Analysis Overview
SHA256
7e27f4605a99496865b95850d8ff85e34c06ee25bae1f415ff2fa9b713913700
Threat Level: Known bad
The file 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Modifies visibility of file extensions in Explorer
Renames multiple (76) files with added filename extension
Renames multiple (53) files with added filename extension
Executes dropped EXE
Loads dropped DLL
Checks computer location settings
Reads user/profile data of web browsers
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Modifies registry key
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-10-18 02:52
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-18 02:52
Reported
2024-10-18 02:54
Platform
win7-20240903-en
Max time kernel
150s
Max time network
118s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (53) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Control Panel\International\Geo\Nation | C:\ProgramData\mckkkkUY\LCAgkcEA.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\TsQQcsMQ\NmMoYAcw.exe | N/A |
| N/A | N/A | C:\ProgramData\mckkkkUY\LCAgkcEA.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Run\NmMoYAcw.exe = "C:\\Users\\Admin\\TsQQcsMQ\\NmMoYAcw.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\LCAgkcEA.exe = "C:\\ProgramData\\mckkkkUY\\LCAgkcEA.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\LCAgkcEA.exe = "C:\\ProgramData\\mckkkkUY\\LCAgkcEA.exe" | C:\ProgramData\mckkkkUY\LCAgkcEA.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Run\NmMoYAcw.exe = "C:\\Users\\Admin\\TsQQcsMQ\\NmMoYAcw.exe" | C:\Users\Admin\TsQQcsMQ\NmMoYAcw.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico | C:\ProgramData\mckkkkUY\LCAgkcEA.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\TsQQcsMQ\NmMoYAcw.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\mckkkkUY\LCAgkcEA.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe"
C:\Users\Admin\TsQQcsMQ\NmMoYAcw.exe
"C:\Users\Admin\TsQQcsMQ\NmMoYAcw.exe"
C:\ProgramData\mckkkkUY\LCAgkcEA.exe
"C:\ProgramData\mckkkkUY\LCAgkcEA.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PgcoEQQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rskQscYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JKQococg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zGskIUog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uGkAkIYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UYEgskoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AmccoUYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mmccEcAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fIUIkYQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pWwsoIoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\foAcwYMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JqkMYQow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uYcgsEsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YysMEYkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UiYgkwwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cmYoAAkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RYwwIwsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hscEYAsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rcgAMowg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BsgQYUUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UOcoggME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IGEwIgIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KycgAkgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MqgAEIYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tcMQEQUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xGEQUsIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rWokAYEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ogAIcwss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uQckYUIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QcoowowM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wksYAMMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oWcskkcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lEkUgcoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jIMkoYsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HoUUEoIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GgAgQwEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wwUUAokY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gCooYYww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EsokEIog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nyogwYAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XIYMUUks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zmoAcEUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rIoYswMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iuEwwcIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gIEUgoAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uOYEEoIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GeAwQEAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XIkQscUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xyMUkQIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\baAYssos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LKwQIQMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GEsYcoAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iGkUoQoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sycoocAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WyoQQUUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VSYwMgAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zcIIoUYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LwMscwUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TCccUooY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OMUMwwcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yEgYYscU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wyMYogMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DYMwYoIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zkIgkoEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LUsAAQck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NGkksYgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KioAoUEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KEIMMYwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ugwMggoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WeIEcoMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\icsAMIoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PAwQMUMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tQAAgcso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FgYkgIcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RksUIQck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AmwUgEco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "15504187721900245588-1597081645536093869-81247650-13729268391876237100649750684"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EeEMgMwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AosoEIsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IYYooMkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HiAgkMYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nwEcksIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HGMQcEsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ToUswEEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1910186571249803059-162986994149489026162546247218629771879816202951872103250"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1294334214-1490504382-45725641213675595411131681273-1648397226-16115861-1980806200"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sWQEYEcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gUAQYYcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-12109897165907134381937299962124700068-1418981934-14143780041483261831964588403"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uacMcwks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QScUAIwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OWcEsQss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1298993801802204783-15551607221121415145-702614509-443568958-1946686744-2096015866"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-4978012295815212041351375071-1743854576169560838519570208783430387301069146399"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NewcwoEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AAMAkIwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WUYAsMYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CcwMUoYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QsMkoEQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dkUYcswM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FIEIYAkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dWgQcwsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lagoUAIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JkYEEgwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yegEkMwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SwocgIwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QYwAscAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QAYooYkw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zKQocsws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HKQQUMAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vOswoQok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HEAcEIUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QUoMUgMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KcgEIkkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oIQcUgsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OkwEMEQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VsgoMcwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PUIkcAow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NmsosUQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dacIcEYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mIokEkYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sUkwkgcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wycAcswk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sOMwsQUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MwssIsYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:80 | google.com | tcp |
| GB | 142.250.178.14:80 | google.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/2652-0-0x0000000000400000-0x000000000043F000-memory.dmp
\Users\Admin\TsQQcsMQ\NmMoYAcw.exe
| MD5 | 881c8b4851e2f67e721512ca116029d7 |
| SHA1 | 5121d58b2fdfe2547598f95a481456241c7def07 |
| SHA256 | d72bbba373a2bc97562e521e01662e3e6ef9cd00617499d5c747ac5ad20c84d7 |
| SHA512 | f63266c010338d910cb3ee39ac8c6e88763c49836328244f053d69d17399269c33bf5654086c6af3d04cdba08069d2a07507ef811f83a2c7e1b3e25aac62ca5e |
memory/2692-14-0x0000000000400000-0x000000000042F000-memory.dmp
memory/2652-12-0x0000000003DA0000-0x0000000003DCF000-memory.dmp
memory/2652-11-0x0000000003DA0000-0x0000000003DCF000-memory.dmp
C:\ProgramData\mckkkkUY\LCAgkcEA.exe
| MD5 | 80692a98127351feddd784cf3793125f |
| SHA1 | 53df56fe06284a393e74012216ae5ee1aa8c1db5 |
| SHA256 | 8a92f79420c3c53be9d08ac1649068c5a9c8f137bd421339f616e09e37e460a4 |
| SHA512 | 2f4f78b6fccd151e9eea9b1b8ef2faa3fc8e84a4eb3fb346f8d1f9aa5eec5d350790311bfd077dcbe0de949a9d6c182f718f56105b508abe18004d157602ac0e |
C:\Users\Admin\AppData\Local\Temp\gAwMwMAk.bat
| MD5 | a77bc110cb954c360b24fb26141a4552 |
| SHA1 | 60eab3ace955477dad3c8dfee8d3ee12aec411bd |
| SHA256 | 61c439649321eba94f6cc2401d659fecae161281e0cc00d2ec2949acc152a078 |
| SHA512 | 8f873245c7a86ffe2996b1541181f896d54239d42192a50cfb4f4bbe2166d040ce0d6628a372b218824452511457411f92cfd03a5da64ac6bf95f793ccdcebba |
memory/2652-30-0x0000000003DA0000-0x0000000003DCE000-memory.dmp
memory/2716-32-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2652-40-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PgcoEQQQ.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
memory/2236-45-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2828-44-0x0000000000330000-0x000000000036F000-memory.dmp
memory/2828-43-0x0000000000330000-0x000000000036F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
| MD5 | 3d404187efd7b9fb9810d112bd8cc368 |
| SHA1 | 4c18184896e46369b2af6de3d84c25f44d3f051e |
| SHA256 | 410fd53c9634965c2b56efbf7a774d79014c98a2cd1d767adc51636e97428c5d |
| SHA512 | 5c1ab1a5309e0d2ea3f08e0e01d1291cf964de682c06812061d46d7bf8db454d36532c58fa511873564db9cfa9d215a63e752d57acb5038581b3b9a55dd27390 |
C:\Users\Admin\AppData\Local\Temp\hWskwsYg.bat
| MD5 | d8f8d98964184c20d5a5d4747e28f054 |
| SHA1 | 277af4492a204e09a2303eeec181dfcd4eab8b42 |
| SHA256 | 7160fd0586e8885583d079afb82cf5830780fbb35732f4b7264e90c905bba2cd |
| SHA512 | 330fa9196fe4132d860e9e4caecc83f88a84124d5ec290bb83d6123f457f370d785f85d66a6a12a979bd9db9fc93cb6f02df107358f9865acd92988c097e9b0e |
memory/2888-59-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2808-60-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2888-58-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2236-69-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FksUUksU.bat
| MD5 | d5c5c1ddbb043713c564f3e6e87dd8e4 |
| SHA1 | 7f805512db0d078d6ca3d92c3378fe91bcfb9d36 |
| SHA256 | 3e95548b159b50feea8bcf916eab4ce58bd3a5ddc024a4b6eeb36f696858e561 |
| SHA512 | 0a30779e060d8588eb4297c1b1042bdf452f141fe57d4f004160238dac32490213ee62a494c91380c90b49da417fcc5eb55d741a53cc8301e31a3f21ee905f14 |
memory/1624-82-0x0000000000440000-0x000000000047F000-memory.dmp
memory/1624-83-0x0000000000440000-0x000000000047F000-memory.dmp
memory/2808-92-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nMwsMoAU.bat
| MD5 | ccbff7eb94f32e59a14f3511656a8c0c |
| SHA1 | cff3b05c12dc4327514d76a76576052c185baf56 |
| SHA256 | c063a8701f147f9bc0d054321ed894dfef3bf902864288c707efce992affa115 |
| SHA512 | 1a672bf0ddee46b49430827839390aa5fa1d585ca80ba8d5488fc3cb5eaea4c9a40d188a8978cc5d32490f9356f32065a3e8fa03cbe9e9a03801865ab0e77863 |
memory/1952-113-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fiscgsow.bat
| MD5 | 32793da520231e321b2b15af5535cbe2 |
| SHA1 | ab0f4ec8790c108caf2182292f6cdd8d7e1dac82 |
| SHA256 | 27958cb2a13c972ac93cc0102317d0a2d3be7b31b4633f5d7aa0695ffb1ab351 |
| SHA512 | 1d90db165c9fce1489615292226d27c1a2541b2530ac397941d4fb837c9408d4e8470339a10cb7324006e8b87f3d1bdb873df3f6d4de3dc7ca5b1a102132141c |
memory/2480-126-0x0000000000120000-0x000000000015F000-memory.dmp
memory/2476-127-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1860-136-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ooAUAcEs.bat
| MD5 | 63a18114ec77c84406a9078ee8dcb854 |
| SHA1 | 6eec5f353fbdf13d636fee7e6089481c2978125e |
| SHA256 | 8b734ec9b2e1d206d1f2dad8a855ac44cbcfff5d21db9818c1e4d1d977b9e649 |
| SHA512 | 4ad54826ac2259f7d969c06b37b5d94c848c1ca2cd515479a549e533d1a53be39612e9b0703d691a2b913b32d33e2746546f63359b40174acf884828f9742fbf |
memory/2476-159-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QWUcoIoA.bat
| MD5 | 9ab8497455888d250c121db798d49863 |
| SHA1 | f139083b1443d1487f0c7ad59a270bbd6a41558f |
| SHA256 | 4bab9c0c9560eb5dbefa4667a736110b801e3c82f4d7b4c8e85f5e8b32b520d2 |
| SHA512 | f799099f17cad055ac0ade6769ebbe5dee750a36d7b7068352b9c3bf31282d8b6bf388961a35c63b49bdbccea0e720d96c987889c7113c8d6f840439b613a15d |
memory/1680-180-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EAEUIUoA.bat
| MD5 | 128d38a4ac858edcba856e7fe19899a5 |
| SHA1 | 071e047a1e8176623f5e2b65690cc4b07c077b83 |
| SHA256 | 260d18f6e56f1313b7a875fd4ddecccd32430d4fc0b7e77f958c9076713bb22c |
| SHA512 | bfc7b65a7957625fa7779a07cb060d0dd433ee2746d85e8e6d1ab81a24b3a83c46916cb8ee139aafe55bd34c5bbba31338e68d95ff38fef6a43f425f08afef18 |
memory/2804-193-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2624-202-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\SUAsIgoA.bat
| MD5 | 05960336138712001c0bd01f681bfc13 |
| SHA1 | dc807828385c0f17aee5ce1c868ad3ca2c71e3bb |
| SHA256 | 4e087b22539cfe0dc6a39782bd5761fb417fba5d35a61f61e9a50f8de3220cbb |
| SHA512 | a5cd573c6aa9dbbf4dded5b04d4630a6ad7b531144458a643125d677713327cd06c8deaec755be3df3f10bcf3bcdb9be792f5f42754a4d4f174a881ad3d705ae |
memory/2436-215-0x0000000000190000-0x00000000001CF000-memory.dmp
memory/2436-216-0x0000000000190000-0x00000000001CF000-memory.dmp
memory/2008-225-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\pWcosIsY.bat
| MD5 | e8a1d13f305e37d9d6ecadaa9210ff52 |
| SHA1 | e8eca012be5cbcfa7c346ca0eeb592fee3e40767 |
| SHA256 | 8d10a3844829e8d78a428b98f0c271e8af6736f4fb64b0ec8a72384f5aa4cc3a |
| SHA512 | c3a0a15e24735bd2f9cb9a74829bec4f49a5c03076c0b9585110782980aa87903a2cd6287333a36a7ffe0fceb03004aa1a3fc8a5c0af4daf4f3cb6eb46b02cc9 |
memory/2332-248-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FIIswcwI.bat
| MD5 | 5fcf272bed73aeab95f512f7b3e759a2 |
| SHA1 | f46aef8468441017c2cbbb34787f48e9f22ec973 |
| SHA256 | 02af4874bc98a0bf7f4c67a4d92e8394c05f0551c5e57216da63cc6b2ef85375 |
| SHA512 | 7fd0cc6d4742ebc8e27fa5ac023a1e7cdeefabb238408b0e8da286b51185c06faff05625836dedbb476915ca446529cf8dccfefeae3d4688a9f115912e450db8 |
memory/2404-261-0x0000000000120000-0x000000000015F000-memory.dmp
memory/1704-270-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zKcsEsYA.bat
