a23efcc292448ab8025f873f202e6392198f6ef6210bf9cd5ba471775f1874d4ff3956cc9dc5cc62b3ea0b3daf0a1e4b319fe1 |
C:\Users\Admin\AppData\Local\Temp\kYga.exe
| MD5 | 746d22e8bf3e5bf464acdcb25bc6a78d |
| SHA1 | b8e8b7d2e31dcb18b950323f60a53e437f597ab1 |
| SHA256 | 79e3da11a266a088770cb3de0dfd6011e946f9e8e47a38295e9ae92dc8b319b6 |
| SHA512 | bb0d9d8429076ea75b7739f590ae54f9e32f1f20a48fe3dedcfbf0b371c24b1fca5a1131a79848ed4f38ce2e7ac483bd9a2f0a92b7c5bcbe0ecab84b3981d13d |
C:\Users\Admin\AppData\Local\Temp\OYsS.exe
| MD5 | 1a9f9a6dc9bd3e2b87fcb172dbc5f6bf |
| SHA1 | 41e1d3c7482efabb26833062ab14dca645e4007b |
| SHA256 | 6a0cc30c778ce14d54a3e1ba9b4c7f8889323072354cb406d704c905e218783d |
| SHA512 | ab55e2f06ecf3d2b52787b58af5fb8f3a356293581b024dab7986437f870d3f609b2259605c02fbcdc504114609f4bde4e971d064439ae9da98710bb334b3301 |
C:\Users\Admin\AppData\Local\Temp\kwwS.exe
| MD5 | 7bafd821e93144312b177e438d268c8e |
| SHA1 | 8d8267c3873f10a2d05f49964dcca46470b701e6 |
| SHA256 | a08ce043483f2d2f29d40ce7f36e6a8b4c5c041c9c975716337f4f530e049a2a |
| SHA512 | 60124955a7eaf0d5e493f773706f2725365731750380d174a5722a13a168b66494cc2dd49d54f806227adaae0d211e661a1ac61e58f53f3d36752bdf0200a3a3 |
memory/1036-1419-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\sUsm.exe
| MD5 | a1c8ae13fadf270fdd25b6966b363dc0 |
| SHA1 | cbac7880f0551bc513b87526e45c8c7de1cab0c4 |
| SHA256 | 9a12863e2919ef26680e44f41aac27cb7b68df79d43014ca008ffcd4b09d792b |
| SHA512 | 1c917e2ddcd3ad14ff9856ea400cdcd97181bf82c8df6eb559a989201e5f00974670231df743f89077d7dc55683edfea9ee2c36a9f6ca43670c03b603ae9e275 |
C:\Users\Admin\AppData\Local\Temp\YoIq.exe
| MD5 | 8961854888304e1502233a5ad4404781 |
| SHA1 | 0252e5a7f70f0f22eeac3363df7abd9b85808cc2 |
| SHA256 | 03b1b4dfce25d27491b72223c08b589d513c3ba89e7976d8b892d0a3557e19c5 |
| SHA512 | 65b688685c40c22f33e4f9a5a5ef7979823b957d5cc09cae607470ca1b28f85c0e827a695b25dce2d28e8e0c6c2605815ccd5f22e90f0cd4bc2ab701f2f91021 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-100.png.exe
| MD5 | e309b4b26fe2ae0556d4d922c493caa2 |
| SHA1 | 5d5bd1dda91d1822571b357cbc899136efe99804 |
| SHA256 | 3b15b8106cde715e9e615cdb8703c5cb790b8586d8b5ecd35bb8417c6cb9e031 |
| SHA512 | b5beb9c5aef956aa15a0b9e66b0505fe61b43a70b6523c8be51e949205ae2db7fb64166ca05e9a189922d4395c0089ed619258f4114daecaef9d0f7413921d72 |
C:\Users\Admin\AppData\Local\Temp\YYEs.exe
| MD5 | 5a2cb0b7a2bc3e2bd286d3d70f80cb15 |
| SHA1 | 259627e7308c8a1d695260d69bd1d085290efd4d |
| SHA256 | c663901324b50bb0bcddb6df17d64b97ffa6648776799302cb0cd9e57c8e4b42 |
| SHA512 | 7f863334be1d8b87145ce34806e2ff438aa0dedb004a6fed2b2e402d3aeda31b4a353e28955dc5131866d182509e75598f01939bef938fe04dc0ac3ae0a0a99f |
memory/1200-1483-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\skUW.exe