| MD5 | 26d21d4da5bf926054d404c78aee549d |
| SHA1 | 0144ebeab60e1f0581100633a31650be0c1a4702 |
| SHA256 | 4261c24b06934273265eb68374ce109e37c417d43ff7c4770116cd0c887cb5c6 |
| SHA512 | b7b1c8f78f99e757729636079ed5e8bd44bbb953cc84925a8379bfc0763d60a3ba02a029e576e21b9bc3e66f93caffaf4003b77f4de89f3c7726756b03ab6862 |
memory/2816-283-0x0000000000120000-0x000000000015F000-memory.dmp
memory/1908-284-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2204-293-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\aoMIAggo.bat
| MD5 | e4b9cadaa4ab28c6b45499d28eeb4c47 |
| SHA1 | 20d772f123425207067af0a3a2e93c4cc22a7338 |
| SHA256 | 4a406aa3037d7bbf9e624a283abb780d9dc14528963a6316d7aee241ea149130 |
| SHA512 | 1549f24d0a3690eea86ff6abeb85a8b2292c2f12250bcafd359009784c8bb14db0bc12a329eac5f4609e3e0427e9e749804ef9a894dd119f1a0872a04bd6dd85 |
memory/1908-316-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kasYYAEo.bat
| MD5 | 22aae771dced0b369920668375b5bf34 |
| SHA1 | 56d61f051b43fdfdfbdbe99c4d27545e188d5f38 |
| SHA256 | 03fd6ba696e29f0adbcb28d280e3ce7c217d8d8cefb7b32264707d48df79a68d |
| SHA512 | d49518c43905d0bb4d6d926948515686a22ad10305afd68f87c0c6d56ab85243328608f782ae0c9ff43b83dbf2c61cb799f69cad4c7a74aa8305fb5ec4d5e684 |
memory/2228-329-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2012-338-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qEswgEcw.bat
| MD5 | 49747533a6ae21d989a33029263b95aa |
| SHA1 | 6e93aed7b9c7fd7e11e0b446cf0f67cbd8cfada5 |
| SHA256 | d7e47882d055429249ca47cc483de4ae52e750ac0e26a67bb50ac6d100b32a78 |
| SHA512 | b5ad6523536fde293fb4fe7e591cf50acd68fd3e520a5ed01a88b6d5b783479019be8de974a1674713b4b88e5cf071cf91e884889bf0aa7ffae6940c69d2b5d4 |
memory/2156-351-0x0000000000400000-0x000000000043F000-memory.dmp
memory/596-360-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QmckcMcg.bat
| MD5 | eab3dbf675f5502689cad60cd7d9d1a1 |
| SHA1 | bb647cbede5d75da63bbf70164ba74815fc3729e |
| SHA256 | cdff794a00df3b765a076e98b792fd68753b0a3e8fb94097289098628d383a30 |
| SHA512 | b8e74a43882497cc7fe9ce5447e53e51a9c4709b69006900f3ec8b65f9ef93829e9517e2db839fbcc20b16fa200dcba19305764ab43b5b2d1996faa10c0bb974 |
memory/2040-373-0x0000000000110000-0x000000000014F000-memory.dmp
memory/2368-382-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\dgokkEcU.bat
| MD5 | bc1ec91390918f7f4ef804a511abe51c |
| SHA1 | 34cc9fd1bb3148a25ae05dbb8d0cbe82903a0679 |
| SHA256 | e671da4adec5ff880c15155de0dd676a8332090cd02fb515494cb6318af98a61 |
| SHA512 | 7fbf087ab279cd481000db7b0ad72fa61da85160546e787519f0991b934f1d78dcf4da9946831d5e6d15d0d4dcf62ae4bdf42f0cd051973e339fa001071797bd |
memory/1012-396-0x0000000000120000-0x000000000015F000-memory.dmp
memory/2124-406-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\JOkwMYwg.bat
| MD5 | a3519e4d1fbec9ac263448de77d6893c |
| SHA1 | 7156223e817270a79a2f25a2f62619016e6ce1c7 |
| SHA256 | 4cad7f121f51f6135192874fddeb529e66029e2376bced0507d9db739459a3ec |
| SHA512 | b2e69df5c5647bbd6fdb9a434dffa6895a96ac561704f8e8c5e9def98956a6a2c5a1ac9750a2eeb20166a7dfd952fc72679791d31fb86aee1fa1018a6457505d |
memory/2536-427-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\XawckEwc.bat
| MD5 | 3f96a1924c349deface055da54a57062 |
| SHA1 | f3af01a6d8f58de7560f774d25bbb71713dee8e8 |
| SHA256 | d5b587515e5b2e9473df47aa6c2422af0aeb75bf6829ad07557fb45636541254 |
| SHA512 | 48504beabd94b1703240b8f305b7faf701d80fc0f8ca2e2934f6cf81abc47bceb51e20fcb0c9dc041b54b303ca6e9daf848bc163b1dc727af617672f0bfd369f |
memory/2664-440-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1776-450-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3000-441-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ZSAogsUk.bat
| MD5 | 0d1ac4ef325dbc9bd2e8b27f113d3e0f |
| SHA1 | 5d7196b58e0aba4de8eb8032042f22357a4505f9 |
| SHA256 | e61a41aae256477d0df9391a522d6e7ab2e6c1fa8dad209166f6ccc2878bd809 |
| SHA512 | 3a87c555f27b42e483496fd728526924db546025e176236252c12ac300339d2c36e46a5bdafaad32da0ecccf88d298771d28f2cd007c5499770dbed0c9539571 |
memory/1544-463-0x0000000000260000-0x000000000029F000-memory.dmp
memory/3000-472-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cmcQgwYo.bat
| MD5 | 26cc3a23dca19db141236407a3c6ceac |
| SHA1 | 4647fec3a96b5f00a09f160bb16cdbe0b4998cfb |
| SHA256 | 51582a6f01fe3c5240422681a264398ccd857b54cb99eebb2971cb07b96afbfd |
| SHA512 | 198a171cb46d5aca3c1a0a0706b3d157a05fc0bc092393d5c23aa794315e5f3785939f1b6fc85355d6c71af05c4a8bdbb6bb32abac659f58e1fc705390b25892 |
memory/2348-483-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1284-492-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\UwAwMAsk.bat
| MD5 | 7096acc3aaad31b5adddb6a43d852e02 |
| SHA1 | dfca563962b9e01dfe0febee5f45182d001a2122 |
| SHA256 | e671cf57a310362dc074a5bd061d0e0802e2dbd0a116574a1892efaf3f500da8 |
| SHA512 | e7b93601ef377b849fb15d0ff5d6a58174b33b33937530f418eed24773ff55c92d043b892aede9779914958787ac381b7a1efb181c82cd1228f6ff0cdaba1a4a |
memory/2152-504-0x00000000001F0000-0x000000000022F000-memory.dmp
memory/2336-513-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WacYEIsY.bat
| MD5 | d99b738172caf095648391b26abdbd9b |
| SHA1 | aab4b9f2be0fb2d34160dc1ee6109f8d0eb68833 |
| SHA256 | bd66bb46f03835c6ce4919a1702cf50c831204231b81d9cd5e3252da32f39fd8 |
| SHA512 | e9ba85a4e1b0870ab5e35b0e61887c3206f260786981753e51d97ba9ed2dace40f67578c7e31f7b5d740f69bbd049ef2c03152bf0a01dc66225b7523a9680c44 |
memory/2272-524-0x0000000000160000-0x000000000019F000-memory.dmp
memory/640-525-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2472-533-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CSwggQss.bat
| MD5 | a82d8c8336de25b532662f21fd3ac328 |
| SHA1 | 48b45a8bbc81b56db850669f547670f3e1098bc9 |
| SHA256 | 01993dd04ed6425cb96ee8375f53ba3a45b033e2f10b974b347ebf862cda41f8 |
| SHA512 | 083ef3ca7fd5320f605326e82971ce2e79e2094e69d97adddd7f4a28079596445b0e9ba78cd3f2d42f9bb89d37557ba57d084bde3a54aa338acb8c32f8778dad |
memory/2032-544-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2688-543-0x0000000000210000-0x000000000024F000-memory.dmp
memory/640-553-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\VkswoUMI.bat
| MD5 | 6a225e0b283f30fab565f819a6c9ca12 |
| SHA1 | d7aa972a34adfaaf01c56c2e5c7819deecc0ec78 |
| SHA256 | ac016b08b29532eb8635918e77f91353fdd380bdd59c30dcbc66549077edd19a |
| SHA512 | d587db9ee71580730cf4064cab7b162470d25849d4b00fb4aaa2b0a29088926d14a984d606fe3f344276cb6f57da1d7ef3ccb5c3f75e259a69dc9e784f9b614c |
memory/1620-565-0x0000000000120000-0x000000000015F000-memory.dmp
memory/2032-574-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\hesYMAgo.bat
| MD5 | 5aae5d8fb6b4f85280c503bd87086db7 |
| SHA1 | 7345c805473098209a1d8d0ef1367cb5d466b24e |
| SHA256 | 6978a2430ce0f5067fa1df40c959af9accb4d1e0740473d1aa433b544bbc02e9 |
| SHA512 | aa43a7b49d5c99599fa3b6a4911ad281d4408b1265b674b6f89779468caed0f983a3e6a8b6afa8e102361424b9b2f7bccf9b2d6cf5787233f3a442db25a69891 |
memory/3000-584-0x0000000000120000-0x000000000015F000-memory.dmp
memory/1296-593-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\JsEwgcUw.bat
| MD5 | 9e95c4373ef92d85cab06b38435a4ee3 |
| SHA1 | e50ef4061ee469c94893cb1ebb14eb62aa861727 |
| SHA256 | 07be991163f3f6505a4b315b75f6ad346152d57d592ca8330164d67b26a1fd69 |
| SHA512 | b6f5ea70d1aa2340f9c1ca0de9c6067837c931a5768ebe53d063fac6268f270e39cdef28a17928dd4ad0f74e5fab914b8271dcb613eaeb3624bf3c9a8933ed5e |
memory/2692-603-0x0000000000400000-0x000000000042F000-memory.dmp
memory/2716-605-0x0000000000400000-0x000000000042E000-memory.dmp
memory/1300-606-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2088-604-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2008-615-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TmMAUoEc.bat
| MD5 | 7d5ad1cb9f532dfe9b9be612a9397a3a |
| SHA1 | 14572f7dcee605d7a2253c2b24f3e8e43a280a5b |
| SHA256 | cd64e5aa03e3a5b143599e07e34fe72a152949baf623ff198d655e985ead2fda |
| SHA512 | d89d6b82d3d910e46d1ace1d5828c888e4385ee45834ef4c15adf9bff66c5d309c0dc7dda1d0d8f7f29362e1d01e9e547f7a9cf41c06b19321fd4514411999c0 |
memory/1300-633-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\YUwK.exe
| MD5 | 3f9ca85327292640ef0d61bfdcd22856 |
| SHA1 | 743883f932975c9b44ab7ff725cced0b0e56701c |
| SHA256 | f7414e290e5a514c6006f8cc9dd514dcf352fef3d4e6a19de25b04a5e7c69a3e |
| SHA512 | c1ceea010f237ffc1c4cf5642ccb584c6a6150144d7ed9bf2ad859750a8247eb6d86f14885629bbb72e4e745c9e905927bd22b43764d8eb268c694420659d5e4 |
C:\Users\Admin\AppData\Local\Temp\uqQIMgks.bat
| MD5 | 359a0757ba8a29d1ddc7f7ebbdfddea2 |
| SHA1 | e39a5c62dd36e860ec89c30feddf820d5178eaa9 |
| SHA256 | e1c31654ae495e9ee2862a7f94aef6ad0879a70fe370781b4f8f8211b6dbb6a0 |
| SHA512 | 8c6b08ad4c0e205a3a2cdaf05cf67e4acb9b2f5c437b4e6ec4cd3af1fb9dd13a98921c97a258f25acd6de2e44efb43a9a068ac5ad130d0b2706bd571c624eb95 |
memory/2516-667-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uQwocwwE.bat
| MD5 | d20bf07590e9239736a47f6cc96c76d1 |
| SHA1 | 301e9e85febc67235d6da6c2a93b8b4a3cd37bcb |
| SHA256 | e9c72f802289a004ea3e37b858fef197389621cf501414c722a0db4eb1871286 |
| SHA512 | 93f810e505c8498efe5642c4175fefa9899193ea6d65e3bbb9f385831459203f23f203b6622af4245f86360d3603315b18c5659a950ff180d9936fdc012e8634 |
memory/2980-685-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CsMAggQc.bat
| MD5 | 0b5b93060a5c614858932654a9048be9 |
| SHA1 | 3eb03ddf18c6c2786bcb6df7c47c7ce27fbe6ae9 |
| SHA256 | 42b6de4aa02fc227d6aa906c42ce135620c263929fe4916d9f6ed3ef323eeff6 |
| SHA512 | 4140d9834b199d0f02987541686779db234dc78bec3a66cd813407636b4a32b54e8a86ebccfcc872e66ce3e241e219a3c7d9c9f600432f8fa15bc0774284dc8c |
memory/2688-695-0x0000000000140000-0x000000000017F000-memory.dmp
memory/2140-704-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cSAswsQc.bat
| MD5 | 6a6b3e3b4e498ff130a1777987fc9019 |
| SHA1 | 43a09379d9433b32728904e08feacf4887f5539c |
| SHA256 | 9ab0a59b525979c893ec9864f0d5543e53d2a9c94afea538f8c572dc0d8d75b7 |
| SHA512 | fe9a28aeb26f6c00fcd8c6d5f2171eed0f07d0965b499895c2d6457cd43832335d5ca57d2c9f2382adde5071fa322ea391334999c691fc44f3a2bc3f0b0aedfc |
memory/1252-722-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\VicEksIA.bat
| MD5 | 56c889bc9b7af9fafac9d73224ea0b94 |
| SHA1 | a79146521dacb862c8ccaf9272294dafdc899288 |
| SHA256 | ff6a9429d1c8e108a1661e50ee408a0b46ba4422b834fe3865b0eae335388c77 |
| SHA512 | b577c1929e4c055dd74dcb77b7ef5834399477786f83cbf6fa8b8561b6a0ab9d8ea93555558dd2121ab89038d855f1b31342793fd218538c28651ed1e7d1d84b |
memory/2860-734-0x00000000001D0000-0x000000000020F000-memory.dmp
memory/480-743-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PYkIkIoY.bat
| MD5 | 3d998776774f8fde2b56d7017bf5a90c |
| SHA1 | fcaf1ceb51b547a1ae229bc90b4d4da90e9c8ecb |
| SHA256 | 053d7f5c68494b26d072ff666a88a4dba4bb8d7ee7b6bdbad8ee86c0536a6f9b |
| SHA512 | 2633ff49d680833542487b6b4dd23ecce8e8b0e686a7ec88471054211c2dabccd252bcf39e03fc2257cb78b9235fa63df4a9de06cf4f4699799bc41b5fa7fbbc |
memory/584-761-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BMIsMgso.bat
| MD5 | 0015f1a97753fb436543bd5fadfd8cee |
| SHA1 | f2fd64a1a7eb205ddfa21e5af2cdef34423379ef |
| SHA256 | 96e3cb8c970ddf3c796cd7599cff4c07574482f859602029c763c2bac9b39b52 |
| SHA512 | d67c35083641c92e3ae2c157490c2ee149be3b0145b39d2bcab94af8137d92ddb73c66a7ad9c37cb5f96c41206d075565e4fbeb3fe8d04870cc6942b37c02683 |
memory/2436-772-0x0000000000120000-0x000000000015F000-memory.dmp
memory/2436-771-0x0000000000120000-0x000000000015F000-memory.dmp
memory/2132-781-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\DmMQgkIA.bat
| MD5 | 77a5c606306b00ea85490d8815392c8d |
| SHA1 | 256a0e6413512be9367083708ef0ad4cda4bd35b |
| SHA256 | 3f4b7d3712f0ed2495b527d2b5f5acc07fee2e6b5dc16814e2e30dcae8be05f4 |
| SHA512 | cdd67a5c896c82cde6bfcfdee6fd3abce09043c77df1a962c3715098d03aa8f88f55e899d75ce96604437083e99150a393927c0cc1d1aa92566820a4274fca70 |
memory/2452-799-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gQEoYUgo.bat
| MD5 | e1154ce5927495f7e127d68cc0ec329a |
| SHA1 | ee7391502871d365773544ef5162650f680f00e6 |
| SHA256 | 93925e5aa71a470643f2f2f783419e47948d1feb4fea0311be1a2319f8b7512e |
| SHA512 | eeb1182109070e3f090d3f8dd405f666c30d7a9e003b5ccef5ff3398c1eac999b80830807378ad55551810e094fe073afec9f258c7dbf2a264200779ac170a9d |
memory/2980-819-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\oeQUgskE.bat
| MD5 | 448b244e375c9d3edfd153a2002dee9b |
| SHA1 | 543719b37bdbba9ad521d2a0bc1dc23b671d18dc |
| SHA256 | a5cc76a5e7434f15e0c25b9aed8110acd288e09aca911443d152781828a25f39 |
| SHA512 | ca0cdfe214d3db6a70c90337834ff8b6c49cdb054f0de28044be804ea22fac322e9dd4c9c0fe12cf4e66d46785e7a93097da7ff2e6adc3747f9e3817f48e3ee0 |
memory/2404-829-0x0000000000190000-0x00000000001CF000-memory.dmp
memory/704-838-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GEUMksAw.bat
| MD5 | 340607ed9b7a83e234514b79b50cd138 |
| SHA1 | 1be869a4d94df8ecc27e2cd1c4e16690e045270f |
| SHA256 | 66ace8f0e6dc339045811e1521c164a8fdeaeeed1fd7bed05899b5a9da2b36e6 |
| SHA512 | 76c2a1b03b7b90e04b2d05149402e2f31d02d4986f56f279f846aabc116e300816488ca559f572c85b16d8fcb2e32cdec8bac314981899063906e47d6b0412ac |
memory/2476-848-0x0000000000500000-0x000000000053F000-memory.dmp
memory/1252-857-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rmoAQwwI.bat
| MD5 | b3beda681b307860d444d934cdbeba0d |
| SHA1 | 76d2590377d4d7a094960bfe1403cee5b8347c2d |
| SHA256 | cbe584c82136c55107c9572c05b87c6796db19a977d82be109dbf82354b3e0c7 |
| SHA512 | 6da6c9a5f59f782845fde993b0569aab0569c8bb1e8eef3a6992db343b20701dc1d05b6e6a53cab8e74179f02a37843faf4c77ba4c1229d979d0b77a29748ba4 |
memory/1944-869-0x0000000000180000-0x00000000001BF000-memory.dmp
memory/2548-878-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fGcQwwks.bat
| MD5 | a06d7643fc8c105cf1601415c255bd0a |
| SHA1 | 649a9aebe95b073b3c09c61e5b3f6a642e05ef5a |
| SHA256 | 8dbcb2710ba9b369f15c9d94f69c91e78cedd7e2d3dbf8e44975dc04b03f016e |
| SHA512 | 57c009072371fd941b4b10412841d9a56d8fbc117af06cbd05e9a24f086b838e752fa27cf5bda97f5f4f07422f4b2adc4d2a95d3b1121e6bfef2ab5a794e2539 |
memory/2652-888-0x0000000000270000-0x00000000002AF000-memory.dmp
memory/1704-897-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\XQEAUcME.bat
| MD5 | 999ec69078f8e7f97b4144d31cabf269 |
| SHA1 | 3ed9b7ededc6f15820f1c6bcdebe6a1a78bbdab8 |
| SHA256 | 9c0c892ed7dfb6865344a8fe7adc79364ad96b1d01adcfa06ec2beafc0c3c207 |
| SHA512 | 4f76ef561842208f5015e7aa79cb224fb2a56a4b03d78dd408e36982255ba777092f4c1f778ca9fa80736301d3dfe178b26031c02089ffcb3f3e5f73d8ca38f4 |
memory/2616-915-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\pGsMYAAI.bat
| MD5 | 6f8bd6653eb9ae4658c5b2819172b407 |
| SHA1 | 5a641774c0426f85efa9605c670eff1f773da238 |
| SHA256 | eb9e186d181b003adc3894924c34dfdb3be31f3b9f648e8dd885272cd012d823 |
| SHA512 | 951739327093120ba03d6890cf43bc423fd8f9b2f60007d5deb88b06588b9fe2b5af4b0fd5998fa5b0032a2880b085f4f451dc0042b2a01b145c61781d5dd27e |
memory/2604-925-0x0000000000820000-0x000000000085F000-memory.dmp
memory/1028-934-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qQEAggME.bat
| MD5 | f3ef2d00ac42a9024dbcda1f9265ef2a |
| SHA1 | 10334a957635e82c6b168ba34992a646a963a5c0 |
| SHA256 | 53cdcc1b6cf9373f4fdff28db0464922e6ef0c701e9c6c88ece5998558932515 |
| SHA512 | 5d878de911256b3de395155d6c9c9147e479ab9db3724d55fd6a772cc46c03a8e1b841db1c715a7a82f74b418f3f6e9b837f30f0ed9bbbaedc90623b38b2693a |
memory/1268-946-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2988-955-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WmUgocAM.bat
| MD5 | 017628469387ad16c089fd874c6283dd |
| SHA1 | 80c7db737e8f77b1dd202e5c9060d142177b95b5 |
| SHA256 | cd365a0bd5ab7c5658fb7a9de3b083050ee615e9b377b3b540bbe122449457ee |
| SHA512 | a7895c450773353b5d2069e1183be23bec588bf2cbde9ae400033743d98fc7068815949ef000f8c95da0d03409d2c5a996e804775675915b61ef7cdbd7711f32 |
memory/628-965-0x0000000000260000-0x000000000029F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CYowkMkk.bat
| MD5 | d743bee7d4ae7497f092460a495de21f |
| SHA1 | eca9344140c92e09912002408fa4fac30d6188b9 |
| SHA256 | 4b13bbd1d10121f3b8afa29b7ce5cf528546977b3b28fe6ac4dccef87dd49cb6 |
| SHA512 | 96f1394495282afbd8f4610fe041f6cdd8074bc015c78c19d2bb9d0df3c7bca4364eb65ff532d28a9b7b237019ea66f219fd5bc4a6dd1eef9bdb8070f1075cb0 |
C:\Users\Admin\AppData\Local\Temp\SIAgskMM.bat
| MD5 | c0dc7ee99baaf4636ea16d2ddce98e20 |
| SHA1 | 16f1c09d6c0afe01506156ec8eac5b9df270e38a |
| SHA256 | 3d09c855f690d399483544f75962f950128a53d27f26d59c0f20c86750265d94 |
| SHA512 | e381ef9a99b83e1f17fc8d75c8a04ecd27309579465ef0afc77f0ae5d78cd54ced474003b9da2a1b02430d7b9a7e19b2609614bcdd6871f1215c78095b6f87ec |
C:\Users\Admin\AppData\Local\Temp\fKgocsAE.bat
| MD5 | d27f1f09c55f6344298d021f6d10ba76 |
| SHA1 | 9c857ebc3b084fce48909f667eb1888a7b4214fa |
| SHA256 | 0f5d4e0542a599160a468a18d85d6324a02b07cacef5da8314922d0d27aa797e |
| SHA512 | f163fa873d31aaaba10380172a71b17d1d7953e3ad2a8c62ba51367ecc23936076b2e17cff487f670141aaf1ab10d7d56d67cb5a939c126ba3ae7c61107bb4d7 |