| MD5 | 9756e82b8af675a4761052024e9aab4f |
| SHA1 | d6f1cba563edf03097a3a39c387847bc986412cb |
| SHA256 | 8b93ba88502e6ef0160acd35d6c34ff7e6cd4d1d86e2c78e55308fd6e005bce9 |
| SHA512 | be9088a9a98219faa093522bb05c28eb12aa7462b797f3ac7114b63cd3fae62eb155a387eb7dbbe6eae624a5768fb350926301656ae326bf7a836083092cc616 |
C:\Users\Admin\AppData\Local\Temp\MoQq.exe
| MD5 | 74508dabf8c433ded446b455f871f184 |
| SHA1 | 2c10ff66b7cedeb904471bdda4eeaae28c44c1a7 |
| SHA256 | 29973002c07bd76ea937fc80b78d5de7ca65ab8bb1a28c33d4f7e12abcfaff3e |
| SHA512 | 8073520a4b5d7c332e6ea5286d7aca04606fd6389f8e7746b0724479d4adfec2ee7514539afaf5ffd3abd485b7c72755715f450dd67c811ddf8eb30a82a66d1f |
C:\Users\Admin\AppData\Local\Temp\EcQi.exe
| MD5 | 8de3919b54f332810f4e9aee844272a4 |
| SHA1 | 7fe474dae0ac973255d10a8858fb699b6fc5a241 |
| SHA256 | 362c1bf96fd6710d02b6a5c3559dd6b1d7ddfea7b330fa9d59168cc53bf11860 |
| SHA512 | bd5a722ed0949be805a885735cf7cd15b5ba379cbb12eeb28e5b24efd82f65f8f52dffe410f84785459a2a1228ceeef4ee29c72d22df3e08b660662077e77e6a |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-100.png.exe
| MD5 | 82408e12bb9750396c1f12790572c15c |
| SHA1 | 814ace1c46be501b10dd0d737547824588b8b3d8 |
| SHA256 | b7354db501e0ea4491f7e3082ce3e20c479353042d598cf7d9b7dc3330807e84 |
| SHA512 | 36b1e74ca14cd49afe8864c9da0edc76adfffed0b5c0a30d4cea3d34607665d636ad6cde64c2d1e7986a8ca5ea6247a9819e3dac20384fd203e18b46316670f1 |
C:\Users\Admin\AppData\Local\Temp\EAAU.exe
| MD5 | a7b30f6e904f236a9285f412b0055f35 |
| SHA1 | 9793e2f8dc37d8b4279c4255a0da0c1184e1e906 |
| SHA256 | 0d8428b7d4e1e49ee5d82cd598ce3d7609dbc1ad8fdb744f1440fed06e40b6c7 |
| SHA512 | 2246dcfe3a86f74517616ebfa2bd1f9aed504f0f3d2d21b64787fb47bcd45a512b1cfd5242c9bd4fcaf269648058417614a039c81272062750edeea052a082e6 |
memory/3548-1561-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CEIU.exe
| MD5 | 5b399beeb651dd8396e38c2b5ca920ac |
| SHA1 | ac9771eace148edf99cca689e8afbacfff521615 |
| SHA256 | 0705a5cf82b607c67122af7e4a0f66214664903f3e862e3a8b83bb2deacaf10d |
| SHA512 | a51be0c6b13b80f0eab1fa51106991a65e8f58cec4f9a91d840ee808cb8d4091f4faec3303c70871f115dbb325ea79647f10c35b616171e7634ac3f386fde068 |
C:\Users\Admin\AppData\Local\Temp\CoUG.exe
| MD5 | 347eb21781dea5c3b094be4db52c4395 |
| SHA1 | f8c425a68f6f59d638ac93a047f10d0a3acdf7f7 |
| SHA256 | db3b07b642cefc7ef939ff5be2940202830f354390aede5c040495949cc9f6f4 |
| SHA512 | 190c985cb53906362743dd0447de48926073705610cca6c747d0ada6cf67bab97fe25a51082f8bea2c3bd1192324e774fc2bf17302d7467e5685b130fda97f50 |
C:\Users\Admin\AppData\Local\Temp\cIQS.exe
| MD5 | fec45f3a7d9a82dd48c37ffd6a340d70 |
| SHA1 | 0ce735b1124bac75d5d8d2691d60972291f37886 |
| SHA256 | d2e79487834579fe1f9596b794f976a7cd13fe0545de3b132af042fe7f83a17a |
| SHA512 | ff0364add86a016990d2a895537b8f79253b1224c1d5b7969f071aa19090c83b4f113365c4091cbe37e83879bf14d0870d79939035f8b0f30ee8080975d72cba |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-100.png.exe
| MD5 | 9450198771fc2bfa3dc9c297a30d7001 |
| SHA1 | 35f26cdb2696998ff9b68990da9744e90193bae8 |
| SHA256 | a6f254f507ebdae128ec4bdc8ef5f70e7e4dc4421eec28ef483256a2df7727e3 |
| SHA512 | b2c49fcea2545dfeb141a32de1030d71f82707ab89801a933aeb3fc82b7a2b7e7130121bbfb9607ad09043d0f966f11135c26d94a8e31027cc653ab5cb782f29 |
C:\Users\Admin\AppData\Local\Temp\swIy.exe
| MD5 | 23cb143276b74478504541e450ff269a |
| SHA1 | c601a5417d68643f9bb30f82cc49cc8de4d7345d |
| SHA256 | 03f4b598083b5d2515ea81ccd02390a1c4af95e87a541802c05f0d617a3ab42d |
| SHA512 | 8a9107f2dbec037212ceaa447694504d1b55b6ae19082e217069f68b18a30e37537bf9855aed7312071111b36b86939c83af5f0ac7b968e36ee61ebd5c8bb4e9 |
memory/4544-1639-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\UwUg.exe
| MD5 | 01b22bafdbe213565c8f958d57c360c3 |
| SHA1 | 5d49bacba13c6cc062644be5bd1de6c3387c0290 |
| SHA256 | b346e93abe073170477646419ac5c4e0e899cac154070d246d1afe1f93d558eb |
| SHA512 | fd5e832bf47e8d2132dde367b5fbe32e62c0877f17679e44b31b9e61359cf70b4ce487f6049b56e3baab9fe04d2982473748777f51964bcb9f5ea34f41e3878a |
memory/1260-1658-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1236-1662-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\oAYw.exe
| MD5 | a2dcada130eb235fafd9548f113a928b |
| SHA1 | 692fd1b1c1999bbc8be8a30d2a4815a0234984f7 |
| SHA256 | 50c3bb0625fbc19d2b0a340693669dae56a14aba107e7c8b5ec6ccc162ec0c8b |
| SHA512 | 9bf077b81302caab253c191a5cc2c5d373a1680446ef1916990a974ad2b25ef6cfb797fdc02287b533e27a627d4361a5ecbc35475d971ff888e60bc45d17d282 |
C:\Users\Admin\AppData\Local\Temp\AQoc.exe
| MD5 | 45e9572cd430d4b7b22b4a1ef320ccda |
| SHA1 | cfd94c6d772e1405133bf06fa6f617e6ed484091 |
| SHA256 | 1b46e8456b746219873d1083e49281ce1a18807223872140c1d37259a2cd7d4e |
| SHA512 | ea583472d98942cb83669221bf1021d0948c0cbfe35ee29390c304b72cae7cbd25276fe3f2bd64804d884945b5413d7ac713d4d9910196f34af8e1589efcbe49 |
C:\Users\Admin\AppData\Local\Temp\KksC.exe
| MD5 | c0fca3ae7a68433681fc5bb9f1226144 |
| SHA1 | 0ad3e26b6c48e59b2468ba490f63a1332e354198 |
| SHA256 | 8fffd26336fad15b5691de9b109edd0720c0a17f514485de8964f00ef4a23916 |
| SHA512 | 41a2f90e3d6fcd75df637fc062139a9f91cf139a71681730c9552a3349374480599cf3ac24e33417cb213c884c1623a86a9052d185b60cd62775b27e88aded60 |
memory/1260-1712-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WYkq.exe
| MD5 | 215a61f47f99f9853ca4932648c80a25 |
| SHA1 | 07b57ab71d66a0c8a2230144d853932fee5ded24 |
| SHA256 | 6a55486206e4320fc7ea67a4f5c7a8d2a135c6c77592eeef1e4265e16c68305f |