C:\Users\Admin\AppData\Local\Temp\KMQY.exe
| MD5 | 207919c5ad055b824e8a0723da4a5896 |
| SHA1 | 1aee280eadd1818874ee7969a667f142b974c45b |
| SHA256 | 76e2e14f69f4292d7dc05ff1757bed5d0f15fca4353d383ce7f39870dfdf66ce |
| SHA512 | fc851285beb4755e888df292a6fc2b62c1bb5323dfb32254dbcc682ed1b2d5751029f0d8e0a7e7e1b76ea601022af730d1ddbaa4924ea1fd09be1ce062144fd9 |
C:\Users\Admin\AppData\Local\Temp\eIwU.exe
| MD5 | 6a02026b8f55b93c8f141df50a6df6e1 |
| SHA1 | 9ade98010b9af7b179bfc6f0d37614c841a4c8d8 |
| SHA256 | 45ef2d33fcf4682b91f7af95b7ea9628ff3c843a3d405879cc0b5ae2ce2cee3b |
| SHA512 | 7007c305a10a125edfed8773d36cf8ede9bbce8fd8b96ffc76c2c144c151f9e8521d2e76a73b0d759ca5977f25e953e920a61df10f41622b1dcf7880d4518062 |
C:\Users\Admin\AppData\Local\Temp\deUcscsw.bat
| MD5 | 5c3d6623c0a7bc8a4483e3951e613c29 |
| SHA1 | d0e2694a4f795c79c1d5d97cda6b8b9f33ac71ab |
| SHA256 | 09514f757d97a7eac6cb54359c06215b3dad4b8a723c1d4c2ea234d6113e3e55 |
| SHA512 | 5a521ef74649829c8ef831402c07381c1f3db0404cbaeadf7082aa0917cdd1e61a4b43c651ed975c9ecb2821e9424e2a8af94986d8ccb70f49547db99fe14292 |
C:\Users\Admin\AppData\Local\Temp\yIsq.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
C:\Users\Admin\AppData\Local\Temp\kksQ.exe
| MD5 | 246762574b3d4866e893a09f7359c32f |
| SHA1 | 91df4a692ccf3b0b9293e2d5abf88e37e1b192bf |
| SHA256 | e2072776895250ff5edbcb9e38d3beb3eb9664c37b9bee45877c52b0590d2640 |
| SHA512 | 8b18b18ffeced89d169ad4176a3f453298051ff623faf56d4a39f41206ba091ac6d02fc082276973efc41c02d22f2da2d036054d2bb49b832379636f7c576c75 |
C:\Users\Admin\AppData\Local\Temp\ikIY.exe
| MD5 | a5f84f80d357efbf7846b2e493a4d096 |
| SHA1 | 93c7347d8b5a6c59031d47f0477711dfaeff652b |
| SHA256 | b6deddd34164b5a091a60c34e5014af85049bfb76bdb522ace24cc73da13ffeb |
| SHA512 | 091bc2c25d5235e7a758717caf557d1d28519a1ed84fc351a987af1db91015f6d6b3e5701fbf897b7184743bfa9d0e60296078a2af59f941554a7c6efee6a969 |
C:\Users\Admin\AppData\Local\Temp\uoga.exe
| MD5 | 1178c58b1768409369a80f17d9527512 |
| SHA1 | 53c6117ff9450ca8112e05b066dc4dd513756685 |
| SHA256 | 4da2ab7e341b2affc4a973abb27862693adb51a28c502313a7c07db50cbeb292 |
| SHA512 | 623c371ff69b6bb30eb0131ea36e8c0be12013f5c89d5401bf5e654f328c60f26bbef889c94a25cd61ba0cb4b937242bd0cce13d16068d755af466e27492f7a9 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.exe
| MD5 | 6b87b694c18b524123e20b570cc6fc76 |
| SHA1 | ae6d4bb45e79bfac438d1a264d2bbd6a8e7368b1 |
| SHA256 | 93b056ba2823c4b0c76c01ab2f16230309139ec0414d92cf821a8bbaf15c239b |
| SHA512 | 033617cd5b143d5ba93badc14eb4e4cff9984bce8a45b9d37ef8d159a02abdf532a6fbabaa4fbd39e290bf1f9488609668365421f0a651e2360de9253c737e89 |
C:\Users\Admin\AppData\Local\Temp\yYAQ.exe
| MD5 | b32111db7f138f636a07b029751db744 |
| SHA1 | 3ac7f911c72aed55efdecca512cec8f9b4ca569b |
| SHA256 | 02dbe2a5f25278b3b2b60a5bdcb72c00c316c9a95454789805f02e403cf8c2a8 |
| SHA512 | 06ec1255fcac785630811a4a2decbaa6472df08832bac9edfad43c13a5b93e8c05191cd0681a7558ce8e65dc23308a3875e2b4d8ebb784529e91e63e263897c2 |
C:\Users\Admin\AppData\Local\Temp\sscq.exe
| MD5 | eb11bfebe32ac2c84223411a17590b24 |
| SHA1 | 5f0c4f014df9920c5f94e9212e75cb2c60b97538 |
| SHA256 | 2c5a86c8d7a09d37d2fd797ee713daa3da15bb14322b6ea5a9d5b6b959931e7e |
| SHA512 | c23db8b09e7ef7436973469b0ed5f81757c431d234d17f741f154f8da5836829a04e0d7e0f7e7b9930f8ef77cee480388d6b2d5c806b0c9cc0a37adb841831d3 |
C:\Users\Admin\AppData\Local\Temp\gYAI.exe
| MD5 | 728f38309c57c9154a62f01afac01175 |
| SHA1 | 37d1d72e6d0be5f28ec193f84f6c9ddce873fc07 |
| SHA256 | acea5b97bb0cf9f7a8985ce80d3f244b7f639e768388e4acc15135d394d889ca |
| SHA512 | d3dee9bed5924eef78604106442afca86e74570e1760590fd5bf7c5cf5c5816e020bef84f3918044f5f1bac3c994c22c36532b836cf536f140b6dac21d65145e |
C:\Users\Admin\AppData\Local\Temp\XMYoUMUY.bat
| MD5 | 1e8b2ac79f531ff562a8978da9cadfd4 |
| SHA1 | 5c0772b708d33446eac5f34d878c8038618f9057 |
| SHA256 | 9b36d7b61f4dd0ef44aaa79e67b50a60ce40d51c554652873533c172e411a5ec |
| SHA512 | 2871802bce51fb9f962d77eaedaf5cfd16aab8cb828c7c29cf5ab41632fc9ceb9317159fbeeaabfd59f242ba69cb50e5e8185aea3aeb5f18a0a17d61d4a0cbd8 |
C:\Users\Admin\AppData\Local\Temp\AwUI.exe
| MD5 | e056be0445c6d357c49222b2b7ce64d1 |
| SHA1 | 5235cb9b0330430dbbd663804c8068ab5d93f82e |
| SHA256 | feafb2ccf7156af4c4126c1241b7ebce9a284d807813c35ebe8aa9a9e7f7bf35 |
| SHA512 | 9e33b73f44c229650a0340431222f4d43171ccd29d8827a6d87201efd283b603e347a7794064d0de703d7970d652a4654ae6e2809ec5247d7fa219a4b593cbd1 |
C:\Users\Admin\AppData\Local\Temp\gIUA.exe
| MD5 | 0a12e085edb9a15916c712cd610fd514 |
| SHA1 | f2564d575b0c83532973bf3c4db02f4a709fd95d |
| SHA256 | 1c6e4e5d084e11230b31ebe424d24e13b91cd22439bb014b1e2bd795c5625c5a |
| SHA512 | c3f84de38832cc66298d4bd1630b6aaa7d48d9b969892299c421c66eff3dd4de752f734f56e017e326a17645ec18ea47bbec7f3b0a7b1c27abf92f33b4e27556 |
C:\Users\Admin\AppData\Local\Temp\kcIM.exe
| MD5 | 7fd8dfc414927a7b923eaed19a0b3d28 |
| SHA1 | d4d4953e5125f995943deebd89aa78946ca9500b |
| SHA256 | 229634912f8f264cd78d7b6c345eb10c47398179fb044aed1e271fb7156c182c |
| SHA512 | bfda28a5407642c325b751af794f6646127f140352083c3dafdadb48968681a462f1953fc0ea8b7ea2930459f5ce81257f10f50fdd4badb793ac4a90b04d519f |
C:\Users\Admin\AppData\Local\Temp\GgQi.exe
| MD5 | 4181e437919a22c3cbb9e95cb4f066da |
| SHA1 | 5346d6dfbc820a50c63d23200f56668c9a5e3957 |
| SHA256 | 898a1b59dca9e0cbfbc2f544dd8bc990a3e64663a82735e578e50da8ed6a1bb3 |
| SHA512 | 4b829cb8c44d1b319b409b8f75cc4aff607a7c1cb22f92e3f23864b9d331e84bbe0b99b8da71c6a49a5ccdeb3d5a64d1257a2765a736556b4667645a2df7372a |
C:\Users\Admin\AppData\Local\Temp\mUAu.exe
| MD5 | 2b96cbaf7152526888405e4cac42ed17 |
| SHA1 | 62a49f7ef7992bf1b9a7a6597b2b5432aaa61ca2 |
| SHA256 | 3f6bf60e5b7d377938af0f619ad91911963a0e771b78138ee575223da1f85afd |
| SHA512 | f73e5693e169f29ff6fd79ca99994216d7b29dfea47938879d8bf72f874e3a35b7cf91ebab78b36f07c24a0c4ef0b480e5df2012dd54aca868794be2d6727ddd |
C:\Users\Admin\AppData\Local\Temp\iwsA.exe
| MD5 | d067dfa16011cad22b668c4727e0dc61 |
| SHA1 | a352dfbf2648021ae70a3663729908a101b158b9 |
| SHA256 | d86cc0757850e05abdd9be862ae936608e101cb59ccefe8a3016b10046cd2841 |
| SHA512 | 6c6b81e6e25c7a48763dcf14802bf547446eff5e982d3808d484d14e6e3d5746d6a0e3fd89f2ce5923531da57e702ee4e9d361ea5ec281a79436a1a337160c16 |
C:\Users\Admin\AppData\Local\Temp\ococ.exe
| MD5 | 0c292864ee8e974c278ee33ebc83353d |
| SHA1 | 0a31f9b6d3801bfebf3a1f8c1477e653590d474d |
| SHA256 | 791afe4e5177a58878755cac7a642bf0b611d3e0a66a599d90f8ab52fa770cb1 |
| SHA512 | a1aff03309943ead6ae2ebe384a8f4675a6ffcdea3619efdc2dddeedc62c9e44960aa1d3c1fef50e651b6f38a348981ddc779649d90306a9275cb027c2e8a2e4 |
C:\Users\Admin\AppData\Local\Temp\leksMAwM.bat
| MD5 | 4f12b4d966228fdadad89b4d30828e5d |
| SHA1 | 547e105bfeb7a75107e28b22607a788e2887378b |
| SHA256 | fb8a449e372354f487490b2863831322fd91fc9053bb9a53c333bc40eaa4269d |
| SHA512 | 9499915211438b7572de7b12b18c2e808c87acf900bf9c20c301f53dbda0d6455fbfca656e8026a7a40295434bfce377b666aa085effcff66b826cb2422a9845 |
C:\Users\Admin\AppData\Local\Temp\EQYe.exe
| MD5 | 549931050dd233e9c0ad741550f41581 |
| SHA1 | 5c210649430146b3431a613a8e959c6a7be2e328 |
| SHA256 | 9c3ff87db34cb0bb09b01e5fb8eb0a6a4c1c5da2d3c083f86313f89cea51d711 |
| SHA512 | 7172a3ab13a08683a609ad36cfbc5b716c9e4d9590660b3d31070f33e3150e72ee17cebe954a6c931d7db592e4ae553a97bdda99380d78ca59ae4a9749373959 |
C:\Users\Admin\AppData\Local\Temp\esMs.exe
| MD5 | af1100a55f490e1d3a9b0335f82341c4 |
| SHA1 | 9998a390faf29fcf9471afd15e60ff226e27af7d |
| SHA256 | ae4d99a88a07639ee9bcd715e9b18d70715ab891ac3e91c4a87bea61652d6e94 |
| SHA512 | f9fbbc07edba3879992810b92bc7aa58d17a2d4f17029f9d0e9c068b13d6f3e1cce7b5806910d450d1b81ff0dfc83789f2326a95a9a7068e2bc04b79a7f2a8fb |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp.exe
| MD5 | ae53b6fed3ed847ddfe1ca0816c1b946 |
| SHA1 | ca1c831e142a3bf4c0b7410d681b2c7c74615693 |
| SHA256 | 4d1dc20e05a74993aeff9c63995ad41985ebffa6f08c3c0c3341bc98079a9b8e |
| SHA512 | 7c6f1d7c12ba3f6ff9e93cb4b8aaac0e76f055745692f8188b5f3554aac17165c1a20943a6daadd162c63b76d7e3bc4e44be82645f47edf0eaf0195e0051935a |
C:\Users\Admin\AppData\Local\Temp\AEEq.exe
| MD5 | fd86e88e4d0e50b6a5f62ed24a267cc4 |
| SHA1 | 86eebbca3f37d9ed43f53723f5e1dfade720d836 |
| SHA256 | befc3d99ec83f0db01ba324c29a527dc1337ecc7b166898c84cb1efa42d7d8be |
| SHA512 | 373b8f673d485f5b8b67809181a3eda883e81f3a8a6942ca441989822253cabe0c80a805bcdb63b0c550aea25ed25a9d8083d2feb29dd7c039e00c9d95fc96bd |
C:\Users\Admin\AppData\Local\Temp\ekYQ.exe
| MD5 | d90fc548d4126a9fe7707717c9ad819e |
| SHA1 | 2f5daab57afbfd5a48c7d409995b09f22442bc38 |
| SHA256 | 3426dffc41993b2a73ec6682003c5e67ea032717ede077570db7b80c4da3e362 |
| SHA512 | 6ac4af39801e7255ec57016e51c23bfe0d4a2279192f681e612900379a2b9e290a27ca795ec8607188c0d2c68c66354a2363b98c58eb093d256c50a1e4756958 |
C:\Users\Admin\AppData\Local\Temp\CwwW.exe
| MD5 | c10ece6f05d6eb930f94d8bfb4c555b2 |
| SHA1 | 10f938cb1157385ec2432bbe682e7744c2f19ff3 |
| SHA256 | a872188b333e8ba73077922c31347c8853c1e06536375855a643a72daa7e8a96 |
| SHA512 | b025631db58a4e36734002f4dfa921fa70b39a3468d3115274fc4d9d9d64e5af569013b9fdfad850d283265495662eb069afc033df79f57a923d155f5f1e5845 |
C:\Users\Admin\AppData\Local\Temp\OEAG.exe
| MD5 | bc1d76d51b9b785a060994c977472176 |
| SHA1 | 9fe852399b64059aca1fd2a7b16136997c8d6ee9 |
| SHA256 | 55f8e7bf32846af781fc9fec3b4704616ca0243f096c5555881b0c0d983b8640 |
| SHA512 | 0540465dde274488fddc65f42df344ef5f5932ba871dc83933b40aa3c5201c000e9704fcd450e77ea72c0567be57070a9f1b058bf989871fb80c54a667a25de6 |
C:\Users\Admin\AppData\Local\Temp\EUcC.exe
| MD5 | 6ae34e8d73f6bf9a9bc42f3cd7d6ea9f |
| SHA1 | 903c75102bccbb2194c2b8159dc4cb363b876156 |
| SHA256 | 69d92ca9a61bc0c6fa9e17a927aa6a055c553591d306eef158e141ebfa5a86e2 |
| SHA512 | 47b2057786316e5f0210730b788507501cd25799a1a1c14370eb310578528f860a9e4d2047e1acdadcb53d5f17f24d4297b0a786dbb5d6f5644afee2cf716f0a |
C:\Users\Admin\AppData\Local\Temp\qGkoQIsY.bat
| MD5 | 4c6cce77828917271f8de031ba43f1ea |
| SHA1 | 5702757b858278e7dd5ad2d42c9635c06f410ae3 |
| SHA256 | 034ffcc761ce20eb0826ece35164a088f52f5770cc8b85af1bfadf1a4ec385a6 |
| SHA512 | 23b0ee1a43db1fab0e0e056c22539925b6bff95efc98fe9913a0b34e6bc96b22cfd42e3454818eb26205bd179693f4c3cac96de60632ffdbcceb27a1ea5aff38 |
C:\Users\Admin\AppData\Local\Temp\eYAe.exe
| MD5 | 0c83222cd4b470b511efcb5df61db496 |
| SHA1 | 7afc85d0ce3c5bda86eec61c7c91d23b86b1932f |
| SHA256 | 71c6a80985771306c1d1cbd332f200596ca470ef41c63eb2ec2d48d3ab579ffa |
| SHA512 | bbb0320b0fd6336dc12d4854eb4406e22d7d1728894997018c2640fc08313f1ba93ed1bed8fbdd693da1cba7cea8689bc82f2b4b6dd84ae7562749796d235df1 |
C:\Users\Admin\AppData\Local\Temp\GEUo.exe
| MD5 | 34e736ff41c715dabf5c3da826d208fb |
| SHA1 | 3f2ed9250da21b7f13f79cc07b148eba759a870b |
| SHA256 | 169713f67c1ec9ac3c1ee5b3a47dcb5d80cadf94f78c33a34fb8741a79b6fe86 |
| SHA512 | 92aaba435944f5377185a2add13958115a965a6cfa9a60cba56b672d825eb419b141f6ba2fc1395d02eb451b0405a20f0b477187ee79de13167d37b0b02d366d |
C:\Users\Admin\AppData\Local\Temp\KgES.exe
| MD5 | e126fa7e1f9c3bcb751d8f7ec1322403 |
| SHA1 | 40d1d02090b640a46f574bb566382fa81fb3523c |
| SHA256 | eab4145398bbe49bd24c7e1482c415f0b6712533402d25c92318c56340ea46c7 |
| SHA512 | 3b4eb2636e6afae65299c42533a875db1722fe87e643881ce1e8a1090448f6646797d62615e3638ad0f9a4b2de63002c35dc1341c92a6636fc16d43821c6ed11 |
C:\Users\Admin\AppData\Local\Temp\cYQE.exe
| MD5 | 3dd02aca321777905b74446c48e7a12e |
| SHA1 | 2e3490651db2c2061d0553250565faf0afd5a707 |
| SHA256 | 09ed160d2fddd1f361ebf43e8239f0cc8093107159ef53780aa08dc9bd1f44ed |
| SHA512 | cab1409b257299029f1335cb3c94b51b457a727b32097d16b0708145517b4698877c7becb655eb47d7ead2f27de53646cd9bd0bfcb8273062492949df7f1cafd |
C:\Users\Admin\AppData\Local\Temp\IMoU.exe
| MD5 | 3218005f564448b24f1d98ed25b0d236 |
| SHA1 | 9bda99e5ba0286453d2d71258defb41261c7bfb3 |
| SHA256 | 085d403d8c7fa08c6aa626a703198aba827834ccb8308b537ae754a29edc44c3 |
| SHA512 | bfae7de2f8d612bf53c58a07770bd998cc40ed47c27a88ebfb40d01dbe356561ef66a0d0648f14eb7212c40a82b4b12fdcde1dfa1538b976d0e30f16b469a2a9 |
C:\Users\Admin\AppData\Local\Temp\EmcEAQAk.bat
| MD5 | c759b43f43bfe4fc6bfb385ff7f7f72f |
| SHA1 | e7f8128bcc959299e61e61a94258fb5f1f8022fc |
| SHA256 | 7f9846a76f02d9a107ebcd11e7952c603ed972f6ca5981879fc43d3bec633ba7 |
| SHA512 | 63ada67b027927ae99a403de42fa2570a3dee1cc89a52b23d312ef0371cb02c2fb271533a395df3a8f84fcd87c73bcba2dd22fb798553ba038d6a750ef883c28 |
C:\Users\Admin\AppData\Local\Temp\Owgy.exe
| MD5 | 669c7bc5fdc3ceae4ea5072663bbd23a |
| SHA1 | 4ee5701864350b43408617959815c9f60bc95d5d |
| SHA256 | c4666cd4c65bba7fd88c63cad367c7a442c0a04d99b069191539471cdbc474bf |
| SHA512 | 2546a2ea219ac16e7af75aca99a3874965bfb7af5d1423016cb356c01030fd938c78eb1bb625c9d76ff3053c16f44f9c9b138740f17ba3e91a37ab58e0df684f |
C:\Users\Admin\AppData\Local\Temp\awUU.exe
| MD5 | 4e5aa56a4acff2df7ca957e4aa56fc40 |
| SHA1 | b2fff09e7f30641757d03ef46109121908cc9abe |
| SHA256 | e3152250063043ec254a20e8fe95193c21b7bca6dbbc7d2c72b6ead4e3fafc2e |
| SHA512 | 1d15d3328829c0dd5e8b67d291cb11e1041586849ac82397abca3d63a2ad6c820c6c726ce6330886597e91ece7774467a817b12667bf92a8350acb9d62394671 |
C:\Users\Admin\AppData\Local\Temp\aswi.exe
| MD5 | f8d2c32d5d650992fdd0bb02fcdf3c62 |
| SHA1 | 67fd9c5cf623c4e21d5b7ceabb68524d4844430c |
| SHA256 | ac340939349faf3f466ff69d3ebc982e310712579c3d64e6af562f6767e0875d |
| SHA512 | 1460d9280d22558c2e3a4a381faef98bf44d71a0661d65a39b7d855d07198bb2762532687d528d27f535076bf704df431dffc4303132d981e4c92d6b48e730ce |
C:\Users\Admin\AppData\Local\Temp\oEQk.exe
| MD5 | 24117928c5803c3d1e1d9b0f0c49cee0 |
| SHA1 | 51e07366a9dffff07ded63649d46b2fd0ad57863 |
| SHA256 | 0ce8626f080bbfa1b6de0ffeec0c67fe8095d1cf183c230de934424a335f312c |
| SHA512 | ca65a65a6ea3edeba1df37607493b560c682a770b1a2fbc4898f5500acc6d494f40936fb3ce6e8e72cae60dd402f426d4e1a96ec00a89fb162b2975f147cd168 |
C:\Users\Admin\AppData\Local\Temp\EgsS.exe
| MD5 | 9b4a27f76a8244ccdd05883794418591 |
| SHA1 | 15ca24894ad8c2c3a1937dd4b0036fd4af50c032 |
| SHA256 | ccb7a6e03a27826a396f31ccc493c49a73bd1358e69c33ba693e62276eb5995f |
| SHA512 | 082ee6c180fec09a37b798d40c607e00f3304d568331e962c989c371f561fb95f38b1332f7151e76a73d612f3cfc1dfb952d8543ef110e19c924ddc319f23174 |
C:\Users\Admin\AppData\Local\Temp\Coww.exe
| MD5 | 941337a28c418923829fed8cc1f947d5 |
| SHA1 | 2916919a66149d216627b2e9fc7c496e814cc34a |
| SHA256 | 7cba20be0f5daeacb072a3515b7be6971a4b9750f072942a4143b963fcbfc772 |
| SHA512 | 5fb0aa7ba392e6456623a7ff55f15eeaad84cc66ad1cec7e6c6fecd70f4c7fc49cdcfd6b3f62a03bc8e5750f30ae4aa4ed95494d8579b1b8ef289516f3dd5eee |
C:\Users\Admin\AppData\Local\Temp\wgUE.exe
| MD5 | 2e69c75bee1daaa9782fb6c669356b43 |
| SHA1 | 5a93bc53166fa3f5667480a4f138b29667e74d70 |
| SHA256 | 0b230b22d20dd6b441e3d792f2e852d390020e451491854733fc37ba2ca46cfa |
| SHA512 | ac59143a7c3aa97fc1dc66517c043982fe946d6dfffd2686041f36191d3adff44d5428649ef6f4d1bb19dcfb99558dda2081bb5963c4972560382ab93fa124a1 |
C:\Users\Admin\AppData\Local\Temp\isIa.exe
| MD5 | 904a90298428b25a1ace30741c77447a |
| SHA1 | 66df4ccd472d4a2cae9933621d5b579f27be7c2c |
| SHA256 | 2b9d71d3b1a277b5ae271d6dd25f7b061e64df6e491536029dc6e087805a3edb |
| SHA512 | eb29330af21a56dccf188660766a2ef3a16dd7b67353de9e61e74d17d63592ba872e941b21b1cd280a53ad60f1756048a07c9e038a6a399fea543d36b9bbc527 |
C:\Users\Admin\AppData\Local\Temp\UMYK.exe
| MD5 | ecea5118137b67608fa083ef80a9c4fe |
| SHA1 | 27320b78c3ce0c4143e0ce351c1740bb9e3def5f |
| SHA256 | 90a1a1615bda7abb0421b22c46ef14645078886119702d61e2968dd483be9a92 |
| SHA512 | cd2ac0fda6fd1183d67b3ac2295bc4bcdc89f3c52e2d063c626d9e6cf078473d94de4ffb92261a86ce4337a61a4f33d4b7ff30ad78bbf5e147dc066c17375f70 |
C:\Users\Admin\AppData\Local\Temp\gaIEksYo.bat
| MD5 | d69bc8ca68fc0cc8f657ccb2742e21c0 |
| SHA1 | ede80555bd12f7f19d14209d7d32151d9e43b178 |
| SHA256 | 4d5ca3fc06f7cdf9ab43a64ad981fad2a676c955fe9991462817d65e61273f35 |
| SHA512 | c032bc8f6490c6452f9033d3d5b9da13feaa416ba13660bc4ed668269eae0b70e32dff7a007853408a8a776e3acc799ac1b4430860663b278f926b6bb09dfe3b |
C:\Users\Admin\AppData\Local\Temp\ScYU.exe
| MD5 | a4e41ce8fd6bcc25161a810ed42aa71f |
| SHA1 | ebfb47cd3d59be7affa1c471d154a5002b8c40a2 |
| SHA256 | ccea800e489beaf60102ba805654b19e6fdf4f029f5a901d4fdd3f7f5f2538f2 |
| SHA512 | def4e1934e20a987b67dd6561d4517a72c7bcd11b772c9556ff3af7109ad711838b659de4b07bdb23be8b916d29ddac9e0b6841e997a6fba046902f56104e332 |
C:\Users\Admin\AppData\Local\Temp\iksu.exe
| MD5 | 4bcb75d48beab3de321d9ea5690f0afd |
| SHA1 | 0844c06304b6fc6d7d6ee18557b7072543e454bb |
| SHA256 | f6fbb99a49649f29d18ffd6c6cb514670922995266fc0eb40ad6f2648c62d085 |
| SHA512 | 0a371207d69039a1a9b5eab29d857dba3e9398b62ad60ed48f9d6f19cacbb00c823e8c85f2fc233b9380f9ba093cc510cbda2389d1c417b5db47374ea0914bdc |
C:\Users\Admin\AppData\Local\Temp\EkQc.exe
| MD5 | a76b5385d458187e1fa87f78d278d6c0 |
| SHA1 | fb4ba32e47e5ffd901081caf47d7378201601089 |
| SHA256 | aa04701cfdf4a0003fe86387c1c9b7026270ea771a865ab4e5bf1aec4b62a07d |
| SHA512 | d1c19bffb27ccfbf8b967981313acd9344826cf26d5d051d0d27aeacccad2adadbd30c222c64c332cd39f946c21840f6b6845eee0f2096c82dfddadf72dda43f |
C:\Users\Admin\AppData\Local\Temp\wEQK.exe
| MD5 | 45700bf399aad59ec6d5da85b09449f8 |
| SHA1 | 2203ad827b702b75030fdb8fd2d71b8259e5adc9 |
| SHA256 | 73c706a8ffc3cedf2307bef0942465a45959d0fced055cee8459f41c00c2e9f5 |
| SHA512 | 79ef2f6add89479a5cf0082adb31da8b8f86414c9047154d21e3e4a8c53a7611c9292c789863e998eb11ad2bc30ed927cc63bc7d3325ecd4cb7f9e17060502e4 |
C:\Users\Admin\AppData\Local\Temp\QsMQ.exe
| MD5 | 625c9bcd6a846f30b7728f53293bee1a |
| SHA1 | d815dfffe6b929602b249dcfa2bdf4d343c92683 |
| SHA256 | 4e7e865e74c025b60ae73af31d7a4da2391f1a0eeafe3d967bca4b37189f19b9 |
| SHA512 | ca15d7357bb7d96725a34de0e2b5110311e240e4a6f4b2c1f723e4840429ea5652a5999c03f87141d790feb6da3062b31d4dc2c08ea5417be217bdef59367a2d |
C:\Users\Admin\AppData\Local\Temp\uIMI.exe
| MD5 | bddc1198ed6e642626e75512eb741da1 |
| SHA1 | 21fba523c24312885fbd230771b4b4b6e20d2821 |
| SHA256 | 07cce5a5f6689a9e1ae9e9767995513a169ff267747a6f07a8ee60d686a87578 |
| SHA512 | d3525e40358bc3e99d0fc31dbeb806f71dbdbbd39e4223838a42f098c876d9e408075d86da42e26af8935655dd31505fbb334e4d18f8432beed76cbefbab1121 |
C:\Users\Admin\AppData\Local\Temp\KGYEEAUw.bat
| MD5 | 204e1945aafb2e07b8d5ab82c6868778 |
| SHA1 | 92b86fd776d4568ac54114b3b52ee72ab0c96358 |
| SHA256 | 27c2b55bcbb8e1266da19813806675f15fcf722dc8db8601bd06b89d09f10015 |
| SHA512 | aa1f00daf44b588fbc3aeefdacbe803b38149c3415287dccd2f511e5de53fb1f11a65f47bd84fd90f31f3128379c58ac1de39044890223dc45ecab29d82d84b2 |
C:\Users\Admin\AppData\Local\Temp\WkIa.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\eAIo.exe
| MD5 | 038aac5b3a58ffa2a5db8f4f70986fd2 |
| SHA1 | 3d6acb7386de796523155ec4d01f7ab24f77dab3 |
| SHA256 | 1df153010749fdaab6b0717207c72dbabb8966a0f510e63d12601411193c96c4 |
| SHA512 | e4a951b2b8894f71d167673bf48b877d9375e86d0c19fae81b72dd0604f4410eab3d17aff4c82706ea8f30a99dc75ba888aade00694159b3a081f5c2622cab0d |
C:\Users\Admin\AppData\Local\Temp\uEoG.exe
| MD5 | d0cf71da670aaf7b960ba5b99182a7d3 |
| SHA1 | e2c6f154935a16ae65d2b0fa965d246f5f9f4d6b |
| SHA256 | ee488dd4c3899af43948da3367f65254469816fefc005214017d18e9f9a3d6ae |
| SHA512 | f6b4089c639642118256ed78b6d7fb71d98d3a02d84073cbab991bdd44666f2e43406380576f89a523826d042ef3b3b1af5a212447c5bc9d9c4f1135f19895c5 |
C:\Users\Admin\AppData\Local\Temp\mIcy.exe
| MD5 | 4ee0983ef7c3b1ec64a89703b1ef1d17 |
| SHA1 | 3b7dbb0ee57513037699286394b611e80cbfaf69 |
| SHA256 | fdf2b33641d274018796bbf7a08670aacc188f91cf761aac5608e2ae26804d1e |
| SHA512 | e3cbe8497845af6bcc4cf9018aaad1c6ad6f9d3a8282e4ba57733097a40041ca38405458a671a178cc5424ea3105512a94b858bf1246052334caf5f5518a21f2 |
C:\Users\Admin\AppData\Local\Temp\wQAS.exe
| MD5 | 1b66bd574cae5ddeea28069207d72ad0 |
| SHA1 | 5acf00c0bbc8dd2b6ebd131241c275b4a011695d |
| SHA256 | 78ad8f20d83f84242b9e1121abc467ca022e5ef0565a82dbb374e7fee89400a2 |
| SHA512 | e4cd6dd699d8b35ff511bf563de1ae9d2d3615858c1637fac2119eece74589371d631464877d8ce40e5b22ef3664c410c408e74c6d43753db7310f0e48b5d503 |
C:\Users\Admin\AppData\Local\Temp\hAIgkQII.bat
| MD5 | 5839c00ed09e3a8cbb86c59436e7bbd8 |
| SHA1 | 9028a1c01c5023d88cbb67cc2a137b080c9d1675 |
| SHA256 | d701b0ae3b5daf02f67ce328f0fcf319315c7e5466d6bcf548306b82f0366a57 |
| SHA512 | 22e8ab4c991ef9773890ff07ce027333ab276ffca28ed4af65e5c81518d51bd99a8500928c9bac02a5db632e1918b9c961f4282893dfa6e937a22bf5f6426dd1 |
C:\Users\Admin\AppData\Local\Temp\vCEAEMwA.bat
| MD5 | 4d1d1e0285512dfe62b216fb854c9730 |
| SHA1 | 98f44e017186e5e75ab52beb60f46162563d8dba |
| SHA256 | ce9f871ce4ac4d53b4e2a9c65464decddd67791d5ceb4ba0151c2244f0040486 |
| SHA512 | 4310b84df1fdcc9cadf459205eb19e65d37c54478c22fcc3fd9d94086a710a035f1cd8c67d2cabceba35ec948c370fcb5b5312f962542385b7a1fa15333bacc0 |
C:\Users\Admin\AppData\Local\Temp\xOUoEMcc.bat
| MD5 | 46689c80bfdc4ce3b7f9c53aba0dba12 |
| SHA1 | 7a32743f9a30df6e79f227d48e3139a9e839000a |
| SHA256 | d4428cf716c2dab2bd7b4df590cf62dc69f2ca83261ad1b49d0eb22df14134bf |
| SHA512 | 774e13a0ae6e3eebb97677dc5aa80b3f27487fa36ee36c1fe948cf87f3699c5936856cedcff15c8670d42136e083db968b68c11513840f17a8035d3cb2c14ba6 |
C:\Users\Admin\AppData\Local\Temp\tMUYIMsw.bat
| MD5 | 5c2e5d4647232fc3adf18deec6567674 |
| SHA1 | 48a01a8cae1d74502bd13d331d45b7e00e29acbd |
| SHA256 | d36dd3254a522e31e738e53f90a06163e0f639caed483abb3c44febbe8a47161 |
| SHA512 | d5a309c90693b99e088baddd270a29af32132914a199ebd4a3a0fa8239412c3a6cfdc66812434d70fa49d587bb2c361c1205ccf3c84a61912657552bb6e5492a |
C:\Users\Admin\AppData\Local\Temp\iCQggcIw.bat
| MD5 | 5feddecebe6db724e43371667231fedc |
| SHA1 | 635e835fbbc6188557ae623c479ec4d3d2da5970 |
| SHA256 | ab08aa6ca1e2f5f6c813b4a4ffbce51ee203a968ff495662f3f6dba60abc438a |
| SHA512 | 09669ba1654cf4251f979594420d54da99466af071d6de668b8cad9519cfe01797801f83f6d9111a36f7399fc555bb5de76f9f656301308fa1d12bacb1a06ef6 |
C:\Users\Admin\AppData\Local\Temp\KUssUcYQ.bat
| MD5 | 0aa30f1be4dd63d6f9ccff9fb93ec11a |
| SHA1 | e104d36bea990dcd4522b170f126cacaef100dfb |
| SHA256 | cce3757463c70139632eecebb7b6dd95af09811a515532f8a8ff7555e95b208f |
| SHA512 | 158c8a0a9ed0d32fd74dac243f647c5ff859bc780908bf60006af51dd72b758e493dea7967596c82822e43168a394e66c0c9160d5544e410e451d9a158b54ad4 |
C:\Users\Admin\AppData\Local\Temp\UagsEssQ.bat
| MD5 | e053dc3e8fe36bb6ac030483a2974d43 |
| SHA1 | 5fde8303779a5e96715b57336dba39c6c790bfc8 |
| SHA256 | 5bff744e7c47de680502c94fb07f95f9da2d0abcced1183c9eb1b8adcd7dc22b |
| SHA512 | 67ef21ebf2e7459d300f257d181c03b5844df51170070b5f9155ca2d770734b09b62ae2f456495a7a127750812c16f089f06f4ef67a52a6875d88ce81441e455 |
C:\Users\Admin\AppData\Local\Temp\rKwkYEAs.bat
| MD5 | e6f1d29281d674b88d2e2742cab6c98a |
| SHA1 | f5ea2d23843aa4923bd2ab738705b90bb821be91 |
| SHA256 | 635bef8b400e6c74bcf7464321c44a5c969f0174fbd19a3aa356d0bd65968fa0 |
| SHA512 | b674864604b8ad336575c3058d65e7523e83831d9f6f1b8a10d561368ba8c6e604f34191043c03fee86cdd307daa95b0439542892fb8534bf71be6c372edcd70 |
C:\Users\Admin\AppData\Local\Temp\rGIYcgwk.bat
| MD5 | a7252fb9ad2b4bb710a3025ed6f1e831 |
| SHA1 | ced71592c9571fbce7f9011917a1119c0b5aa32c |
| SHA256 | f33cf52bfe9c7869ce99af6abe8c0059dd9a15660252ad7c53dce495c347aaac |
| SHA512 | f84bc1fd342259afc492b6f9678573798f1991d9c51e4b30050206baec1af64920f7f85b5de2a02fc50f1810c9bc01012980048a8e30987a3fa57fe75169cc66 |
C:\Users\Admin\AppData\Local\Temp\vQIYQQow.bat
| MD5 | a2c8e9bcece3d0b0c964f1e50a23ff2c |
| SHA1 | 7e40e798540cfbdf5ff3459dbd90f8ae01e169ae |
| SHA256 | 44a574109ee001b1a787cea6843af4bdc876fc0f1f4634da44d43a030e9ca942 |
| SHA512 | 2141f8a78799a0beb2f22e11464c7d022d8f2197d93ba3693a9f0d71dcd25c737eb08db53389f783426c20680b8402db74e99b1c74f4924b7d4339500fb1f09b |
C:\Users\Admin\AppData\Local\Temp\aEkU.exe
| MD5 | 95ccd178c57feb013340c1d34a2c84f9 |
| SHA1 | 38247ed1ee788be34b87c67a3727d1c9f2dc1403 |
| SHA256 | 15c488bcd08fb0b3ecd40f758598a512a6a32de7d0e0645c707df0d9b8c088f0 |
| SHA512 | 3fc79e0531159aedd5ea9403007e4e490ef53582330c56016949be4c531d102f26169bad69fbbb644024b1cd1754259a07aa9a33820c63bc29ed0506ca7ad108 |
C:\Users\Admin\AppData\Local\Temp\MIAi.exe
| MD5 | ea555f65b60f538c2bcad1d60b905f4d |
| SHA1 | 2736dfd4e1c755173b48440425d342de402e4369 |
| SHA256 | 509cbf0bc79adf1d19a2be970a516440d4ffac4dc94889cd3d9ff330c68522d5 |
| SHA512 | 68b1d228982d92e204e7f7c700d107e4e94bf2a9e0db5c0d48cf028a65778dd39ad45c97f7f9d5f663a9ecd9d03cfd461750b0487937228a559b5a6e9423d45b |
C:\Users\Admin\AppData\Local\Temp\MgQu.exe
| MD5 | ab3621559b48494112993172a9c8cacd |
| SHA1 | f711563dae2b3282cbb61e93330513b99bd11a6f |
| SHA256 | 70bc4d2795ac1d4728756274bf09f42a5a8a20c013d19ba7b64a90a685feadbe |
| SHA512 | 2c69c9dbdccec3336f246abfb00e0bb7f1ba7a60875ebff09140726fb4fa522fa4047c8b87654f0b7d0be4f96236a31cb91851d5f8da540f194e0f99926ff755 |
C:\Users\Admin\AppData\Local\Temp\wQEO.exe
| MD5 | 33ff04f13f5e4963b93cd44fbe9fefb7 |
| SHA1 | e91a7ceef54d966125d6760b3e6a428fe689b08c |
| SHA256 | d98300b95e2de28a40dd786452d5a22dc112ebb98e79b17ecd48e30b528d5a01 |
| SHA512 | 72ddf3baff38794f5c90f7317aed683ee96d0a6ec73029e979adcaacd571f6e556de81212dc77b2947f41c11b8bb23e569f84e20d076f20472c4b8f1aff7a15d |
C:\Users\Admin\AppData\Local\Temp\MsoU.exe
| MD5 | a7a712557c538afbd58b2b844b13f302 |
| SHA1 | 40adc9b73195a419acf4f46d707eb4c6a7dfa6a7 |
| SHA256 | 16222a1541c33d38b9ea9917ecf8de63417e4b22bb0f0a92c42b85623fa67157 |
| SHA512 | 72f05d2fa76525683c117c2eb6a45fe6aaf7f0d542e56c714c7876dccc64760a7312762e578211dab78e0e08b719ffc73f585a84b12b046d82c6033786997cb3 |
C:\Users\Admin\AppData\Local\Temp\ocky.exe
| MD5 | 6634c1b8129cccc0d39c609fa30fca0a |
| SHA1 | a439bb17c9d3a266829851831783b1e0848324be |
| SHA256 | 85c3355a34fe159b49a67c67c6a0464216a6f4357ce16f662c7ab992a87ef73a |
| SHA512 | 719174821e76622e7ac77cdcd555d910625e594c619968dc6b1492626d38d758f1f3be480b568eaeaa241cab73c23772e5057f503626cc0cfb246d1ccadd27fa |
C:\Users\Admin\AppData\Local\Temp\boowocoE.bat
| MD5 | 2dc0a77cabc23996964538c30c686d21 |
| SHA1 | 6973dbdf5e2eb2713f9eaf516d01aa243ffe860a |
| SHA256 | caf8ff9f03e8392753b966f9a2016ea175a276381566c4d27b1a54b40086a9a0 |
| SHA512 | 8f5a98be3bc0b70bf40edaf4464a1859e1fbbcae32d0d16aef25828b75bff8d85ecca6b8715aa486a7880e5e32bf5cabf55a45ef2b1697d9a8f4f8ee33502261 |
C:\Users\Admin\AppData\Local\Temp\EIUK.exe
| MD5 | 1890a1b14b187747484889b2a55b2abc |
| SHA1 | f6d0ac98364cd983f206d602ea1743fe536d391a |
| SHA256 | 9a60b293dfd9c4c29603121f6ad3116319535782809e09c5039eea0484f51095 |
| SHA512 | 77207f9faded50d42fd4638bb273fb8fae2be2a73362b78448fb4319e96382615f17a9030d687572cb097f451ebaf49f5ba0c4be24d5fb6bd836a8a07bf73be1 |
C:\Users\Admin\AppData\Local\Temp\agIQ.exe
| MD5 | ba248cf5c751ed0fee66dc44b7395dd6 |
| SHA1 | 7cb338f4d2d35e124991217ff60181c3ec3bec78 |
| SHA256 | 783c4998135fb77da4d25aec93e85983a29c3d18152d13dbf6e2465cea4be9be |
| SHA512 | 67e372117c64f504100bcfb295aa7a2e6207f18c5fd5c2bdaef2dd29faa7431cd27528917ae86df6bb03dc68622af22332216535ff41e385963ffbb90e75fb90 |
C:\Users\Admin\AppData\Local\Temp\gYUU.exe
| MD5 | 08607034fc48abe5f5a1d27f32c03fb2 |
| SHA1 | 6d2eaf42d8510218b1e249c24bba0c02737be31a |
| SHA256 | ed4ba49894024eb000858eda394fab5a1fadff366281137b61a0e32b0d3565f4 |
| SHA512 | d06b49889f060267734e75c8f7b1152de2bae2759a95ef89470282f2dffce589eed5ca3a34cceaa7ca6de6892f3b80e4bea0ec38e5ff82bd8442d2f650532023 |
C:\Users\Admin\AppData\Local\Temp\eEIU.exe
| MD5 | 0f8bbf67bb1fcbb02b00e733f1d53cdf |
| SHA1 | 4d44834030b823cf1979daf80e1617a3b310e892 |
| SHA256 | 07dabe0a8f3189fbb63afbcbe7686187653ffb27b63caa5b1a4fe969beba3ca1 |
| SHA512 | f9c9af760d476b0480097cf8a531f7842acfcbc9de479963b9f4529d2b99aab6f7a6a491713a9a0173ea96a91912d2da0837fdc6ad74d8fd456306ebd0da33b9 |
C:\Users\Admin\AppData\Local\Temp\EAsW.exe
| MD5 | 7566df40aeab16354ce2e0653667b2ae |
| SHA1 | aef913deee75ee898f08475625c97a5bec6b95b2 |
| SHA256 | 1133562b5ff21a72ae89e2874f17797cee2b73cef29bf8b20980953f0870c5ef |
| SHA512 | bd9e08fad2421f8f3da153370c35bc8a722c210a4fa6929632274f355dc7e263f07d63cbb8214add6d9e68f9505026808bd3c00f51c2de952bbd16141192b331 |
C:\Users\Admin\AppData\Local\Temp\vgIMEYUk.bat
| MD5 | a55ab1ee5a996f58e0a62df0ea93030b |
| SHA1 | fbfb5198e8e0adbdfb0768300fff75d000117bd9 |
| SHA256 | d819583fe39470ea85928636d3544165f3b379b370b97d8fadf25ff42032a87d |
| SHA512 | e990e4aa3d0f9053d65d18d482ae38b2554958790d9f985b76a490d2c02ed8ee4d6ad7bbe1cf901e72a93aac475a3bd9ea1ace0f29ed797cf43a854a7bf4bdc3 |
C:\Users\Admin\AppData\Local\Temp\OsEK.exe
| MD5 | a0deb945f6daa65e82ed39b73c2e7bc1 |
| SHA1 | 7b2e9d8c79ac9ff615ad53d0c1671d1c3b7929c9 |
| SHA256 | 3fd332c1f3a94896a44eed312f392bc6ec42fc3a92605981713aa10ff33ddd1f |
| SHA512 | 6e0bdd718b6f97074a6a1e16045a5feae61acd59a489053dd9f16afcebdf9330bf4defdbd5162d8e7d5ccd6d8b3e5c626f9e1e67f957f23b9b1b7eb5866eb5ac |
C:\Users\Admin\AppData\Local\Temp\uUck.exe
| MD5 | be67dcfc5468d80e6c298dbe6596159f |
| SHA1 | 05d15b139413873c7f40259ac43bc26fc57d8f05 |
| SHA256 | 78190157f52d4215a62dcf56e979705422c98a8bbe2d6d4b4efbc0a6ff24883d |
| SHA512 | 9f0f98f8672bd41d513fec1e506b1bf4f2b6d1cd444813ee13f09a4c699a0712406d07c71bc5d5967a6e31bce0f2a4a4d1f0d1134be0e5b0c29db7f0da1edb17 |
C:\Users\Admin\AppData\Local\Temp\yQAA.exe
| MD5 | c985928fa9b90c47c7d751a9a1aa5b24 |
| SHA1 | 49fd4dea32ccbf462debda87e6621d5e2e71b8b2 |
| SHA256 | 4c19a67db301687cb0a4498b23389a361ce31730262f431f2c30c601c4921745 |
| SHA512 | 6a0705e7a5518f2e691122922d4ac1e753681009198b587e33f118ffe8bf3c1477994cd112da120418156f37d727aa5547e35bc51e820518955e5a2d7fa89c57 |
C:\Users\Admin\AppData\Local\Temp\uwAMwkYg.bat
| MD5 | 8cea2ec5cbf97cf9bba41fdb53d24107 |
| SHA1 | 032e00b78f4d5457807f0ac7f193fabdb7dc4368 |
| SHA256 | 43e086d64071950ec579069eca8e02253675ca0de2b1bd6e659ac74592a66ef9 |
| SHA512 | b1b66feb622d7b007188600dfe272bcd29cb70f27b83b4ec2b1ed6d98fa2813038a903bc905af63a90360974ef136f81688007fcd27dd52d6b908d4c5a62429b |
C:\Users\Admin\AppData\Local\Temp\SoEw.exe
| MD5 | 9bdf7bb45a348978aa72b9ad0542ca82 |
| SHA1 | 7f189d01f1b03354a394736241b7e53573578089 |
| SHA256 | af56eaf1db8e7739f41a99807ab0efd4c008d06b05e51fb72bda56c10d43360d |
| SHA512 | a04b36616f4e0939c9674a2872877bbe2e674ccb16bcaf87f116e62e55224378be259fdc8a27ec05e2abf668bb9de8bc9e52451e6695d5885f9ec83a7b8f8691 |
C:\Users\Admin\AppData\Local\Temp\sIUG.exe
| MD5 | 3769501cab7e4209cfa1e791ee88f484 |
| SHA1 | c81670f90985bb343e1552481d80cd1495566e0d |
| SHA256 | 8e48d0660bd04d56b5ac413e85d8f94ddbb164daef869a2d4074416e4ab4ac53 |
| SHA512 | 997e7de4d1c592708d8659cf93a656fdde490f6b6285faf911f4dd8387b19f90e10b9410594411d4e81a312dd23951d0a2074415597ac3e6d2a9a07107e7b4ff |
C:\Users\Admin\AppData\Local\Temp\mYIQ.exe
| MD5 | 747d322674d7bebe30aaaa7fbc5b9c32 |
| SHA1 | 5fef296a3ee5cd4c26ef64ee754b2eea52d448c9 |
| SHA256 | aa9c159031a18693fbccecef32182413a32aea8c5bf9af49ff06c54d51d1be87 |
| SHA512 | 953e305778d1129597652f0d18fff4cf77ad0ff4fda3b13c0c696cd936473379f1ec536b3c76d70d3ead23056bf2b524e0b869566c9768dd466fae11abdbc0e0 |
C:\Users\Admin\AppData\Local\Temp\GaAcosMM.bat
| MD5 | 89df20177969a7972dff977528b5c775 |
| SHA1 | b66c3951e7a43cb953918f3fc46c80812dfd67b5 |
| SHA256 | d638ab6809540f3ab42f731ce1054cb402d94275ad8dec9a6d20d636350c1de2 |
| SHA512 | 05336508aa6dcce650a5d58b26309f282511617065c09df86f00550189b58a5633f4f34b7add131093724673b98ad4d56968cd5a0f0ab9f64fdb7029dca84a42 |
C:\Users\Admin\AppData\Local\Temp\UEEQ.exe
| MD5 | 02264a176c9020860bab321be78e8966 |
| SHA1 | 29eaf3799f3e1e6af852d04419406a8b6a397517 |
| SHA256 | c2eb7fb3127891994364792c7e0f1f6f2bf5c34640edc108cfd6f12d6342b2f5 |
| SHA512 | 232645c8e6d8cf0b191a965144e5f7651c99eb0403abf4d52b7cf6f82ef4f2d14fbee8420ff116bba31640d07dd7e4d0d850e4432178f1f91ab180c0c4e3b4c4 |
C:\Users\Admin\AppData\Local\Temp\AsQe.exe
| MD5 | f237f18950087755e0d5d401ed999482 |
| SHA1 | 2756dd44fcfc36f2a9bfb440815452a7050ae9d6 |
| SHA256 | efd3b8dde0f186b99ef893ffe16aa6f9623694373f829be231fbac008264d49c |
| SHA512 | 910d57102ea475faea68044db076f224953d2a983e425b7ab5bc0d1b4dc34bdfe076dd5c47a6356b0f3f7ca70c1a693ce60a9f47b9697eb0d2b02d35d4d7227c |
C:\Users\Admin\AppData\Local\Temp\GscU.exe
| MD5 | 32601ca76947e95bcd8d2863f2d55b19 |
| SHA1 | c471f2942b1ecb59d2de527e728965aa3680870d |
| SHA256 | 6e5e1df799355466de5c2e4b9bffe59b59c93e37c11d86a5e2ad6e0c7a648991 |
| SHA512 | 4c4d2355a8abb8b4826d08fd01192e1fac25ec9c2a1db98dd841fb91356eb43465bae887715fadc50b7342dac3b27f75743bcd95fae666a1ce28caa41ee6e6e6 |
C:\Users\Admin\AppData\Local\Temp\eYAc.exe
| MD5 | 74348bf10ead10be667aeafd4b40f195 |
| SHA1 | efb6f86c1d0db43039a7b4b2996ee15b75ef2f75 |
| SHA256 | 6c89854601a463fcec812b1c8ca984a050e74bc13651ad01f4218a41b37e00f1 |
| SHA512 | f7f51582e91602dac6da7e5ea036625f18793bd9e2419709847c2ffa2d6dbb3d33bb442bb328a8644811f7d64e28dfa67b65e978328d57d54a4a58fcdb588e3d |
C:\Users\Admin\AppData\Local\Temp\MgsO.exe
| MD5 | 7e6750d39b0672d66a197497d0ba2920 |
| SHA1 | 742b9f6a919ebe4667564c79270fb63682b69437 |
| SHA256 | 521ac2186307cb79af9a1a93bd8a521a54727fd572336748909b9aff9aa671e1 |
| SHA512 | b5d923dbb0903957c5414bdc9e1c7c44e78130f08266f6de125b8b7dd692dad096eacbf11392151e0d5c5f00c1fa3194f879741bdd9f7ebb3a795f390f9794cc |
C:\Users\Admin\AppData\Local\Temp\gUYk.exe
| MD5 | a9022159fbbc5976be4895aa734f0ebb |
| SHA1 | 6debf935e14125fa4005a225ada6c19b4717698e |
| SHA256 | 4ee007340874f8b443d6548741070a1b6a036961eb98466f75f59924918ba9e5 |
| SHA512 | ef030d18dd398b927828b748b25fd8c920332c20a1bc3010a6fcdbd568ef623629ca015f37f368b1728d7db0a4295e8179ae7cfbaa3faf94d5bda86cd9e90bcc |
C:\Users\Admin\AppData\Local\Temp\kecokYUc.bat
| MD5 | 71f376e92d24a8ccbf542f160d2421bc |
| SHA1 | eb700ae48877ee7dd4f7dcc6fa7d8f422418a6c6 |
| SHA256 | f2b55bf614bbbfa6926c10b40f453c98ba596502a625a1696188640f204f2387 |
| SHA512 | bbb2c0a4cbde4482b602ad0e6a6f7b61ffd04926bbced64358a49f503ad75120c0b40659e53b11e4df000226f72d066c61b243f8871253e2b7558dd6f8bc5828 |
C:\Users\Admin\AppData\Local\Temp\eAQC.exe
| MD5 | 58d09e1521994614d76d741e3abf3356 |
| SHA1 | 2893965174684a2f87cdb4977186cc73d52884e2 |
| SHA256 | c504d81c4f700ab6034fc4cd6120e3e25e9591b3821cf5fcd1370f20f695b306 |
| SHA512 | 8336930b07a4d64e783d18bb344ec2ba55c89de861a32d9c929ec03a484b409f3bc92d77333a4582d00e24553b3846f338f4557397772fcc65f8958efe30a9be |