| SHA512 | 48b1fb15f7b2a3102822c50c6f93faca517f214795c5800d62f127893d261efa62e236654c2cf331a187257d559b8be252fe710b498c81b86118d32ddedb8f2d |
C:\Users\Admin\AppData\Local\Temp\coUC.exe
| MD5 | 1f6f436092f883b99b52079ac6a8efe8 |
| SHA1 | 24519136e480d00d4df40e56630dfe980e9cbbd1 |
| SHA256 | fc7b990f50536cdbce054d88d5f7f68b7594a9eec69186192169cf701d94098b |
| SHA512 | fa0fdbc2749fb03b31a7da2097b98f64d72256a1797caefd621b493ab7e5d814aff3c8d62e4cb0a3803899d85542b73b10573290737469d794b8698de449bba7 |
memory/1204-1745-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2488-1749-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\SAgS.exe
| MD5 | cc413824a7e1d009a69752d1e947b104 |
| SHA1 | 44c8328ab5305ad90be8d564a8bc6f05656e4a3b |
| SHA256 | 902c7e928203f44c7da3861ae9b30ef21f0408b0c41ccb461a5a5df77e67ae90 |
| SHA512 | 1a2f39e45662e6740e2a360b15fc28934a29b6b92c8e540e3c9fb5f194dc64848130df0d87063d91a32f63daea86a796b0bf63feb8d0edeade879635f1bb2e80 |
C:\Users\Admin\AppData\Local\Temp\UYYM.exe
| MD5 | 51c53d7f8b0ff444d8a502e0cabc2e39 |
| SHA1 | 283f60994a9f206c732fac248aa0b7ec8c3c07cf |
| SHA256 | 3eddf709437488ebe0ed54350e0df226633478090930c1c3902f2ba51969a2a2 |
| SHA512 | 94de5a35c316fb22928263b6dc3df83dd6ecfe89317dfd9ca8d219e18f25b99f273fc68a84bfab82a096ea0421b67d83dfefea3b555b007392e470cd6013e1e2 |
C:\Users\Admin\AppData\Local\Temp\uUUU.exe
| MD5 | 4f85bc2a048c9e5e94d4ae7bd49233d7 |
| SHA1 | b9fb6e6f1d1f667799483b478e022a0a5a38be9b |
| SHA256 | c640fc34b0a0e23b35fd1a9e4870f84ab50df89866ac1bc9d9e799486612be36 |
| SHA512 | a4deabd2d6e7f0d2b5a0850910031817c4eca3c9e1198471e1b980df705e707e0be390c5b33c375512273b85194a04abdf24847b98b839dc37b833b19dc9a693 |
C:\Users\Admin\AppData\Local\Temp\IMYg.exe
| MD5 | c9aa3b1107c1353d198184591817af54 |
| SHA1 | cbae40ada1ae057fbec2ead9e32a43edc52e091b |
| SHA256 | 5aeb90ef66d4da9019644b5d787913e2f0f3a7a68597c2cd1409e1a27a3bd101 |
| SHA512 | a3997e992c3bd2d759bd1d3a18a5468a0f046736a2dae92e012599e6bb380c6966c0f992edd6106f27c3ce2b248384f956646744d73e1f9b308f14ddd52c902f |
C:\Users\Admin\AppData\Local\Temp\eAcM.exe
| MD5 | 00a722928bc006005484c7cd270258e0 |
| SHA1 | 9c6096245b50dacf2e8ef1eaf4419dcfe5871609 |
| SHA256 | a16d007eabce1b79dd07b810d6a4f2982bf4b32699725365e8dfede1a6432edf |
| SHA512 | a133790dbd87161e31452a212466d8cbbf4c31236718cab3552bc234c0b1be04dc97caf1c1238140193f812b38069675bdb546f437030930687cf46aadb44db5 |
memory/3192-1824-0x0000000000400000-0x000000000041F000-memory.dmp
memory/1204-1828-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CQYc.exe
| MD5 | 9120973a07d994e7a6a257c1f191e03e |
| SHA1 | fa49e5ac8eb9b1b12c7dc20c056124d6c9c34708 |
| SHA256 | 75b18f9b87a30ac28a95614fc1b64d79de8a5ed021c2f4bd3c8c0f618e93fa61 |