C:\Users\Admin\AppData\Local\Temp\swcK.exe
| MD5 | 7f20efdfcd505f77c08d0b2adf97101a |
| SHA1 | 72b56b1e0d20745e9cbd1c312b57212cfe57b46f |
| SHA256 | 0336d8470206443d866dcf74a0cd1e3ad942158e2c9af494f69a02d72e9b43b7 |
| SHA512 | 95b34c061dbe3814059c82b8968bc3a6d4a9509f1da08ea38857c92ec3e0473778f1b8c701cadf4591f3ae91a23253f7b4fa5908f9c7e74caf845b6697d7a33f |
C:\Users\Admin\AppData\Local\Temp\iowU.exe
| MD5 | 3440020c925301527a5cd9685e26fa32 |
| SHA1 | ab507af1abc34614a7d0cdc3f6056d6e9eeb3ac1 |
| SHA256 | 5b801c2f9affeea878f6760dddaca6d582133abf478b18ea95b0b9d786c42a1d |
| SHA512 | b3e4fa9da04e909c363091c4abbc2475b4e235798b5175e92e405360758813fe6505433cac21d8f1c8592319923b1b4287cf1f8a5bd098babf43099edafe037f |
C:\Users\Admin\AppData\Local\Temp\oyAEcQQY.bat
| MD5 | d5266eba79a1df621c8c12fbbd62c008 |
| SHA1 | 6f6b64abc45d1ade9a06011c2fc9725c5ecc6802 |
| SHA256 | 3875ff67ea2df17f86466087b657bd32e962ca5b0fdaa18b58df62b7e5c29c5a |
| SHA512 | 80aa8871bc86d6583b0a6d8828f59e9746800d904a5951fa5b523797a18c8f1e3ba54db0ece81c30002b8c658ca6d52b70e9dad05a239f25d2da78d56286b86e |
C:\Users\Admin\AppData\Local\Temp\JEkMAIIs.bat
| MD5 | c94358adc85c2c16695980c8b90bb60a |
| SHA1 | 884d6b42079074b0d529468ec5bb1ee67fea42db |
| SHA256 | 396157cf8b129962214d35af1cb60d3fd8cf9c60416fbf02675f2756ecd3f24e |
| SHA512 | 04f2f5684ca57215015aadf41b920453441db8578e84a0484e2a215857f6f3db7f57c6be89d8c66892f50197ba10b9de82fecafa0eb6bc81ea9fb15d8e7f10ab |
C:\Users\Admin\AppData\Local\Temp\Asoc.exe
| MD5 | 23c9048eeee49faf577e3502d7e191b1 |
| SHA1 | 3acf84fb7e400928a0a9ac48b442853103afd38f |
| SHA256 | 06ea403953b1a4e173c6011379a6e0ec57920d7465d7f51059b5561bf36d8903 |
| SHA512 | 6cc43bf695443baa3fb9f96debef0bcfe7664866ec122638aea0c51c6eeded4b519020c0fbb30b2234f1dc409501bb4bd8c64d7c2bed47c9d284cfd95b76de60 |
C:\Users\Admin\AppData\Local\Temp\gIAI.exe
| MD5 | 3d824f341f09594a46df5a4ead521f5a |
| SHA1 | 5e0dc9b6bac215f6c17b08e49826e0a11d82a154 |
| SHA256 | 6081ec9f908047ba5cdba32320ebbab1aeeb17bcc64097bb7ce098788eaf2fa2 |
| SHA512 | 23d9f1af616f28ce29b0ffa6b6ee8757b82ff02231acb682d8d47ae14ff869e2ee795fd24c652b8f22bb627a6ae508bd32ea1aaab65ae28915cf21b90a83851d |
C:\Users\Admin\AppData\Local\Temp\SkQm.exe
| MD5 | 639f735f982eb5a76d4b129a00fb9235 |
| SHA1 | daccbfc193fca3c9e89301eca137bd18898bc2f4 |
| SHA256 | 971f539b6130ab87ce46523e723ae4eb02dca01482087e721af96e2b99203931 |
| SHA512 | 60dd8fa7b0210fd69d3127f657bbf20914f33535c3d3d35d59cc42f12e7713cddfda4ef4bd55da416601ddc69fcbbe69377c5b5271e57cb6a3713552efb368ea |
C:\Users\Admin\AppData\Local\Temp\GEko.exe
| MD5 | 6190819616ee7fe7ce9a936eac8b12f1 |
| SHA1 | ac990b967b83832432872e92c5f9a4f45a7d8ec0 |
| SHA256 | 0fe0d905cd4a51bed8670508565bc595bae6d4720918edf03cabb18baa975ecc |
| SHA512 | 5e953d067ca0da54f463e477e3a8bf312bd57651c305b18443d86a884eea5e2f55b2528547d4e4b28e769bc8b6689a847cc059fd860185cb222c38b793fcd711 |
C:\Users\Admin\Downloads\OutUpdate.png.exe
| MD5 | c4c96a0d087bb4d49c4bf0b3054724a1 |
| SHA1 | f79f1ce0e562111d73d8502811aa712a9a585a10 |
| SHA256 | 53991613183a56920a3903a2046159e0bbc49afea0fe2775ac67259410291211 |
| SHA512 | ef313d5b42aed941da606ee9ab609df72ec74022a54ad8a5cd6db3968941a5cdfd9638192b32d22150bc45007ad092b7faba79bc9c64aec7920450021871604c |
C:\Users\Admin\AppData\Local\Temp\CEEy.exe
| MD5 | fe545a0a9d5287b600ca65074417f1f8 |
| SHA1 | 9b2bcdc152b33449033b076ca672c3d491869cf4 |
| SHA256 | cbc09e9e8688388bfa883653745d7eb125ca85cd48e5a342625ddc63c6f39640 |
| SHA512 | f181fb3ac350120597b62a9ec11454d21becb562322f18c08afb4c2dbb6a37fd9cde606e87aedb3d0722e14a67d9c18bdf0f8488d75c9db650f0803e0d5ed3b8 |
C:\Users\Admin\AppData\Local\Temp\Koss.exe
| MD5 | 8e79d38a342368ab9e3e39672389d7bc |
| SHA1 | ef1753461e1294bf8558792da5e8b0a96703c5ce |
| SHA256 | 5328bd90ed824974f6c117e8bc06d2578aaf511957c8c012833a08a4f84a2b17 |
| SHA512 | 4a11ae9bea2e5e5a36e1201a80fbc82a67890ad01c806ecc608de811908b32f1beb92c683488209c9ff568a96b1e1fabd765113f8a49e4a0accfddbdb0c38e5a |
C:\Users\Admin\AppData\Local\Temp\mMIQ.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\AppData\Local\Temp\mccY.exe
| MD5 | ae5e793c0806147867a09d7875ec6d70 |
| SHA1 | 5776555edf58b3794d072b65dc472342c9eaefc7 |
| SHA256 | ade09921975dd6de2c71dafa195eb03a8e3510d7b19e8bfa02f6f5ca924abffb |
| SHA512 | fc5d139aee1bb7cdbb9388e7dc1f99e86b39ca579d47c55d81ffdd04c49327488b961d683b9eaaff39a7bcdf3d7430eb1824cb549fd0fc7bd143adf7820b8889 |
C:\Users\Admin\AppData\Local\Temp\rGkosoks.bat
| MD5 | f44a4ec26841bc173b520a60c081f101 |
| SHA1 | 2421b3574774a317368ceebdedb1fdd7b699eccc |
| SHA256 | 00cb18de8e49b7f62a64d7c4f3a7dcac1f45137062835c5a8d20a5c5a84258b0 |
| SHA512 | ef7c341f22d279f8ada2a24b81229a831333011c07888c53c7dd7a440109dee7dbee5df58fafdf01075929bebe5df219a7ef906b9d44d79a016dd49d4fb00f06 |
C:\Users\Admin\AppData\Local\Temp\ikoe.exe
| MD5 | c319674ce884c3528fe5075cae70e989 |
| SHA1 | 7a80e85e2a0487fe465014bb33cbe04e52d94f42 |
| SHA256 | 23e47d7c2b89f3bc98641be051ada6bf6cb3ba98dc85287a01185e51fb083206 |
| SHA512 | 75d4285b69af4a7d56325e445ec876d8bf22be752b65fe72ee2b449ef6ac46cafb1b0e48d411ac948ebbd855c39dfa9ebee4755cd51a86f022db269b1657c7ae |
C:\Users\Admin\AppData\Local\Temp\EoEo.exe
| MD5 | a41c14d0d1af9f4047fea6bd2e69c44d |
| SHA1 | 341b42275d583e45251a303ed64eb5018ee6c6d9 |
| SHA256 | 3b2ef58c4eda673d66a935ccdafcddc5e5b49a8772caee2f33bda580808ddea1 |
| SHA512 | 5142b4d8dd28291cde9e6c0f7eaf2f1412b50e6d7b1f7d136d09a0d433deb863ccdd38a43630b4657846161dae701203c438f501ac512da693416d82a8381924 |
C:\Users\Admin\AppData\Local\Temp\UYIc.exe
| MD5 | b5617ac3b46ab306426078bd4260f9ab |
| SHA1 | b128ddfbae4230e489254566a7c84832d36b9efd |
| SHA256 | 4edd0312989452b3b825a81be838743e92d0d87601be22639e92bd8c1bbb3dda |
| SHA512 | 9ab41b37e93008dac7080eb61c761f715a64c5b4fe3db482f0ccf49ce5f518e56819881fcc0f6318e99a51a0d272c9487febce3a39cdac9bb247e17891d7bc4c |
C:\Users\Admin\AppData\Local\Temp\cokA.exe
| MD5 | 4b257ed8d601fd7954083e625567ed06 |
| SHA1 | af922ccfc84b9dda66cbdb8fea2ce41e0052329f |
| SHA256 | 291edabaf358bdee32905e61cb9d65039cb9051b6aa2d12d07693287ccf510a3 |
| SHA512 | 4bf0d26aea0168e2248a34cf40df53bbbb98eca73ed4cafd83794181339419d14f2ec8aaac091de18e2c9d2eb92c821ec44e2fc37a95cad303e3249f0b867dc5 |
C:\Users\Admin\AppData\Local\Temp\BSYoMQMs.bat
| MD5 | 1207ac435bc20566c6f168ff1fcae3be |
| SHA1 | 49acee9f740c50efcc53f87838b94ac747a96406 |
| SHA256 | aa6777016c61d5e4c821b0a57b9a6f70e87ada2bbcbe8fb6d0fc552192530c65 |
| SHA512 | e042b2ecf4f8d3d84c85bd9e1f776ae0d5ad9fd3d96eca1ce22e421888348f82f9438b7cea9f8e86b612d87b1a6d04f23d90e5417b0ea394a4d0283982253b02 |
C:\Users\Admin\AppData\Local\Temp\IwgU.exe
| MD5 | c2375e25ef2655a14d471b22999c4fb1 |
| SHA1 | 2110ebd23744399fb313625310932334696fa5e4 |
| SHA256 | 89d8fb4d9161c8c98b4c91d65d25820a2c72df6fc88acd44d397c7f8133899a0 |
| SHA512 | b7db33fe8a5bebc9ffd617cffaaf7d958104b03055da5ad41326403414e8a6ac8c9b7be560c9fda93dd8b8f3cf1246721a37aae9e080a2db1b2e2ce4a2d1f931 |
C:\Users\Admin\AppData\Local\Temp\aAEK.exe
| MD5 | 05a659e7e101d87f2fc61b1bd023128e |
| SHA1 | 7e922bda7ef29d2df6ce37db4f0ddffc15068577 |
| SHA256 | 5fe31045b60dd1ad8959a0921f2ee23abb95b90c0266aeeeed08d2675ae974a5 |
| SHA512 | 87c43b3fcd8c85f2b5ab38bf369243c992acc2c320662ff3018b15c77279047d9e3d9d1b2a5911ceca82b3b339b242f9e3e93110553877cb083831c3a20a594a |
C:\Users\Admin\AppData\Local\Temp\MoQu.exe
| MD5 | fde9c38bdf7175f7a2a099c2dcaa3a7c |
| SHA1 | 3262582a0f940dc6a13161376fd60a553268f56b |
| SHA256 | f98ca998c9917957d35d2363fe36c7eef119fdf4a0e4fc0f4a627bc82c2c0bb4 |
| SHA512 | 1087f46083e84b3472f3801cd9fdc4abc02599ee1b229203aeebd4bce746a5570c1ceab988edbb17a385b5ccffb01a5bb20aded8d45c9b66973042eeb9b742d1 |
C:\Users\Admin\AppData\Local\Temp\LyocoEQo.bat
| MD5 | 94f66fa076afee2b878e28f8159888d9 |
| SHA1 | 76818e788a8ceead5a281125698251f98f8ba6d5 |
| SHA256 | 08fc1894e5c8ec82c781cf2ab71bf69cc996c8c0506af43475db967468b5efe3 |
| SHA512 | b522bf1dbd513d4722d08a42334bbb268c69682be755919ee9c871cbfa9dfa7146882da8d335281838b3ff427857d418bad094142b8500e02944649bb042d938 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe
| MD5 | 91c320ae13cebafeebb996fa8ccf72a1 |
| SHA1 | 685f7c9dcc3444f027529a6f6ef9ca0aa6be2d72 |
| SHA256 | ff3fb496f7b6e397f5e805d186607d06ec9ec27b2d276bfd92b30ebb88025164 |
| SHA512 | fa51f492fb6694d48f75468b03f2335ac764304ec14457bd65de157c96143a9c86da465f226da64cbca59e735688f364c85b280ebcc7f6240d57241dc4a8b935 |
C:\Users\Admin\AppData\Local\Temp\mYcu.exe
| MD5 | 59a2929a7147b2399b38b4ac7e9ae3d3 |
| SHA1 | 6bee87f74315073710cf22e58d92d5c57daf94d3 |
| SHA256 | e637104eed44755affafa6339492871bd4ecd8339c420a30b80a7a382dd9e2fb |
| SHA512 | 1c42cd888e36895588257c5bea47028afc0e73d3aa5e47c1fccdd52e04f374bcb5e73e62f7783835b56a447778dfebc0cca1af9c8f06b3a43f06ed929fd60b65 |
C:\Users\Admin\AppData\Local\Temp\yoQG.exe
| MD5 | 98eab92b6d9aa5897694b1cfee145d8b |
| SHA1 | 0ad5ab6c99d0af396a46e0d94432af7d5aec14a6 |
| SHA256 | 441e31e439f668e54938c06d33d000d5571e777f36ba892bd5b94ee652b73a53 |
| SHA512 | 6a1edfcf51b5da83d8e87bceb0d471116f2493347d679205a966eb146427bc6fc2a0126e671898f03b72a66908a67316ad38606af8fa4beced58ca2f8022d5fb |
C:\Users\Admin\AppData\Local\Temp\eMso.exe
| MD5 | a62265109e9a9352a19fe60a8e8fb726 |
| SHA1 | 590b4593cc58e5cb9a195015fa3247e9f552be21 |
| SHA256 | 1bfd669ed0b99791a83374aa5fb6841bb7055fdb720326efb2faa90d8c97bdf8 |
| SHA512 | 672711505c5dcd3cd9c67888fa159c5e5a000d318ed10ed038b476b8838a19d67fd00bcc6b96104cda93a7671d736d0b8c1243dc360145a5493df52cf55add47 |
C:\Users\Admin\AppData\Local\Temp\cWEMEAkI.bat
| MD5 | 72d101598f37f8ef9cd34653d7f3a0a3 |
| SHA1 | 79579aa76cd0e91c2a7c6833c2d54f8a5355b483 |
| SHA256 | 551cdbc406007c597bc31ce8bd4b2b550c207357906221cc64ace63ad40726e4 |
| SHA512 | 97a3ef67b224accae692df64ae570a751fcd14e41c506d028ae37c1ae656830db0bb75623a1ddee1b6743ad2b07f70b3d39da538e44dc5c05aa3c891ee0df393 |
C:\Users\Admin\AppData\Local\Temp\oMki.exe
| MD5 | fd18e81dc7daaeb26979678d2390cb1e |
| SHA1 | a2b9d82f18e391e42edc7759a964f6254beaec40 |
| SHA256 | 1c20942a74f78838d8bd9f518e7e1c19020bf1cd787105fb9e8488246ab84067 |
| SHA512 | a0f9fb167376a564751409d43236ab578645d271b31328b0a4403af4dfead658f51749559d04026e72af7920120103dd27f5e2307da49d26b286dda7d592ff76 |
C:\Users\Admin\AppData\Local\Temp\KoQu.exe
| MD5 | 53a1c108e0db656b5d20bb42cc504744 |
| SHA1 | fa94e567dd83839bf239fbb0aef00e3416ded3b8 |
| SHA256 | a2871bfc5678d36402952aa05f683f321de9b093305501afae3882f13736e135 |
| SHA512 | ff4663521855db3a128386516862e824b7248eb2944cb82f9f1f0eadab264030b2f0f0f15209360c7f8732b84322572fa118bc13c82f93018f1363525e30dd42 |
C:\Users\Admin\AppData\Local\Temp\msIQ.exe
| MD5 | 06cd2853ce4ad149ffb0bda0bd6a4e53 |
| SHA1 | 80ec729dd6c15c4744252b6d27469246feaaf2da |
| SHA256 | 4b5f97abed079e60ddd5c3d3de5d85563309d49781cf841c859d208cd34a7f0d |
| SHA512 | 7b314ed1d934b1dab24dd983f8e854753bb989735a327464fc38da46a7a9e04ca92c0804e2a8d642234862a6e8d26d309c220670f701bd646c0fa3e865bb11b5 |
C:\Users\Admin\AppData\Local\Temp\sgEIUgws.bat
| MD5 | 71646387dcd50994b6b9c01d36a5d2eb |
| SHA1 | f4891fa7274f23ae36a7414a560f6784326fca4e |
| SHA256 | 94264cb41d02d18772747d37aa3b34367681f2ee3496674d9ebfbcabc72383e2 |
| SHA512 | 667be0077c70d553bf3dbab04e9cff412da772190cd1bc2bb91b9fcc63f35ce3055adef47573e16210a8c8825dfa98bd323322c1566b110950f191664b46662c |
C:\Users\Admin\AppData\Local\Temp\IoEK.exe
| MD5 | a3782c8a0f9a2cb81afbddf4a441b367 |
| SHA1 | 9457864e1a8e55882d9800f7ad8e95c5b0c6e038 |
| SHA256 | e05f92b89e603ad8b0af8f04d0895dc8e49d426d867e02b62879d0f170307872 |
| SHA512 | 73f26e9617b50863bb34a4b052dd91b935c6505db24dd1d8465f240d7ca2a03141f2bcc895a56f2612b3dd71da3aff8b4c83c4685bc1e8207d30e146de9070cc |
C:\Users\Admin\AppData\Local\Temp\OgQE.exe
| MD5 | a0fe9935738519eca3bf2501be7e59b0 |
| SHA1 | ebe1d330120e655c07f1f0b79c2265a6f721f293 |
| SHA256 | e73483e1776af1bd5d65c053551957f7c0945fe32cdc512c4ec04674d24c1fce |
| SHA512 | 0ce739200520a70d094d00fd70627d75489f86351085a1bc3e9f47b134fb60c7187c4634d45f7750ea934b84b1dca587255e4f42af296299358a50d46bbb86a4 |
C:\Users\Admin\AppData\Local\Temp\WMoU.exe
| MD5 | 154b055bd4ffd90dd961de5a558df36f |
| SHA1 | 3dae38e75eb723049b17d4cf6b285221ce579f33 |
| SHA256 | 701e7c8742c30a8f58f7ce787b55850ee66385895f5983cd91ca16ae76149532 |
| SHA512 | 8ffa0c8b13d083bcd6f7fedd01b0b67a6f9e153156ff8893b0dcc6f2919fcd7171e73d2def4b36d805d99273097c0e9d5d95000e103a7d504692958d986836c3 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile17.bmp.exe
| MD5 | f07da1cd43e1c37556e576ebf954cf11 |
| SHA1 | 5436c1175f16a1f0538aef9136b6ae4a8bf25670 |
| SHA256 | a6527b61bd367f7c218385972fc7a98dd9a86881ad4e10b313d192ddb41ab91f |
| SHA512 | eb7ddbe3bbc85981773a43c209d67d107433f740d080b8ea69c18bfd28e4d08226ab29ff07cf46534351d8a6448182186ff0a188a8a3e03f92e3a80865c18dfd |
C:\Users\Admin\AppData\Local\Temp\qQYMoEUQ.bat
| MD5 | 44a0791d6841eba2e6f8f4a50999c5bc |
| SHA1 | 59ea7618f6b7ad5319acb2024a63c700080170d3 |
| SHA256 | 8333dbc0b50b9af61fcbf584c7d6916c04035b8fc5a1e554189072df6521d735 |
| SHA512 | a642a261d14307bad552b4459cc80dfe6af7f3c235120a424053b7c0b60388d033a5b7767252c07ab00cfe06c54898cff85c68eef058168876becf297ec38e40 |
C:\Users\Admin\AppData\Local\Temp\mwMK.exe
| MD5 | 1dd2d9ba01e2b5f5966ed95f8c51b7cf |
| SHA1 | 260c761ad3e2fce217d6506ef99c13d0393a9add |
| SHA256 | e16a930c31a965947796a4503453ba676c884dbd06becd478f20dc8aeae364eb |
| SHA512 | 5b4cdc9f3b0d9ce4d8c98e6b4a5a6b3042489b914d5122cddbba2f7508ec3f23d0bc68653f736c44215ba3ccc044715883d6b845378d60b97d33f57572efabdd |
C:\Users\Admin\AppData\Local\Temp\MAAi.exe
| MD5 | 38b9d6d5157bdfa944ed33c03d69a4f4 |
| SHA1 | 61ebc0ae9ba315d83825961369a1b8dc68d8b6ec |
| SHA256 | 7e0bc0895d42137e9b9b77c746b0169cc3c2a8127de804a388c974eac31b7247 |
| SHA512 | e821f5025e14e71757662d1f854432831b054d5c2a45c2576dfbc1784dc73bef393e37d1ec78a455c3d017b28dc0a37548f61efe47d44ccc73c0806b09ded7b7 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile20.bmp.exe
| MD5 | 0427983ff64a19d68624301b04ebb8ba |
| SHA1 | 4f21cdb1d38febdf9e4fd87b725e06a52a153f67 |
| SHA256 | 2f1af2c8cc8261a1e9902cca855bf68c6d0b2e12af06786ba70d07daf77f0038 |
| SHA512 | 6367f0863e743a526d11a75120187b8b72548f134b18976ae1c2b07db825256a72e6864a683398dffa1444517e65de19eac1d5ee8c8a5c6d1d699b9b1e166b99 |
C:\Users\Admin\AppData\Local\Temp\EwAu.exe
| MD5 | 27972624abb501dbf748ef197a9f449b |
| SHA1 | 440b5611f707752eb49210e62effce8030651f01 |
| SHA256 | a7040d03a529717611212547ae5df7381194ea5248e64f46384b515dc6f531a7 |
| SHA512 | 4489a6b2f35263ecf3e9ce8fca8f4d1bcf3a066f0f9e3f2b03459c0b16a4d8b89c9e4260f07511110001599c425aaa2e373e4712faf2d9adff304544ab83a58b |
C:\Users\Admin\AppData\Local\Temp\OqIoUgAI.bat
| MD5 | 4b0511f4b896d3b93926050dd858bf37 |
| SHA1 | bf9164fc7db21da683685e4700270739c8bf4f05 |
| SHA256 | 3f088101fd66d25c3270eeee58c1e1c2c7bff0dabb3318190f7e1bb5040b5261 |
| SHA512 | 2b93f159625f1698e1df9fde01908852269e8f904da74e82fa1da5d9ab4ef4784703ee0b5cd699477782fb6400c5e4630ab5fbe8d36411ebc2dc7c63f5a3ccd3 |
C:\Users\Admin\AppData\Local\Temp\okkS.exe
| MD5 | 579106f2dd9ad8fa44ef7e6e961ce63f |
| SHA1 | 38cc1be5c305a7061763a2f32363e3f1690a059d |
| SHA256 | 48869aa9474c3e75b6c391ae1d45419be5cd0e0e00f6ac5666c1eacd8f8d7657 |
| SHA512 | f849d72594f35ffb1a3b9ac1caad325f2ea5503bb6761cb1351a3c2d395e17f347983a8614fbfc4a91f1f126f39c1b656d889a7a65c32b31a434c931bb11ed70 |
C:\Users\Admin\AppData\Local\Temp\iIkQ.exe
| MD5 | 37d9e5d6a9c5ae672cfd63c402666b8b |
| SHA1 | 72f7113f4a8f95ba8071d6faf21af05cb7803d0a |
| SHA256 | 4d00f8c72e19f23f88b4d4ddb39d50ce891f38131d89a7e6a5074d9fb4e2baad |
| SHA512 | c1e00a8246837c4f3dc1f77832da1f56342d2f5f67442464c206b38cf02b961b854920fd53b3337c0e85397e985132eb3750ef08dd81e7de584b3a4a36bdf675 |
C:\Users\Admin\AppData\Local\Temp\eYIO.exe
| MD5 | 7814d14f2a29e5ae2d00528415405813 |
| SHA1 | 708ceb75f4c6cd6ea3e8cafc0853ec05f6bb2d05 |
| SHA256 | 6143b95128cff1b3abfc87bb203941e490e66f69a319c8e51ea0f21aaf669cc9 |
| SHA512 | 37b623bdcf99b213e2ebb9f9856cc9912a355a35383260af9c62c413ab88a640f3a58b10b419a5433dbf16828e1a51ff05016987c7839990831abe764c62f76b |
C:\Users\Admin\AppData\Local\Temp\HUgUgQgQ.bat
| MD5 | c02d1180c80bcf083776d5695dadd399 |
| SHA1 | 36dd1b113e2615b44429a9151340203145ce5f45 |
| SHA256 | ca35fb5b1fb15e15b84a1c880d4e61c2b6ecb274ce5e54e7f74da6de660daa94 |
| SHA512 | 89325cd1f4b29b92433627e96f99883892f88ddb16746dafd5b984a62ae04216d1b5b7e45bf925664f3ecac43e33ea99e186a7c8967bfbb3ff71ef5d2f7ea85d |
C:\Users\Admin\AppData\Local\Temp\KQsw.exe
| MD5 | b5be670daf7752925e3417b4e993676a |
| SHA1 | d74b44dbe533e41a7522663d3b574a070e146a79 |
| SHA256 | 4753c22c79c314951d414fc34bc734f7f938eeb976dff3329368a988250181b3 |
| SHA512 | dcb5283d1f10912554c20bea566b4dcb0f689c23256a606ebc1d6366489d53b04116ee3d7da3660edca4ebba626f7cc0c330096c088440bf0c6429a4493c2f9c |
C:\Users\Admin\AppData\Local\Temp\WoQa.exe
| MD5 | 0aaf801b976f9d7b9d8711ddf45f312b |
| SHA1 | 1545a5b498dad38ae469f3eeb3ed521c76c4043e |
| SHA256 | 251f90a5580a3c072877a7cddeedb447f963daa390170cbd1b06cb7b5b339054 |
| SHA512 | ca211eedcfcfeb8ea756bf1c4a4934a298648b8b355fb1b8d7613c7ddd68619497d40c6e89cfe5491f3df909a7c64b9092760c7bca9823b91521b9e8ddceeb3d |