| SHA512 | 38bb6d9444ed2ea27c7190d9eb37941aad152da7c908bbfa710f8024d9eec9c234e2f60a07563514c59a03ced476dfc1eb6e1c25106918620092ad558cb76565 |
C:\Users\Admin\AppData\Local\Temp\kYUm.exe
| MD5 | aea0ad6a9e89d21593a591f4c5a089d3 |
| SHA1 | e6bfe299018f88585fd8d2df5a6b5c43f5c4ce46 |
| SHA256 | 3811cb163ca2e04898912bacce700eff4179755a1e1c6d9930651e80e98b2bdb |
| SHA512 | a10e34dfa72ec705a9fbd1bb2cf500f9bf602171e0a1ab80fd6c8326cd463bd6806f1b3e491a1a873d6a7ddb51e2dc65447175c7b5da604018a3cf21bb79950b |
C:\Users\Admin\AppData\Local\Temp\cAge.exe
| MD5 | 4ee76f57b282db35e0989d4f74d6ce39 |
| SHA1 | 84e3343fea3f76152f191109691759e029982955 |
| SHA256 | 6b19203854988f3d7f883fcc297a17db9489a56915464fab5e8a07b98a925738 |
| SHA512 | 2f095d6d673cc4a5feee09281044728827dc8e32803399f1601e8c2a40b3c0e568868b6b76160f716fff874a789b02112f198e50e378c7e4d31e58c11768cc35 |
memory/3192-1879-0x0000000000400000-0x000000000041F000-memory.dmp
memory/2472-1878-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Ygke.exe
| MD5 | bb9a610aa8edbd38e4bafe9c87d65054 |
| SHA1 | 9b98e8b4c47a9eafdd3d46179e3477a58536bb7a |
| SHA256 | 18cec6070e6f05fe932c1e873dac5b4128f0fc766e2c217f217735bb83c5f84e |
| SHA512 | d4545c76f44861611f530cdb23a6fb66f9ad393ca958c4cc5dcf9a73600c769158a219fcd4664a504676f0109fab2c3485fadfbee77e17dfa9213fb3cc5e7a54 |
C:\Users\Admin\AppData\Local\Temp\kwUA.exe
| MD5 | a359479ce87d0879fdaf54c1412baac4 |
| SHA1 | f250473aca7229242d50a68531775a04754e30ac |
| SHA256 | 0bec1521191e3556d2a54ea8014ce960f7d38bb10aa2a7a609f759bdd5bf61f9 |
| SHA512 | 988d68fea81b33680e253ae95502ecbf2642e86f8d700712275d85e6870f18a99c066d1b1a4638c6d176907195f94aac5e52f7152c97a45da520e76417388ad0 |
C:\Users\Admin\AppData\Local\Temp\oQoq.exe
| MD5 | 75f426fb8a22836831de1c253a755fb1 |
| SHA1 | 2f8175d7e291c26687a10a90d55c3e84957fff06 |
| SHA256 | 5160715398484e43d98ffcaa0d27d63c9ab963400188731d2f78476c0d0622db |
| SHA512 | 862ca06c779437ad6dfcc44f796e9b12735c37a177ab7e360ef03e8d09945253ea953f3e7517862b972d0d78b4e79e27f7f4f4c353d0394546fb968d63dd4abc |
C:\Users\Admin\AppData\Local\Temp\AEsk.exe
| MD5 | 65cf647eae1dc0f4ccfe2bf25e2ed228 |
| SHA1 | 838c491954e83dac796e99437c37dffd16adb144 |
| SHA256 | 5434db08b65f3118b77b88d9ff1c1d42ceb9f7afe0fe1ac713ac5594ddf1677b |
| SHA512 | 80c7fe43615f1b5b06ad94a80f42901ed656bbb93a67c0daa78f103ec45f83f8ffd7bbd2f1222ebeaf49224052e22a086a867eb86f04bc22a51a003171cf2d13 |
C:\Users\Admin\AppData\Local\Temp\sQEC.exe
| MD5 | 01c843c276c564adc99cef20bb04d5bc |
| SHA1 | 21e111204439baca296a59aa664c9ff41af76414 |
| SHA256 | 083a67fe91f8bb0ffd25e08d8edcd7dd2eed81291aa0e8f567e8779f8b6e763a |
| SHA512 | e20c27fe096e9566f3599dad6a0780618353bdfb9be7e13a943017dde74fff29f8e0f694cf3cdfcbd4d14e68ef8e9b39b2089954f2d898109e6baa892c9f6611 |
C:\Users\Admin\AppData\Local\Temp\MgEy.ico
| MD5 | d07076334c046eb9c4fdf5ec067b2f99 |
| SHA1 | 5d411403fed6aec47f892c4eaa1bafcde56c4ea9 |
| SHA256 | a3bab202df49acbe84fbe663b6403ed3a44f5fc963fd99081e3f769db6cecc86 |
| SHA512 | 2315de6a3b973fdf0c4b4e88217cc5df6efac0c672525ea96d64abf1e6ea22d7f27a89828863c1546eec999e04c80c4177b440ad0505b218092c40cee0e2f2bd |
C:\Users\Admin\AppData\Local\Temp\EMQY.exe
| MD5 | 0c705f02667440f996c797ebfc22bf1a |
| SHA1 | 2c2ccbba49ac518ad7c7a3f5098ac7fcad52661d |
| SHA256 | 1ea856626affd7048977caab7a42b8126d223e9ef750f0c462262e494cabf3fc |
| SHA512 | 47f60082e061c957c1cd618272e3ca2ce89a14202ca10200af248e905185d541085a8c5f57541880b6204611ca7471f9c288b28164ed43be97fb8c98b40f2390 |
C:\Users\Admin\AppData\Local\Temp\gwkY.exe
| MD5 | 4ba6cd0121b9de58ebbb0af13af89422 |
| SHA1 | 5de1e77590d1221ed97fa8502c24a3064ea1bcc9 |
| SHA256 | 780cf32feeb0dfb326460b1370d888c9d7f3f7100c79683c813e306f494d6f82 |
| SHA512 | 0526ae9735ce6370ca962bc054d9f01615e58d65cf29598b12da806c9be9e529fbca8ce26f6f5bc94e7b1fb6226a17f396f111cdbbb606d8f4a8dcde6001d31f |
C:\Users\Admin\AppData\Local\Temp\Qokg.exe
| MD5 | 8917606481a3939d956a30eac1508210 |
| SHA1 | 96efafaad8fa391544357402fd9c6ab5ade3875a |
| SHA256 | 7a1b1de67feb60ee23a7efe7342c9ad93edc2dfe273447bf39b680e17263c579 |
| SHA512 | be839f596bec1b524126a1fd7588b55b3c5275ee75243ce0355ce5cf9c7096c5992d92ef4c61bad7794665e5deb1ab808643fe81c5ded093b182b257d05a39ba |
C:\Users\Admin\AppData\Local\Temp\gQAO.exe
| MD5 | d48ec714c941b4f58c59fe39ec03f14c |
| SHA1 | 15f3c9ae38fd8903659f56f7a7d38639511874cb |
| SHA256 | 1a89837df4bcf2cdc38b26bd4a5566841f3242a57aeca90b524847087db06bdd |
| SHA512 | 47f1891109a65dcc983c82462a4b387db32d3d1fbb30fc1073d03deae3c930e0545c5379f42334fbee93aa8cbe9d7de1f083ae5cc482e348c625841c87486ef6 |
C:\Users\Admin\AppData\Local\Temp\CoEu.exe
| MD5 | 533f9893cd4ba0810d9bf06e8b9ba4a3 |
| SHA1 | 6063f441e2c99c4023724c6597bae2021451a0c9 |
| SHA256 | a90d307801f64e7dba06628654120f8ee4188a788bfde73b9bef3718768f0651 |
| SHA512 | b4221f5af497c024e5e8cd1ce71d0ea68b117b67558ce957d5010c450f83a2a52ab23d01b695f4feeaffcf97e9d6bc6bbbbaae68454ef2e561df350cfdf08d7a |
C:\Users\Admin\AppData\Local\Temp\IMge.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Temp\eAIy.exe
| MD5 | 0994f00ed64cb325d98b4aeff88c095b |
| SHA1 | be4fa9e3a2e51a68f3eb9e445486ee81f262af9c |
| SHA256 | d0802518f43f7303a52d9699eb36a55ef64efccbd88264e83cf29d4cd32c231c |
| SHA512 | 0a156aeaa62e96d4b63a955dfa9bab94170f67dae1553778a45acf3b45035f38ed57186f8202ddb21e6491d4bd472c2b6ec07d75c77c4d228a34e758c4f78939 |
C:\Users\Admin\AppData\Local\Temp\UYgI.ico
| MD5 | 7ebb1c3b3f5ee39434e36aeb4c07ee8b |
| SHA1 | 7b4e7562e3a12b37862e0d5ecf94581ec130658f |
| SHA256 | be3e79875f3e84bab8ed51f6028b198f5e8472c60dcedf757af2e1bdf2aa5742 |