C:\Users\Admin\AppData\Local\Temp\isoi.exe
| MD5 | d442df7ede21647baf4445c63bccb50a |
| SHA1 | 49843155994d0a84f6e762d5dc56aafedb234d97 |
| SHA256 | 6fafac953d79240018cfcf4c6644594c7dfce6b1dc934ba0bdab572897339d9e |
| SHA512 | d56a7c0ea2b79b557b4ae9795f942a2ec812067d434adb3c987773b51489e424ae15bcfb95dd9df828182d5a5adce260302d0a0187c2b8abd942fd008532a1e8 |
C:\Users\Admin\AppData\Local\Temp\ggwC.exe
| MD5 | b6189ac04e4d388f3f0e14baacbdc200 |
| SHA1 | e0dd25d47cbac6991d432f8a15ad1b291ead500e |
| SHA256 | 97e6f364536115212cf1ade04f6d5b591c9c6e174449a5f17f647225d9782a37 |
| SHA512 | 198282b510830cfc95420b430743bea41771afad56bf80c638028c7931c286c67af623a2134213673c26c6e9691b81f1508fd41b5cc28bcd06e58f3051ebb231 |
C:\Users\Admin\AppData\Local\Temp\rIkQUUwE.bat
| MD5 | 8cfe3ca4479bc6766fa4ff92b052b219 |
| SHA1 | 94e6ed1a9616ddf6a3551a1da7e4423e20256155 |
| SHA256 | 77df2a8ca5d8f61cabe5a76cce5cc6f13a54e51e23adb49a9d272fe5a95ea603 |
| SHA512 | a5c47043f8b088f2f19880ea4453806a1bfcb7a377595364f2ccad1192ba3563abc565ddaee0573b82c0947bf0928f2ced745188eddf59a0a1c2e2b1fd71859a |
C:\Users\Admin\AppData\Local\Temp\cQEy.exe
| MD5 | 17e7d86c6f2d61fa063377ad807a385c |
| SHA1 | 582900e0aba5958a222af7aa0990c63da4cb479b |
| SHA256 | f1a95ef4d096070bce8046bd35c837ca5b1c81bca8de4a5b11645da803c3dd66 |
| SHA512 | 0361da2d155f17031351d9344db9e1a9b3dd25d984aeab3af513aefd9d26021da3e53d445d86e07516b949ba17454c215c594150748e78de9275cd24bc9f29ab |
C:\Users\Admin\AppData\Local\Temp\MgAe.exe
| MD5 | 1051b07b9a21d32120ad303da67e4827 |
| SHA1 | ca7d83a94ae9486cafcf74d4fbf980a5d12e8229 |
| SHA256 | 0a5d7ae1a245c4ec46284098288bb1ee6b6a9c20659c055aa1d9f61a503074cd |
| SHA512 | 9049ea06cdef295cc603d1a34f09faeafb27f21bca7a137cb2933ee0a40a14b5647a88e2db5a0418b3b114a658ed6df26180b81437840a4ff4ec848cc83c2dd7 |
C:\Users\Admin\AppData\Local\Temp\bQYAYgME.bat
| MD5 | 434112964d8375522fc710a70d228471 |
| SHA1 | c7da83a89ab47e3795497796aba5043adb7b5d34 |
| SHA256 | ba37682c4f4e4021d22818398aa4837cbc2e6ffd1c5fac867cf8f17c1ee40740 |
| SHA512 | 65a76531e426f9ab85af32d6996dcc83d2b6d633a07cf1b6619b66df6d2bc23923295cce3c49fe9b7599b7ca69937d59f560f545277fbc88476df93eaf3d6325 |
C:\Users\Admin\AppData\Local\Temp\UQwo.exe
| MD5 | 4e7763fba79d2240a2971854fd079fe2 |
| SHA1 | 38798ab8eae4e780dfad8e0a74541b121787a199 |
| SHA256 | 75cd5f788f1b46c4769ec5d8b4b76e02727211f57565e2e387960cc0ce56416c |
| SHA512 | 3b94430b825cd9f6afc5816271fb24a55cdea6415b7bfdcef2e0b3f447a8a8a92ef0a6ddd09af2021b5536d148b87a69efe7b85a40d8eb1e45c593a102d0d034 |
C:\Users\Admin\AppData\Local\Temp\ggAy.exe
| MD5 | 3e0c80c0cd0b562169a81e945706c5e8 |
| SHA1 | 2575e669c94905aa5218d501b2bdf139c13e0782 |
| SHA256 | c9d60927b58e0b3f08c3751c2b8193ce3eec876817d2fc35bef86d75cd33b285 |
| SHA512 | 64feadf8d5c556c73afd000b5014251a699d84d1ef6baaa19033367e666874fbde26c48268853b7065f7b04ab840b45ee060144d1ec54f9f0ca37fa8696e7c16 |
C:\Users\Admin\AppData\Local\Temp\KQIA.exe
| MD5 | a754daf4846f63d2c5556689f167cf86 |
| SHA1 | 3b62d947d23418dd18f63eaeea00b4b2cb5e3374 |
| SHA256 | fa14a5950a542aa76d07eff2ed0b1893a7f4f1531917877ab0a96d7aca5041c2 |
| SHA512 | 79d94b53a9804ac4155390f16e4304e6dfe9cbaf2629883cf1dd97ef0224b4f4dbac460ddf463a3efe65a81193118b9c01b563ed82568e3ed658809c9e228db9 |
C:\Users\Admin\AppData\Local\Temp\AEMS.exe
| MD5 | d6521f49f450b02fe3d0082d289633a7 |
| SHA1 | ca5b7f4ffc9dd90f4b47b8bce01575ac3e63025e |
| SHA256 | 9b0f29b418a4a3472cec727b17c33007cdf2c84ae2d0c71fc0f684e720e5c777 |
| SHA512 | 7fbb1ecc144e07cb9f6787684a87fc62ec1f7c33a41c479c51b337760c55d9765f037eaf04e2832161c5d55bd31b2599bf804b0273f9f32256f9ffe1da1d59fe |
C:\Users\Admin\AppData\Local\Temp\VuQEkwoQ.bat
| MD5 | 0ff651e590416830a6a15b1c332ca809 |
| SHA1 | 5790c99f51eb1cc198bfce021731cea4d75971f6 |
| SHA256 | fb5eed572505ea8d521a9a9e7042e2b63f3f76a064a6a441c5ff2b0086a7e26b |
| SHA512 | 44d60f4efdfb1296cc0e937c18d5478d5980d78f89ef6c17ffd8d4c3ef241ce1f8bef0a52503cd117d52f8826dbe09c0d6f74934004c527b9a335def4a04db22 |
memory/1844-3387-0x0000000076E40000-0x0000000076F3A000-memory.dmp
memory/1844-3386-0x0000000076D20000-0x0000000076E3F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\soUw.exe
| MD5 | 5dd19e1e9fe0473263b8ccafd4749777 |
| SHA1 | 8a1804e5b4a0ccf6cd156349d6a578c2f31c8376 |
| SHA256 | f2abfece228035b4cf81ffd2fe8a275d0e099705525b18caa253543691808f00 |
| SHA512 | 698d3e46a1a0fb5fd8c25f62c26bb4fc9362c7dca2376f31060abcd9155e06f92a8748153abe735d8e6956f7586697e6d7ca58cdf9449afe5d64b823be8e6aec |
C:\Users\Admin\AppData\Local\Temp\SEUG.exe
| MD5 | 711909dcaa688da5211a6fbce4bc989b |
| SHA1 | baabd3043702621d34b514df356b24d19a1f9084 |
| SHA256 | 189dd0465ffeaacbdee24a3104bf8ae100b017d893933e436774609358987f0b |
| SHA512 | d60a1eb536552f6adf964afeeeedef55028bf57acc734c75b0f4c04fa7c313513a012d866fe241bd3ce3c5f132fe20ad24abd5d4f2a0ee83f8cf8e53bc7ef6ad |
C:\Users\Admin\AppData\Local\Temp\cQoY.exe
| MD5 | 551c307c9772cc1524ffd6b4ae5bc81a |
| SHA1 | ff7be748dc5de6731c5ef7cc7e8bc914a91c5c93 |
| SHA256 | 3bf13c092c7af796b5c51788ded93433af2a8f732b8b88d41b8427b989220dbb |
| SHA512 | c7292ebeea03d509b4d275af8ef2d80603b27ab7468494487d0cdbfae6f3077e38b17ab0b63bf274c463e4ca9db9c4f8d59d46eda8ac9ad85255e677c1bbd490 |
C:\Users\Admin\AppData\Local\Temp\wkQu.exe
| MD5 | a32d7fc57a4cdf4c109e90bb14713408 |
| SHA1 | af1e11cd76fe96cba625f9b63582d5a315717ea9 |
| SHA256 | 9d6f62d600be8078cfa111d9ae512040faeaa95a3bdbbd1611d3cf5346bcd104 |
| SHA512 | 2f2755250f829e8a81550c896c5df3fbb9f4cdec49fcd199a368a93b76c4bf06f04159d6aa43803dffc97a13cf5fb5a6729b2810f1331f5f0596de6e398f5bcc |
C:\Users\Admin\AppData\Local\Temp\bygYsQMQ.bat
| MD5 | 30a1297d1cef2e98b31792fa189a63ac |
| SHA1 | baec89c60ec9ca8377e8bc6c666f271d0ab1c78e |
| SHA256 | 60851d3a621080c0eeae566e4bb979047344213c7da426e5df4c47734e92eb2f |
| SHA512 | c5ca5faa6aac24c5db8c140b4110a5afb234d0197f55cca0d86f88092e9fa7f0dcb44bbb99d0f4ff93e267f133baa7f1cc39057f5f9152e41123032c84b1ebf3 |
C:\Users\Admin\AppData\Local\Temp\OksY.exe
| MD5 | 82083311a22dc87a831d4247378eb603 |
| SHA1 | 6381738f50351514c0ffac16b8d1cd3bb5c53dbb |
| SHA256 | 3c3a89bf824b625d354b439c00c7abe4c27cc37db4a5390ee082563d1216da47 |
| SHA512 | e341ad51f3d29cb8030df6423e7d79cbe18263ebb60b0504b3b287be0350eeb58038c92619406161d9fd62b3bb280ccce639f51376848671eed72e67f04e2c30 |
C:\Users\Admin\AppData\Local\Temp\Sosq.exe
| MD5 | c619a85f233bf7fc4296e7a5935f0adb |
| SHA1 | 303d254b90c383c6d48c1df612187eef49807b32 |
| SHA256 | 3b83a4b9678ff2cae4ef4df3e3f7b6d74c312d36a25e7ed18b4427dc1d1d00ef |
| SHA512 | 7575f1574aff510c57519cc761a6709a99cd880a0736c4106eed0e5910d67b67e196a9a4efb5db5073fef7e56a1c109e3e719b74896b16bc7aa2dc19ff6c7e9d |
C:\Users\Admin\AppData\Local\Temp\yAUMAEsk.bat
| MD5 | f67c99ea88bdc86792573f209b20e3da |
| SHA1 | 602a20f13b36e92df94629a1e9c9d87789aaceed |
| SHA256 | 230b848929ec542f046ad925d0adb3318d939229a6e049e9511ca6303c604831 |
| SHA512 | 4c307fb6b0d8b7e320055b116703ca954ec8cdd7e091b9e43f2849ed626fa87136405c46273c1c4c41dde394bf77356d5fd0c4c21cf18f0b22fcac0b9bac66b9 |
C:\Users\Admin\AppData\Local\Temp\yocm.exe
| MD5 | 19e883bc5a1af78cc74965af4367ef61 |
| SHA1 | 6a7a6ee800054f82edb96b4561c17e0c962a14fe |
| SHA256 | e539e890ccf3caa8faeab63390a7f58cab6d4ddda8b1103e9fdeb6aaa663e75f |
| SHA512 | 31cc5441e77d7e57029587a60a2a29878dfb17a607a423b2ceb537896743582cd21c1e437c17fc3017859da78626e6f70955a1aa8af75be5244c9d11c290546e |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile42.bmp.exe
| MD5 | c336c3c449f338c2dd1a21806efff9c9 |
| SHA1 | 85b23c94af94ae3f51d728264b581aebb4d1b116 |
| SHA256 | ed380e566e653a1bd96bb3933c5a98ace99874cd2fd4bca0e18d2827caad089c |
| SHA512 | b89bc8c1ba92373310f607a13163b0757415a9f76e047fad6326b62bfba821f395abb6eeb97a13750fdc0d7d7efba0e64ca552c739c63a5f6e994341d68e5543 |
C:\Users\Admin\AppData\Local\Temp\QUUM.exe
| MD5 | d7ee700b586d724a178a1138f7c80d77 |
| SHA1 | 803bbfaecd87fc80c52acf55fe4c8893525649ca |
| SHA256 | 6eba12cefcfd3d9bad568b524d1db0df3fc953ca76609f48355551ade2a11736 |
| SHA512 | 2f4067d84a5de9e0e22d7bb7ca6444f7c747b93301364e364b567f4b86fb7592c0b90a2a53d6bcbcb0bb697086bcc59178918532d6201379b5481f572820ae7d |
C:\Users\Admin\AppData\Local\Temp\OgYu.exe
| MD5 | 59c8cd5d0db2c595e6d3c3a751901d85 |
| SHA1 | baf5e8b2355acf6492025c4e6782a111f33ec06e |
| SHA256 | 328f480509e0fa0af59db87fbf03a48e5371e5b651cb02f879a7719204b62ad0 |
| SHA512 | 5929f9b303fa0ccb695d5f8e3082ba3778d924c5f9865da52a55b9b82af24cea2e9114b59f834a3d140361cf8d165059b0ce09068eb0cfb5c3b7cd1ef3b2ead9 |
C:\Users\Admin\AppData\Local\Temp\UwAgoMAE.bat
| MD5 | a34aa0a97da41e455473facab31615e8 |
| SHA1 | 63603bbc1f80cff471316c4ab862fc363b4e005c |
| SHA256 | 59d5a322eb700c8305d6097a3b36471dfbc1fd0285af56ee762440f7b06d25c0 |
| SHA512 | 538540a654a4da04f76098c186de1a34436c6b427eac4a81ba865b0ad71cf25f2fb7174f69df8f56155d7134224333e27774debe79fbb27809010597e64807ba |
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
| MD5 | 2832e5be992946d7f411c91ccbd0130c |
| SHA1 | e215cecd48774da3d1a7dd136dba0d934932c7ea |
| SHA256 | 028f55505f2a81db1bf41632cf0a07570094d978b1195b782a187598c7686137 |
| SHA512 | 267e7045a1c8af5fbc2466fa7e85e610fd3d114481f357f4f2e7ac4a49ae16cfb04c781bc4d0b4a365791ed5e1eda121cdfb7f4fe276bcb8a0edd8c8d5be7b67 |
C:\Users\Admin\AppData\Local\Temp\IAEYsQQs.bat
| MD5 | 5c6438e1dd331b1fbc73f8e13a363e98 |
| SHA1 | 04466b15f7da79c3b1f1699a115992594cec11c3 |
| SHA256 | 74dea1059efc1bb1088cd6317c6bf45854c629ab6b37d9f62b724478b0a8497a |
| SHA512 | 55c7389124bb24d30896b9d933bb9f46b1be480c21a462d57ed9d46b02cd0acde421f91435c26ef3af9d120064402f348d6ff441b4c6b5ce693f199e0a937b62 |
C:\Users\Admin\AppData\Local\Temp\YswU.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\QcQu.exe
| MD5 | 2a925b4de57921e66131369aef3573cc |
| SHA1 | 7f828a584e9fe4dad18f7522d06205e308e9e85c |
| SHA256 | 626e7bc825f0f72e0ab659b85784e14a42ab57ff24d1e74f5a4328f822cc849d |
| SHA512 | 78ba4460f97de9c1f3823117af2bd1fd275e255449c4254d17f38f310268dc7d371e496d1a905134383368c27ab29a62c43fc8a8f6ed2d8259b986adbcd4cd13 |
C:\Users\Admin\AppData\Local\Temp\AWMoIsQU.bat
| MD5 | 6f0f65f99f897f2527d9b22f4fa40ea7 |
| SHA1 | 9d20c248d5a76ceeb914ec6c502201e00a2b5b87 |
| SHA256 | 6ccd82a70cb3e24d1031a1fe262aab7aff9fe5b0a08b2cf6f77d87db42b555a2 |
| SHA512 | b19c954f12c0fb54b3de7999229f94b31e4eef0ae86561dd61dbc3861d4d01f053a1aa1c0737b4f0f2881e9996e69e80c3a500d98531124b4603408b3abd06fe |
C:\Users\Admin\AppData\Local\Temp\icQc.exe
| MD5 | 0a736493c0eb257ecc0d6cf9fdf76628 |
| SHA1 | 7210b40e6b7995aff0e2d3658cfc04b8f22b8750 |
| SHA256 | 8ad360806df95610a4db71e014ba9e9244e9de923e5276b9828b534a48ccb1a3 |
| SHA512 | f6cc5d152cb6d525d8f2e1b6b9d5d58ab37d27d6af80f7ce4a23f77ec113a8f5a3e9deacb2b6f94cac47488574d763593239c3407584feb17288ca5c17b16533 |
C:\Users\Admin\AppData\Local\Temp\YcIk.exe
| MD5 | ad54f207e16116c533af20fdd66da4e0 |
| SHA1 | 81f71328031806dce5b5f3a5c9a801368f7234f4 |
| SHA256 | 0142be3c918dd1aaa79483a8d149e161bbe0dfaabbe06e8bba356da60373466c |
| SHA512 | 0bef9e6871d7d990e2a7af9ec8e89b8656de9ece0e7bf61976575f741454c16c0e2441749f9176a57f80c65c7be81f10122c66ed8a8e4b32a83d679dba9cc669 |
C:\Users\Admin\AppData\Local\Temp\UcIo.exe
| MD5 | e32499cf8e13f614156b11ee8437238f |
| SHA1 | 3803d544843aa4fb9ead403577beb5bf44290f94 |
| SHA256 | 971f2c88c9e0785e0e9b18810afc1fba56529d4d2c44d18e98c750d459c77ad5 |
| SHA512 | 4a4ed270fd65c5a22d47a3254e79cf43becf808d7384f928ab8fb925167b82a0c983cdc80d5af6bf1120d0581f50ea320f75336373234f390ccacd3332910081 |
C:\Users\Admin\AppData\Local\Temp\sgoo.exe
| MD5 | 654bfac8fe848a3838faafebfe6c5530 |
| SHA1 | 9326461f3b9facd477040fe63075b65ee46c3b0a |
| SHA256 | 16bbf11c3281facc9c0446dca90b4754c86e407d213e7e078f09c8d8a437f74e |
| SHA512 | 6f36f58325e9554e1efeca9be8b0affd085a68305c298a9844ec2ebb05ab2fc59f6c6e36c72b477a99aa096e9545642c20180daa9b51ef03b53e24f7e538c6a0 |
C:\Users\Admin\AppData\Local\Temp\Ysgg.exe
| MD5 | 983fa63b9bcc81a842fecaec94e4623e |
| SHA1 | cb3e66f8f169deeb16cd755914dc1ba4ef712abb |
| SHA256 | 2982a92a0c6495bed9afd5b14d61bea31eadc5541f49edaa43129c4a44e23bc1 |
| SHA512 | 1cad0809ae8be6a202c0be82645715e2879ad7b5a6b9aa8eb67c83a95f5f4bc6be2c95a219294a5b794c5fcf0af2f74d49c5ad3f2f8b3d82a2753e5403eaf0d7 |
C:\Users\Admin\AppData\Local\Temp\GIMU.exe
| MD5 | fa0164e2082b757bbc78cc6d7518d8e5 |
| SHA1 | 8ae9809c06560668f242713fe4f2e3efe024f1c2 |
| SHA256 | d1893449ca2bd28768517ec5b3b3b1eb13424b8237269c994677268ab99c2674 |
| SHA512 | 350d1af1f05fcd61c9d0bc54530aeaef34f4de2fee0bb5c6acdd92293755a4e4c824dd9e2c0ac0719ce386dd17f9a7fe41870ee04f876b5edc98c3b49dc41ffb |
C:\Users\Admin\AppData\Local\Temp\usYw.exe
| MD5 | 125b561e418a7a2dd4ef53efe79c33f8 |
| SHA1 | 76a2b065c4409b5068ddc13ad9d57a503390027b |
| SHA256 | cdf6a9c15fff709e69f7cbeb13c61873b2c6215dd9f27495e83f73550118b530 |
| SHA512 | 01acae7a644482900a4de1f56a7bad3b5dbf9a52a622824bdc0f6de3ee977a2276555fb450151d99bec69717cea8bb396fbd7090eeaaf87cf7036baf8134507a |
C:\Users\Admin\AppData\Local\Temp\goIc.exe
| MD5 | 34585dd59bdd13f4c65d03caa104a9b8 |
| SHA1 | 4fcc5fa2d45a154cd30f35de003107b873c35159 |
| SHA256 | 879d222ac8db43f61fbd75b0205e0e1171f95eb23805e930dac152316839ffcd |
| SHA512 | 7c04133ce98847e174987675b4681157e014478b331a44758c6f17bb862639cdd368c3e8a1b3142588f4c748283c7de60a269dc084ff541b16178560eecb8626 |
C:\Users\Admin\AppData\Local\Temp\mwAk.exe
| MD5 | e9ae116e861dd3dc9ce97dd29d1c25f2 |
| SHA1 | 85dfd0679ca34eb9155d5e55e9498ab0e0552f6e |
| SHA256 | 0c6fa68e943bdad0d5db402dec14702e5e4a18dad569e47c739de5e1c940d011 |
| SHA512 | 06763f307a271d6e0ffc9c67685e103828424817e63d485b79ded7b3993713c9ee4a9cf8e9a4bc337a3724cd5055c5ee60c4862c96e12c99d558d5a352ba5a1c |
C:\Users\Admin\AppData\Local\Temp\SAge.exe
| MD5 | b2e48f5ff64991c22c3509f543108e81 |
| SHA1 | 61764dda292b1b1e99c1dcbd2512f05a8021dcd0 |
| SHA256 | 4144c8214b800ab6b21c053762ba07c62bc44b12f70e66b9a2a17512ac896fa9 |
| SHA512 | 77d775b3a1693830ffe3d664cb7717f0780a788c3f710a8c87f8976509060ec5b594b1be1bcba59f5576e8e7f8f56223e791564e066b22f43ca9c61d7671661c |
C:\Users\Admin\AppData\Local\Temp\veAowQYM.bat
| MD5 | 8427726335fc45947616bc67648ff147 |
| SHA1 | 860eadf9005198c53491e75880879a29eb431b0c |
| SHA256 | 63cc167a77cdeadd768e99a7674d7b6119c1273092318f96c8dda340d746481d |
| SHA512 | d5cefeb218d73afdeeec6ba163c0e0cf5dc00f3ac3dc7d022cdd26f7eb694cc11a9c78c092b0be22d2e746b6969891406fa6ef6e23f0348cb3405f47618d50c2 |
C:\Users\Admin\AppData\Local\Temp\lMUQsEgM.bat
| MD5 | 782685681d87a6eadf5d3eb59bb6ad6e |
| SHA1 | ac6f843445181a390365416c3fe31754771680e8 |
| SHA256 | 6e4421f93fd136b5cea44ea1f624925b1e23b84cea737d0f5772cba32df46276 |
| SHA512 | 734b5cb5ba354a5bdeffe126396da7ce98b4b45f185bb3448b936e724f1fdbd6e7811cfa015ced8c83059372558302f981805bcd0a2c1928382ac7f1660a0003 |
C:\Users\Admin\AppData\Local\Temp\MIMEUYcs.bat
| MD5 | 1903a3443a397660de69904323b54533 |
| SHA1 | 2d4aa5a5271bf55bf5139dda546f0f30ba06a6bd |
| SHA256 | 44d2fdff9c8e04cda1999a704f7bbf6260636c63880dcea65e2ab197c2e031e2 |
| SHA512 | 7ea8b8c2e5a7833c13c07d9ef6b5c7e774ba86d43e1bc89f899230e1f87e9fe52b4a8ca02127fad1063c0d57a9cefb88204f33ba35cfc789284f1ee0bd058918 |
C:\Users\Admin\AppData\Local\Temp\wcowkMgk.bat
| MD5 | edefcf38a75135a3bdd9d1365a794ada |
| SHA1 | dc644b8242f61ef107416b3c7e29b77e68a1eec2 |
| SHA256 | 31f1ddb689b3d3df97f7f946aa2a631b2523ebef19824a11fb38bee05b3c72a3 |
| SHA512 | f65c24f850955a9f046a8b75f7c96cf43171cc20cfa9bf8791c677839223621c26c69e87d7777f11d0a0b3b655db907f2af26970cd40a60a5057c347ec5fe2ee |
C:\Users\Admin\AppData\Local\Temp\mgYEYcgQ.bat
| MD5 | 381e7c4dcb6b2129456cf7ee3abe84a4 |
| SHA1 | 6be607cdf98562b2621c83abf61d80de6701b399 |
| SHA256 | b3cfdc677605b4c0b316be45431da3bd2802f37c99dbe88e67256e83a7ad56bc |
| SHA512 | 6be5a03cb63de069035e59105a5d96e538d99b8b59bbfbad37c41bf3df877141475eb6ace10db3d2a7feeb147499556453609982671a3bacaab98668d2be1580 |
C:\Users\Admin\AppData\Local\Temp\ggcQgcwg.bat
| MD5 | fecccc54d877638a91a864d269594e9a |
| SHA1 | e117c4d9db7ed34d083b12dd6f9b626bd849e1b7 |
| SHA256 | 7809a18a44348f67f3090eebdefacf436562f3c28359f506b56dab89923731cf |
| SHA512 | 0a6d4cf08c6b8fa3f9ed96d28809024c3ebac420511090f871d1bbbe7b0740c92811b07557350f7179d7abb8da7c25a384c99b9489d620df438d5ec9b3420c5b |
C:\Users\Admin\AppData\Local\Temp\ZoAcEkAY.bat
| MD5 | 426bde8efdc787055744656a4080848a |
| SHA1 | daac319172caa8c177dccfd30acddfdc546ce635 |
| SHA256 | 5e90741c8c7f8449adbf2e89ced7d16db079587e05faa41b2f48c003b3eafcfb |
| SHA512 | 4c2b301d2e5f7189c1de78564d543a379670ec7355ee031a238e8a16e629a997fec2aab3da06819c0a3a7f928eb1ae4bcbe28bf9ea7b06e46bcbb65d50c54192 |
C:\Users\Admin\AppData\Local\Temp\HOgAUMAI.bat
| MD5 | 513da49152d457bc8be19a709aa1c564 |
| SHA1 | 1668cb8c419cd260d9a051fa9696eec4776da90e |
| SHA256 | 6e7347e6d1bea2686df2a7a1fb80546a5f869d7234b2ccac8786956cbcab3a86 |
| SHA512 | a4611eac32981997ad254829f144886d7dfead607fa7895a84c1cb1f36b8b973edeb549de39d0a95ffc5908bbdc54c6baa4d69de2b5de6147d52bfabb70f3232 |
C:\Users\Admin\AppData\Local\Temp\dQEAMowM.bat
| MD5 | c703549d0146a8f8cc20d9599c5c4807 |
| SHA1 | 61104beea380e8dd40c24fa92d32415f4b4c91ca |