| SHA512 | 2f69ae3d746a4ae770c5dd1722fba7c3f88a799cc005dd86990fd1b2238896ac2f5c06e02bd23304c31e54309183c2a7cb5cbab4b51890ab1cefee5d13556af6 |
C:\Users\Admin\AppData\Local\Temp\OAMm.exe
| MD5 | 45e807fbd5302614ec5b4fd9e9a40d35 |
| SHA1 | e9158af268ce0b3230a399897fe915cffec8a1ee |
| SHA256 | 5d0244398170a363e042a10009c13efe346ce5de4cf2f6794b6c9ea6a1f6f2f5 |
| SHA512 | 21ed76519722bc653bd14d3a6b4f0266e38c2342802a51ab49de9443066fc097d10ec22522b6fefdc27d6e9a79d09fdcf19d679b88dcc9caf39bbd9e6c2888eb |
C:\Users\Admin\AppData\Local\Temp\kMYE.exe
| MD5 | 4c56ad529ce516407b79a89ba357f337 |
| SHA1 | 5143c3f71c883ea3249c9ba0b434a8bad71cc117 |
| SHA256 | f7ab515254b2b87fc24738951462ad27761a87c661e68a75e20c154e864d6c99 |
| SHA512 | 23bb7fa48a5783d7d498b7e22f89f0bab85263f5afa8e47c5ed50887f7cf40ca1ad1589e1d60eb6b4b0ce6915c2e78ddb9adbb770cc45d951ce2c2d085ba5d64 |
C:\Users\Admin\AppData\Local\Temp\ggYE.exe
| MD5 | be914f0a87f439a502025cc60133fa33 |
| SHA1 | adb81f3ba626e6dbec80ebb3ec4c90985353c74a |
| SHA256 | 3283a81652c21eea51f51d640f31ca5cecb3a546f9ee3cb3344016f9c88f50a8 |
| SHA512 | a410cca3491f41304a2937c2df3a639b4890dfc66d0d996d0bddef17bbd2b01c5e5903a3093654395065b95e8fcc236f88729632d49972f03f4cc76121fa3ea7 |
C:\Users\Admin\AppData\Local\Temp\qoEu.exe
| MD5 | 87a8d5cfae0e86945a15c52c50622dba |
| SHA1 | 546bc9b20e9392debcb995003d3a6444b8a36418 |
| SHA256 | dfdb79646ef76419ec2431b8aac4fabbd977198ba790e00d9a8d079187d721e4 |
| SHA512 | 1e27a89646e0787dccf0fd0124a09ddc9bcd40f8d48c1d93c5942ec23c996d55bd76268d3675d1a47d389348d613ab21f4c8659355d302546be657b443423c57 |
C:\Users\Admin\AppData\Local\Temp\OMco.exe
| MD5 | d99a0acf3e9983193d8880ed176526ba |
| SHA1 | 7cdf081603eb44478e3ae0f6d753ae8eb3ec040f |
| SHA256 | 860adedfffbdae91f683d8dbdbeb6299fc8a3b5432c154692caad03e17677e99 |
| SHA512 | b7cf136d079e269c7835805afb21254cbcf638786142dca6f8442d44cd7f8e13b50bd989f0c6808e0326ef8c2368b1785003e9470f331ec505dcf54b227cf4e9 |
C:\Users\Admin\AppData\Local\Temp\yAgc.exe
| MD5 | 85a47e9c4e3c0c7396bf388443b29752 |
| SHA1 | e050e842328bb4370c41f3339f3eb7d7fb4c478b |
| SHA256 | 5076e34f29a63824e265006fe932514a5669790b79f89160b67f7bc377c1bd75 |
| SHA512 | 62d3d72827bdaad5d1ba35f6d707250e1cd5a40b969183fbb2b6cf554b48d89ca75899d40ed5a4c90d8ca61cfedc77b974b9bd659e008ce21988a01efb57af41 |
C:\Users\Admin\AppData\Local\Temp\MUoM.exe
| MD5 | 8a9a24d8bf7cb0fda8f8e0c61fc7812b |
| SHA1 | 23b69b4068f93f99b3dd84b519a6b518d3726481 |
| SHA256 | da598b11c2076db9ef1b470c5672b95c8b33ee9d9809f34c5c3fccf710a25637 |
| SHA512 | f7c839cd691db80ccc52105336aa5c1155565dfbdcff2d861776ec086c4c93f1939e3591b97b4850a511010be75d3f8becc0ad1f3d307d719402f876acc97703 |
C:\Users\Admin\AppData\Local\Temp\Ugcq.ico