| SHA256 | d7e9ec425556c780d63339388e6ab98a7409b8815a5f1ed09b12dd190c832d8d |
| SHA512 | ae4f86bf35b055a49091c0614ffbeafec7419d00deda132954f2d5f10d921dbe6923fa6bd508e94f58a74147e8d282cf715f83f6464bd9a7ee04c7a73ae24a74 |
C:\Users\Admin\AppData\Local\Temp\boEsUgIM.bat
| MD5 | 775303c5a06d015dfb54ffa2aeb8d792 |
| SHA1 | 1ee2eef131ed551ba2958d5320cae9db8219fac3 |
| SHA256 | 6a4ddf684a2c721aa66c970ef2c9bd8e2293014996397870576e7725de6abea9 |
| SHA512 | 9cf1419eb11e57558ca03a34284a324ef0c1457c77e01426828bcdd1c0cd51b8aee8645006963b9e8e80803aff180e89c20d926ff343cab6c16cd2beeb465661 |
C:\Users\Admin\AppData\Local\Temp\uYkgQsUQ.bat
| MD5 | 83204ae71375348446f5058d61b85f3e |
| SHA1 | 58d7b192a6340c59dd2d89f048c527fa539d0bcb |
| SHA256 | 023380ff8c3f4ece9821b26dd38f55dffb2289b09a346a6e37e9a0008a98f740 |
| SHA512 | 056d3458363bf50968215e6a6f857e35f84ef0a3d463625c1da398744fae8c294501e171e4811e33a726875938faa99fac95e1bfc052c854942fa05ef3d03c16 |
C:\Users\Admin\AppData\Local\Temp\gcUMMUcM.bat
| MD5 | 8d5b058c158d6f7fc23f958c5baa48c6 |
| SHA1 | 9c5ed7185b72b6967368905badee0134eb447eb6 |
| SHA256 | b071d80bb185bc92cba15df39f430ac4b3602fe5162a8b492ccb6ae1779962d9 |
| SHA512 | 70c4c64ccfba55891b3c9909cf5265e679cfef719323cc2ff7704684181701d5f5ee9b22209a8da06fdd38ed32f68cfeca4e4f321afe024eedbffff5fe0d4d28 |
memory/1844-4081-0x0000000076E40000-0x0000000076F3A000-memory.dmp
memory/1844-4080-0x0000000076D20000-0x0000000076E3F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cIoIEYkY.bat
| MD5 | 8a9aff7f31d82226262078334068f595 |
| SHA1 | 462c361c637d5e0c2d860822d3aa45362af3c3b5 |
| SHA256 | 8b3e453033bdefa782427078451ab0663e7878d55a43e6050ca2a33ebf46210d |
| SHA512 | d526f95662c39bb0a09549f49bb6fec86c91f98ada562df07e6a44eed928126bdb2e68b50e357739aa1382d99424d86bd007b1f2018c627404940628504cc512 |
C:\Users\Admin\AppData\Local\Temp\AeIMUAQs.bat
| MD5 | f6641bd5340a6f108dc283eaef233b34 |
| SHA1 | 236fec89071535471333b72575c4a8e1fa262a58 |
| SHA256 | c040d787055317edc84f5ccb6a4d2b77c6cecf2f64d8ad12e5b61a6782aff583 |
| SHA512 | 66046be0c673834f804f9fbca3a0bee85f0c3c460475ba06a182ac5f32f43eea7799eca1846e475c0cdc74acd19dfb437bc420d06c12d7ea8686bbf289f21c39 |
C:\Users\Admin\AppData\Local\Temp\TKMAIYAA.bat
| MD5 | 3bdb2bb2c57f2e6644bfdf5cc4261f02 |
| SHA1 | 12ccc9d3e337bd6be7ed89b4fe53771866dab828 |
| SHA256 | d2d4984f12289aef221edba7221f151fa400191721bffd0c349fcfd36cb36195 |
| SHA512 | 49a44224d1b9577c327aba7c7dba3fb9ee8331f498250c0a332998c4b9632df003293d4da23d6ccfc2f3232c9b5dd02f3f212a4fb1fbb3625e9b7030aaee7282 |
C:\Users\Admin\AppData\Local\Temp\FecwUgsE.bat
| MD5 | a726ea391cf2f93837d770a921e5e706 |
| SHA1 | fdd9acbd3ee03a5cf606d2a74499d451ba1f7687 |
| SHA256 | 8075acd8711306a3516f3db924e43afa5d56f33c65ba6e09da676b275f9f8d29 |
| SHA512 | 0280f6daec7a46bf52be39a135a6dca165aab64050ccc7559404f5d1b85ad73095014062acd36030291c5b9b77faabf53eae8c715f7cfc36b6deb1a5a2d69f42 |
C:\Users\Admin\AppData\Local\Temp\bAwMwAwM.bat
| MD5 | 189dd50c502e849ff26282e2f6161c4c |
| SHA1 | d43f9d268acf92f08fc4ecad1c1582249f3d9e7e |
| SHA256 | ca79a82246cd38e6b8201dcd5892f3d588d7dac6c14ea1f6c398633b55b13bf2 |
| SHA512 | 1d337f3b60f1a9eb9422afead8aacecc7c6ff8cd003de7dc9de35842524bfeebd567e4a87ffd911fa30061bf9d84a78488f8c8afa0cde6eee0e9f51ba474c293 |
C:\Users\Admin\AppData\Local\Temp\nAgQQAUQ.bat
| MD5 | abba493ef75b63718619ab65a3c79a55 |
| SHA1 | a01c57c1bf2c4ffc23c3c2794d42a8cee72d6f65 |
| SHA256 | ca8526f8ce740f8217eb92ad7c6ff2d6d3e12fbcc81fdda1586acc5e49f517d3 |
| SHA512 | a5ecdaf5de6dae2feee83ac3dc1960e76a5d5d591a1d8c9831204cfde59a684759ba9489b847251149e00322604b7879b98d536c6ce99d0220a2abcd10217330 |
C:\Users\Admin\AppData\Local\Temp\Syoswgwk.bat
| MD5 | 74b7c9b0974ba770617bf3e807ca8ee9 |
| SHA1 | e10c944634e0c6bb97d1f4fd7bc1f5774a30c5ab |
| SHA256 | abcac00180f660da96f67bd81f0c361fde6eb6b56abf468d71b81b09488ce9e3 |
| SHA512 | 61f828deb4f58041a922141cf83c932f21c193c34eb87d31a43588737bb3f0522dd8112d243be6ad07e16270e1c354014a9886e1613a24fd5d593efcf3c0f0e7 |
C:\Users\Admin\AppData\Local\Temp\sgAggIwU.bat
| MD5 | ff492c0bec9ca2529c718cdca927254e |
| SHA1 | b23e04bbdcfceb0df84843bd14ef80a56fafbe87 |
| SHA256 | 646d47b3dfab5ea08ad0cb6914f0a27d27edadc27a44af5140e34523da9d7141 |
| SHA512 | 3b0f65962006827df2663a69ae45d2b48ae9ae92f3321ff4305f5ffd6ef0ed2cc2fe2542bc9bc9218121e1e7caa1972108779a6be07233792facfb849716c11d |
C:\Users\Admin\AppData\Local\Temp\IAUEIIUQ.bat
| MD5 | e2a38f9a5c53f2255dd6c0e31eacf0d8 |
| SHA1 | c0efc7e48bd5c2b49ba05ec7e2f13b5b9ee4a2aa |
| SHA256 | d0ca59ed81b91afd8de1b288c602b5e60734522d780c04f0b4acab8d24621250 |
| SHA512 | 8e65905787bf8960c14a43990da768428aaaef9763cd7612dae95f25bfb56e7aa0319c43495fe295df4e59ec87a72eba09baf07e22574183a4fcba24c69c7fcb |
C:\Users\Admin\AppData\Local\Temp\IEswswss.bat
| MD5 | 722dd1f96075c24d040ddfeb17ab0a19 |
| SHA1 | 6cdaf2adc9e384a2515bc62b4482e89d8c9f80b4 |
| SHA256 | ec9ce22dc54d3982ae4fa02b91e97777f70ce2f0f53d08001a98e0b61837a728 |
| SHA512 | 86228a6bd13b64adc755ab77b2fcac3ce3fa3bbaee7dc4d9d9c4337bc5c0d316939398cc447920bc8adc03e2fee0c234c02a68a5d6132ac0f54b2f6f6cc7c708 |
C:\Users\Admin\AppData\Local\Temp\locAQIkQ.bat
| MD5 | 1b095d6c9aba89a36e8990dfcf68b958 |
| SHA1 | d58c8369253f2968dccf7ab2a6b4f2d8dd0968b9 |
| SHA256 | 97c429f71353bf0e44f4c72c5f0dde8fc2441e4f5d304399ea4d1fb61653568e |
| SHA512 | d5c34310828ca2d912a03045ffbaee15bb1ace4de403af5fca5c46c55ef64395eceadef5d60d0087597546903ab655adebc73c9723e5440ab383bdefc6a28cc3 |
C:\Users\Admin\AppData\Local\Temp\tIsMsoYA.bat
| MD5 | 70ae33deef0aa1e9e95f1a1e2fe07b96 |
| SHA1 | 8d7ecb9d788893e8783140d62eabd2a2b34ffb4f |
| SHA256 | a05626c084d89a55c0cc86aba43a24dfcaf1c2acb3ce63a3804d9a4afca1b24a |
| SHA512 | 01496c27aae6f562d0104bea79cf6f95f315d773e1d1a9ba58c4119dbf0e85fdf1a8720cc97c8469ff4585acb6c40028cd25c8f3423e8cd31ea4131b66c179df |
C:\Users\Admin\AppData\Local\Temp\zwcwEoEU.bat
| MD5 | dde6d2f5072d5e59f795ff9b6fed0b3d |
| SHA1 | 18f8175f630e6acff2b3d82520d48c5af2a64691 |
| SHA256 | 8e5ae188daa7395f32f3ffc0e1410350a22d761861c352e7638af733dafcc234 |
| SHA512 | 5fbbe37b49b36d0900b62cc5fcb03daa7bb010692e7688bfd8ca02ce5887219fc882fd7f3a24511cbfe60d162b161166ae4c47929edccd44d7492f122f02bff6 |
C:\Users\Admin\AppData\Local\Temp\PawQgskg.bat
| MD5 | f1679886e776c0a9faa840fbf8bb668f |
| SHA1 | 41be032be3f302efed90243f24c096c99fa755c5 |
| SHA256 | db118ba8a801839a9da40916a647b32726aebec4ba4e12a24b62dd26ac2812be |
| SHA512 | cd49f7a19140d5083e94c65da53aaa9f057690850cb875a1f1b934c9a2cc223ca91cc7384fe8fb694e7c69c0f533da056052d98e95c07f02c95301c04194d75d |
C:\Users\Admin\AppData\Local\Temp\vUAsQooM.bat
| MD5 | d9f4628079b8b3ac32d253d92fbf4a84 |
| SHA1 | 1268a1ff6fc8d6055e736f3cc60ee1149d328a5b |
| SHA256 | 9ae9f30d2ab57393e436e07bce3cf6e13a853d851069d16716326ae2eb22d20c |
| SHA512 | c330854ea0180db6d940486cfe4a0b9c59c578aae9e0f393edca76e11bd30941d03b1057e1fd7c27ba831c4591cd891dddd76787a3e9be6069965efb4dd4325b |
C:\Users\Admin\AppData\Local\Temp\GKwQQoQI.bat
| MD5 | 651daab9dafa4bbf52b5c89539bd2897 |
| SHA1 | f4287e2a499dfa5f17f18f4c2c8cc08ffeb6ca6d |
| SHA256 | 4c64d12ec26ad8fb7a07cde001269a6a2bd6f8499cef8c9fdacae4b8b0aab5e1 |
| SHA512 | 0cd3e1f163264351515e7c781360ca7eb664710d15611c2c81cd82f70c311365d68528bd6b21758caedb694824a87808171cf7240f5808b5143e2e7a7ad06a83 |
C:\Users\Admin\AppData\Local\Temp\GSQMgYQg.bat
| MD5 | 1c73af5a74741dee4ad6e0e151cdfa4d |
| SHA1 | 131a500fd3945d06435a6284316f3acfb1e319ff |
| SHA256 | 14781527b8b3810adea3343dcd0eed29d56da1489d3167b53bc76762aaab87aa |
| SHA512 | 4eb8bcdcb1544fb3cc647e71d1e64efa6b215b936ea9e678cc7e91ee1e1a1f6646c2cfe2848aa5f74a16041fed73f0ae1f9c0233aec49c29de6a58193cf680bf |
C:\Users\Admin\AppData\Local\Temp\yMwswskA.bat
| MD5 | 2fe3002ffbc6ef87f7db2b8ead5900ab |
| SHA1 | 4ad6931be659df6f489a410c7f5ba7401dbf0ef3 |
| SHA256 | 5cf4d42b546179442c0b68a1853dda3e1f8859c473bd1a0988c9273887297f12 |
| SHA512 | 467012756dba04ac7d71db932dfcaf2a58c7fe9abf75f632c394eb61354828e20c7451f2d78e52bcf9147ba90394c41421355287169206602677523df7d7039f |
C:\Users\Admin\AppData\Local\Temp\sooocwQk.bat
| MD5 | 2bdf0d84395be4c8eb6b842519f688d6 |
| SHA1 | 6c0b512905c7ef006e7fd901833b038a0d03c122 |
| SHA256 | 97963ad12864644395b8092a1b4cf3829f13cd9ddff8736f2cf13397e0a2a6f9 |
| SHA512 | fe2af30b1b0c9978e9f32bf4ff088365fa5cee24790ec432e747e828daef1eafa982328bbe953998fe0e9c187c7321184e0f0b0b6a7b66208db672901065ff2e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-18 02:52
Reported
2024-10-18 02:54
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
147s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (76) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\csEMkEgo\WiUskMkw.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\csEMkEgo\WiUskMkw.exe | N/A |
| N/A | N/A | C:\ProgramData\caEsYckY\oMcsEoMA.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WiUskMkw.exe = "C:\\Users\\Admin\\csEMkEgo\\WiUskMkw.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oMcsEoMA.exe = "C:\\ProgramData\\caEsYckY\\oMcsEoMA.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WiUskMkw.exe = "C:\\Users\\Admin\\csEMkEgo\\WiUskMkw.exe" | C:\Users\Admin\csEMkEgo\WiUskMkw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oMcsEoMA.exe = "C:\\ProgramData\\caEsYckY\\oMcsEoMA.exe" | C:\ProgramData\caEsYckY\oMcsEoMA.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\csEMkEgo\WiUskMkw.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\csEMkEgo\WiUskMkw.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe"
C:\Users\Admin\csEMkEgo\WiUskMkw.exe
"C:\Users\Admin\csEMkEgo\WiUskMkw.exe"
C:\ProgramData\caEsYckY\oMcsEoMA.exe
"C:\ProgramData\caEsYckY\oMcsEoMA.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XGgQEogk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wkUsYQYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iugUsYYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vYcscYsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XIoQQgYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tyMcoskc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nGYUwcsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sEUwAcME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wsYYUIEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OeYsQYQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ykgcIscg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xyMcwIoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jkIsgoIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JwIUIgME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\System32\WaaSMedicAgent.exe
C:\Windows\System32\WaaSMedicAgent.exe cf6870cad0d559c786d250d90ff9e91b JciWA0wiNkW/O3Fxw2azEg.0.1.0.0.0
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pscEUoEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ImYkkEQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uiQIEcUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ocAAQwQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gCsgoMwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PMsgoUAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tQcgwsoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JyMEwwEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sogAQMwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IowEIUgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cYMYYUgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nSAMUkQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lyIMEAoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZacEYQco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kiAkQEEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\USkwswEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OAUYEcYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\igIQwcQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VmMAkccY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TcEMgckc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QMQAoUYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iAkQgwYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iukYYgsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RWAIUUkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XSIYEkEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bCoEsAcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XoAcMoUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\syUcwIIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MssQgIYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kewQYwgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FKMcsIIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bwgMwgUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lskgEIEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZeAYocQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CiUIQEUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CswUIoAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yYMwIEow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dSIwcwoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TuUgssgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\joUEQosI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\twMUokMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lwMMwwQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WMgAAUYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kCAIYQQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wkYIUwIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QikwIUIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pAwIAggA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lYQUcAoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pOoUIYsU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CewscgYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GCoIIEok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CIQEwgMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EScYEwoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fecIAEMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VAoQMoMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ruYYwskQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\koYswgcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\misIwIMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MGwgkQEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mQoYIQMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pOIckIUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pycsQIAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TAMoAkUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QKEUoIUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AWsMcgIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KmgkYIAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sMUwAYMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DiUMwIcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lOMkggAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LegYEokY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GOEwIQYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qQIsMsUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wqAUEoYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QwYEsoMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VSIIYoQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lGEIwIYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RWgYIwgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TOYkUkkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\McMUgMYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KQMAUAIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EQkAAMcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GsQUEIYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZYcoAcYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BwMkwEAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pGsEccAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iGccgUkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\giIsEcoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gssswwAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\sihclient.exe
C:\Windows\System32\sihclient.exe /cv JciWA0wiNkW/O3Fxw2azEg.0.2
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yIwoYkEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LCEgEEgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JIMEwUIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lOgkgEkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aooIQMAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QQgwoUIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WuMgkwwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SGkAQYwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xwQIAsoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zigMcokY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VucggIMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hqYQgcwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sqkUEAgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aMkUcYEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QAQskIwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iwEsUgkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HAAoMogs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nYsoEIwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xQcAIYIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aMgwEEMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QqUYUMYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EsEcswQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zKkEUoIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZQIkYsUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ruUkggUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PiUQsgco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:80 | google.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 142.250.178.14:80 | google.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.209.201.84.in-addr.arpa | udp |