| MD5 | ace522945d3d0ff3b6d96abef56e1427 |
| SHA1 | d71140c9657fd1b0d6e4ab8484b6cfe544616201 |
| SHA256 | daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd |
| SHA512 | 8e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e |
C:\Users\Admin\AppData\Local\Temp\aoUS.exe
| MD5 | db87c0187b63c18aa842835608d946a5 |
| SHA1 | 51f8e2bc4f9011a6960c0f948b3318bfba7c6a64 |
| SHA256 | e229347aea185b11d3b3005ed71c5670c9f86cb0aa6222ac41fa4f7d146ef6f0 |
| SHA512 | a73c597658bc8ebdae6ae4100549d51dd37fdcbdffb48815e281c03a6ce1b0ca71aefca9d5ed41488b48c7c0137e506542a8b6c958794629ded53a890ffb0240 |
C:\Users\Admin\AppData\Local\Temp\AsMO.exe
| MD5 | f9c9899411bcccdd2dc3573e2a711091 |
| SHA1 | e675444adb4f03b734db93bb8282db9987c76057 |
| SHA256 | eaafd1a61b2b328a7f64e6ff60a1757eb1639a0f4305dbf09461c904400e7b20 |
| SHA512 | 9c9aa3aa7c16b2b9c965657f07fba413bc73e6d25273cbce5f00c126513b8a5e4498fa61d3c05659dad117252a8a08f923a4464fa9740c8f788856cd2d8e7eb9 |
C:\Users\Admin\AppData\Local\Temp\Yssi.exe
| MD5 | 9ac192b6c6c78b78dae5dca8b7e170b2 |
| SHA1 | bd15ff7dad9bc202255b4508e75cee531f218927 |
| SHA256 | a60db3a8c9df1b482c65047d1c5be83f97922a584e317885ca46fce9fd188d04 |
| SHA512 | 455651d0cc7e731ccd0ced3ac704a919df1af08fe372d682bb007a853c4b4b871a6a2a97e4a3c068267b0b5a8c06492bfb1188d315b9276ed0aa5295257ee853 |
C:\Users\Admin\AppData\Local\Temp\ooIA.exe
| MD5 | b575cac189ffd723e88679f263aafb37 |
| SHA1 | e6e837ea986a2777f36a7fc93ee5f7e7061e65ba |
| SHA256 | cceca792db9538287704fa1206e6c08ff602694f53db3eb8a8015b2bcd3ff500 |
| SHA512 | 99337d7f9fb3f60af39a288123f27f0e16f24bd6061340bd1667e19f91e55715abc8e635d9b73421d061717d2efc0a93b5b1e77510f78fe95c3e8ff8bec9f26b |
C:\Users\Admin\AppData\Local\Temp\yAQa.exe
| MD5 | 9a9b31a7b9057cdeb50c2eb2f808f210 |
| SHA1 | 897572343d3e83b04b6d60fe11dc832c8704b20b |
| SHA256 | 20b577fdd13ee41ac7d737e1875e684e31d276971c967a993437c25ead1be220 |
| SHA512 | 120ea09f7867b8418601b7edb8db3261a809ec994168dab0471187a2cdc079b2bf1f1eb3cd60cd3322bdc786217550ef9136d05056d0f78678a952c81a0f6e59 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exe
| MD5 | ac6d4cb9edf6dc24fd5d3164147d4329 |
| SHA1 | 3d39733b965aee7f3d500a974f6e5e0078b73d34 |
| SHA256 | b159d03c95ec5936d473dcd5ac75fa2bed7097b5d82d2277aabb50ea7a2a662b |
| SHA512 | 4881faa802c6b82e187d058dda5d7dd6e36f587a6d00e635ba6884aee321fdcd727d4d8e841659c008fa9ff671d1258687bfdddb84f3bfabf34a81107b215cab |
C:\Users\Admin\AppData\Local\Temp\SIgI.exe
| MD5 | d46b1340b3b67e2280e2fcb70ff26656 |
| SHA1 | b876b2473840b3d56e23fc181d8a8dbe4a4713dc |
| SHA256 | 668023ccd215e7bf1bb9ecc67452ddea570e3e529b6dcbd193d990edb87a36fc |
| SHA512 | 7ba01934eac968319ed4b335b4688bbaa4881e20fde00b4554b529ce2166fb71c3fe7fb4dec21c56bbf0b76a8fdb6c85b747e0fe3a170a8c6924d7e3c9870095 |