Files
memory/1968-0-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\csEMkEgo\WiUskMkw.exe
| MD5 | 47648408db258ace4a11a39a8db00882 |
| SHA1 | 8645eb0870b8ebb1a858264898c8bb661280b437 |
| SHA256 | d7b25c1c331bfa911eda8f21b144f21e6a49495645fb9a81ab90dea219baae50 |
| SHA512 | 6c41030a80abf5ff620fef155ae4aaff19dc8247716ad9dd7eb8b00f513b8cd9b034b16acd831fbff8c0db33865bdc36e2529a3aae094c7c0edfcdea1558abf9 |
C:\ProgramData\caEsYckY\oMcsEoMA.exe
| MD5 | b428a020a228732adb027129da48c993 |
| SHA1 | 518e5a604395cc50de59094fd5d0de23abe8d86b |
| SHA256 | b69f2f4c0e916f20fa4e9302fd475dfdb6a90152726d367b5e14cda9bbf24ec7 |
| SHA512 | b8dfed9b467d8d523eb956e70762d9a3b60559fa8c32daa3935bfa147c5204c4c2eb5f665d14bdf8fe5e6b207c63c0679e999871dfbeb58874222dd6eb3cb742 |
memory/4008-15-0x0000000000400000-0x0000000000430000-memory.dmp
memory/4940-12-0x0000000000400000-0x0000000000430000-memory.dmp
memory/3120-16-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1968-20-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\XGgQEogk.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
| MD5 | 3d404187efd7b9fb9810d112bd8cc368 |
| SHA1 | 4c18184896e46369b2af6de3d84c25f44d3f051e |
| SHA256 | 410fd53c9634965c2b56efbf7a774d79014c98a2cd1d767adc51636e97428c5d |
| SHA512 | 5c1ab1a5309e0d2ea3f08e0e01d1291cf964de682c06812061d46d7bf8db454d36532c58fa511873564db9cfa9d215a63e752d57acb5038581b3b9a55dd27390 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
memory/3120-33-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3736-44-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2808-53-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3028-57-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2808-69-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4640-80-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4472-91-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1692-103-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2804-115-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1072-116-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1072-127-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4456-128-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4456-139-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3844-149-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4600-152-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3844-164-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2444-175-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2520-176-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2520-187-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3564-199-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1048-211-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2880-222-0x0000000000400000-0x000000000043F000-memory.dmp
C:\ProgramData\caEsYckY\oMcsEoMA.inf
| MD5 | 4c62a3d0f4fd272894983141467cce0d |
| SHA1 | 1e2848d51f98f19c4b33a9ab9ca23e24a2ae4edf |
| SHA256 | 3bf163093454554bba06ad1426959a47d57d658dd9d14b7bc49b1df57c10b43e |
| SHA512 | 77ccdc464a91d1f96fbf71487a814855801562d50670882ff5ffcd775f7e19d2debe2f289adf46bc17256c93032a3f955cc6bb37104558dbddd1bbbfbc525487 |
memory/4112-235-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\csEMkEgo\WiUskMkw.inf
| MD5 | 56860653c899832c75876b15afe41c2f |
| SHA1 | 91d81e9911850b4de71a6af903dccdd03e834a97 |
| SHA256 | ea76a089eaf4c508d902b41e7078c0a4828eb94c0e69bdb52eefd5ec5280b89c |
| SHA512 | 7928bb8ab34da8e09532dd4836cee969cbcf549f3b0189cc334644d632dc8b9225421bf719ea80a4c573497cf92b8622d16929a609b6681d6c5f975c37c82588 |
memory/4828-248-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4704-257-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2452-265-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3844-274-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4440-283-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4692-285-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4692-292-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3628-301-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4404-302-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4404-311-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3692-319-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4964-320-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4964-330-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4588-331-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4588-339-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1868-347-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1076-356-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3092-365-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1740-373-0x0000000000400000-0x000000000043F000-memory.dmp
memory/756-374-0x0000000000400000-0x000000000043F000-memory.dmp
memory/756-384-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3828-385-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3828-393-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4772-401-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3880-411-0x0000000000400000-0x000000000043F000-memory.dmp
memory/412-419-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3760-427-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3824-436-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2800-437-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2800-446-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1788-447-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1788-455-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1688-463-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1732-473-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1504-481-0x0000000000400000-0x000000000043F000-memory.dmp
memory/716-489-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2204-490-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2204-499-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4540-505-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2876-509-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4540-517-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4844-525-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1736-526-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1736-536-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4904-544-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3264-552-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1968-560-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4400-570-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3736-578-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1280-586-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3968-594-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4456-604-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1376-612-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3972-620-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3536-629-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2916-638-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3032-647-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2588-646-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3032-655-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1256-664-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4584-673-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4872-681-0x0000000000400000-0x000000000043F000-memory.dmp
memory/448-690-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3128-689-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\egsW.exe
| MD5 | 6f9f3b1f9bb1abc2630e085a694cd6a8 |
| SHA1 | 59e68ec3551256089b6ca5862a658606b810091f |
| SHA256 | e5ace8c8a3e9b564580d1af46e66bda76965c13d6a45112f9c0ba014ab8fd439 |
| SHA512 | a32103580678a68a3c8262216743e31640fe6a6a3c0bde819a3fe5e25b7632fe27887e3af15a20fcfd29401db1807257e179f1276291ae490e0b75f9103c373a |
memory/3128-715-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qwsa.exe
| MD5 | 1559117ef6b767fbfd945067750b34b3 |
| SHA1 | 69dcb673a6f64526015f6bf81bd00c798476b9a0 |
| SHA256 | fe814ecf18243c91b9a4a69a1b6c78b7f77f9304c36b1072bd690d5d7ab08663 |
| SHA512 | b4ff90919e8e91f56bd63b05bdfb43f66c4623ef8c5654b207f330b54492d538db75f5493ceb6a28087c09f6c1e31083c02ef92f0e9fed5866fb0b69257fa131 |
memory/1864-737-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WQEi.exe
| MD5 | 9652a4707b04bf7882c1d8d7e41718c7 |
| SHA1 | 45b77f5112337538619caee35f919bc0d6661184 |
| SHA256 | 18f14acae5d06537a401292938bf936d4a9edfa9ab1de4e05848152aa1171306 |
| SHA512 | 47cf0fe47c59590e5791d08c9cde43d7ce5a01b35b605f0898bd9d1e3dc8a1561aa03f1982e410cbb25ec6c4d67ed5c6f14b0a0bf13d19e9968e14fa70717556 |
C:\Users\Admin\AppData\Local\Temp\UwgA.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\Users\Admin\AppData\Local\Temp\KMcO.exe
| MD5 | cd2c6a52138239812376f1abf6c16229 |
| SHA1 | c927bbffb6e19465f1a553b23749643ebb9eabc0 |
| SHA256 | 584287d99f2a5186816270063ee0921a32574081e63c8be786bb85b1ecdef5fc |
| SHA512 | dcd1bf88df89ac9a9b21aa82c068f7a09fa66d510f689e1976ec2fe2bc8ebd0308a5cecfd0ff5b0071a08d9733db3ce383d53971f0a825491ac15d7441faf776 |
C:\Users\Admin\AppData\Local\Temp\OYgW.exe
| MD5 | ae0eef082686335e6e11e7d5edadc910 |
| SHA1 | e57d41eec3f58f7466a7d7cf7cc140cf49f6f8a3 |
| SHA256 | 76e249bef63534a9e84bbe7eb01a69a90b4d471cafa98fc6790b1dbce43b2e3e |
| SHA512 | 39bbd06b13b620b60a58b87f8c96d39b15157d3e61e1f56b8561120b03810cf96ac4ac98dbd6f1f8dec7411e01826465206d7b70c04f65154edffc5b45098582 |
C:\Users\Admin\AppData\Local\Temp\gYoU.exe
| MD5 | 41e3b746ef9f4d5b72f772130615bea7 |
| SHA1 | c696ad4d4b42b92c7f55a2213f33c02635245654 |
| SHA256 | a0e55be31c16dcf716dc6c9af8d5b2aa93d0c0478774c577ec425a6ce046e011 |
| SHA512 | 6c05dfa72084b96ed115759f42e5e34e9e696612291a71072c5155b7fbf42043e32a3f41e921c319825110b8dbd7c22d9b0b4106d6dba498bcfc1bdc65420d72 |
C:\Users\Admin\AppData\Local\Temp\wowW.exe
| MD5 | db99763cc7fb32fc5a5a1303a3a81873 |
| SHA1 | 8d16cabbe6fa5aa4329a80077f3609922357669d |
| SHA256 | a0d62400c0709e78e054dd0bd91d2a4103a188add1ac0281f07c7c7100028cbb |
| SHA512 | 278344029f8c9f3d6c42697a918d1c08517a848d6c2241d02fb4ca43cc7f3071c42374acf8e0a8a61921f36549fbdae1612ac11bd1e4184c2b54b04b7df94fa3 |
memory/2664-805-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EoQA.exe
| MD5 | f0e68e45f48c1ff42be721615278f0af |
| SHA1 | b8edf004e12827a2da2e2701aae0e469bd6099cd |
| SHA256 | cf140291a5c076c1ac6ce203252aae25967555d9421afbb7548a2815d350444e |
| SHA512 | 2fb90e87e7e182f2101dadaaaba82048382a50820a275209b686d88425a0d9ca0249b1cf91a7ee0a051402f29488710f05d384d37e0a69ed092a9a44a8a8bf79 |
C:\Users\Admin\AppData\Local\Temp\UgcU.exe
| MD5 | 49e66432ff85879193107e01db009e0c |
| SHA1 | 05b7b433baab137f41416b5430804726f40da217 |
| SHA256 | 7725824274be89cad6d3508ebfb917d24ba9e86f2ed2d6fe09c30ac35b9abdef |
| SHA512 | e36a9d8bd269571332253ab8550fa0125aefbaba82469edc7bd1fd6668c21a1068407349cfcdcbd25a1567176e424b783a94d50001344e387990b7278e2fe82c |
C:\Users\Admin\AppData\Local\Temp\koEo.exe
| MD5 | 01bb489a7d65b39513d48ae4826fc28f |
| SHA1 | 4d3686191ef0c13e38bb3c045f80989804249643 |
| SHA256 | aa5cddc9c07698ac0f051dc4990f39b8ae6278814c3f9324ef91236b4da61dfe |
| SHA512 | 58120fbfc1c9c543836bd401e8b3f0ca5292de1c36b0f7cfbbb0a0feab723e0b0c5eff9c70de8463f2b6d924f4e9a342877faab01bb0684ab14c9d0a6be16208 |
memory/1684-865-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gkcY.exe
| MD5 | b2fa709f006dcb45be6903f00d06c92c |
| SHA1 | fb48d6ede82e25ef5183ab44fd1366392eeec1fb |
| SHA256 | df4bb9a8ec4ebf5c2db452d7488665ea0117138c4335400c1ff1caf3d5f0ea3e |
| SHA512 | 8adaa55f8a719e10b72fa1690281a1fdea0b219a1b6c14cc46ad5c1f1c3a8556c8b7b05627d7384336a8802f16d9741f4c9f9e1959aa5f6f9c0911cba8fc7196 |
C:\Users\Admin\AppData\Local\Temp\MQka.exe
| MD5 | faaf6d5768330b7a101c8d951703878b |
| SHA1 | 82694e85ced26d0d1f0e45e7618017818dccbe08 |
| SHA256 | 7432ac508739b55ec961edb82b27a9c876f99b47c65dba79a6fad265c7c31ff5 |
| SHA512 | afe14b556fa3d789713df5f162fc8ea27f5756435c801c59fa5c21cbdc8d2b34f98e7d5548796d4d73009bbfaf7dd497d8dd346c7addfb00a3f466a1e7e74479 |
C:\Users\Admin\AppData\Local\Temp\gEcg.exe
| MD5 | 42ba9c08a604e85958bb9a41593092ef |
| SHA1 | 9f9c1be728c12523d0dc0b14f450e303f9c2e45b |
| SHA256 | 9dbf51513a0595ace8ba8280e9c77a6578c27b075c0d2c0a7b14f1a1282513f9 |
| SHA512 | 721172ca0bed144410ed8fd789ef3d6ad19555c1b19a8f7c1c9e0e9ed893483aecbe1bb7764409fa5647043dd59aada0419781c0c7c541c8b5fa11a36220d9cf |
C:\Users\Admin\AppData\Local\Temp\AAYe.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
| MD5 | 03385ff21ce33ae6698475301c92f2a4 |
| SHA1 | b2941fb6f27b66336176547445eae3d46eff0ad0 |
| SHA256 | 884f1303423b7319a71786af8f3e2895bf17d7168568633ebe91028261a22432 |
| SHA512 | c7c3945ea20f161ff80f0bbbcfee96ba18e68c98c3ab943857c9983917a925260bcf469a60e2309f4bb38eb091886b703cfebc2d1541ec58e22c401a2f51546a |
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
| MD5 | 00b67c9210e288ffd9b0e6062e2a5186 |
| SHA1 | 4801f1c0b172e2f2e6007964d2ebac92d5588db8 |
| SHA256 | c2e24d4b57508af0547a3303a3be7d2b585bca015e4643175767df552f8378b5 |
| SHA512 | aa035a67c654523ddf5241ef4ced4af7b65bc336c7b4baa0efce267a23f139a0a7ab3947203f77de872ee12321c193799e84a028993026251f069ad9df4bee3e |
C:\Users\Admin\AppData\Local\Temp\IgQa.exe
| MD5 | 1f57190f1283c464007f4e1ec97ad0dd |
| SHA1 | f89b55e871f0154e5a181e8319fa266b0252137f |
| SHA256 | 7f55c2795106a1b14327dca3149568841295720d933ce41364b6bd4ad9168b98 |
| SHA512 | 58f3edffa8b57e890921e154f29ba4aae6706d419daba267a0b322083a5d02eed64dd203e08ee7954a876aac25c8cecbe9a3eadbdf2dce6300013b6ceaf07f31 |
C:\Users\Admin\AppData\Local\Temp\sUEs.exe
| MD5 | d3f3ad469eec3976b733dcf2d38fe665 |
| SHA1 | 39661ccb1791a03e3c35a724a4486a6ea3485235 |
| SHA256 | 24455ee49849e681a3acdb90ca69d315aba0e4aba7c47709305e967ce728bef4 |
| SHA512 | c2a275a9992ac54d8a58b245cbb9d0b6149cb706d594a71c7117583fef1248d18139c62d73173b2fd7eaa14ffa07478c7fd69bd3ec5d829fde8c82fb4175f9a6 |
C:\Users\Admin\AppData\Local\Temp\QYQq.exe
| MD5 | 2df35420cb27994297cbc8774f720678 |
| SHA1 | cb7ff6b1e1325442a3f01fb5c106cdcfcc556cea |
| SHA256 | bec51f45df3e0b46856846a05916bd06448762c005dd425e0e05697094b17382 |
| SHA512 | f4ecd85e0e4da98e0e567095d34207cd728ba435dded24c365cba3c95778f875d5a882a86221876d6f638165b7d7e9666b8e7fb341284662b53cb9ee6e250e92 |
C:\Users\Admin\AppData\Local\Temp\kUEC.exe
| MD5 | 14882fcac20ceb867fec9e4ee8791ee3 |
| SHA1 | 4bdd9f920b095939522f4915eb0b2ed485c2f83e |
| SHA256 | 4474601c708c5c36b1f0b1c1fd335b6b009c3e8166d4d98979d699749a508e0e |
| SHA512 | 08690cda76cf057a23eb721d83cb671d7e00cd91bd2baf2b56c2d5188b34c726edf23a0ea881b883c6b9c0fa3cc5ff906298e503feef7fc6c87db582af2fe53f |
C:\Users\Admin\AppData\Local\Temp\MEYA.exe
| MD5 | 925edec7cedc3eb14c4529e8266e9469 |
| SHA1 | 4f58a88b2bcba9ffc9affdafa71563a78795ac0f |
| SHA256 | 0e46269e82a63e1bf5095f4c2e60a8f10ba8814c778853205da50b73893b9317 |
| SHA512 | 1fec6fe80e605f61565c4103f4aff10081ec5293f68f96891a71db0b42a393f68486fca511098489a6eac6625ee2b5fe3b30c35fe9e9126cef9ccd093afe4047 |
C:\Users\Admin\AppData\Local\Temp\WkEk.exe
| MD5 | d3f2401a95aaf4d2cd99f3cec843e1aa |
| SHA1 | 93f450ce6b24d519852206a1995b29dbc51ffc78 |
| SHA256 | 5a4b840a38542efc7b8d708afa6d4418e4aa9672702b795dfe56bd5f6684f672 |
| SHA512 | 9c0696d8136625c9f76c14a800f53c8be67d78084df04e96a99d175e300d410c167a122175738b1f9e5f0a9c825985c7d34e14f1bc8544895ce3ad7f2f0c157b |
C:\Users\Admin\AppData\Local\Temp\qQUM.exe
| MD5 | 9d3b2914b95f6c1b643ac7b060f72899 |
| SHA1 | cf52852434ce2ad7c99776142560e5fdc7fcdd44 |
| SHA256 | a77ca6e183f1870e8e875bd7b1f09d280079f236e5508c1a7f0ed5269ff5eda5 |
| SHA512 | 2abb1540d61fb6c303ecc73f134285187474de2516f48484803a324cb728780839591f792a1d4ed31678110d194de91fc990d210aa6902f25a027d8ac562cc3f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\flapper.gif.exe
| MD5 | 8765b68430e9984365d8b581bb4757b1 |
| SHA1 | 952e43ced0f8b504c286a88466c9a33e0b6fcaa7 |
| SHA256 | fa0eedfa18fcb8d5703f6f43e78564f719f3a1ee4a6aff6283630f065ffba3e9 |
| SHA512 | 3f07fed8f76b2c0f52eac4e3135b1ae171532c1e43f984f925c67c84c4bb94b4659c52a9a29aade01335e17409291950db651bec0bcba3078730c97b4254c8fc |
C:\Users\Admin\AppData\Local\Temp\mIIa.exe
| MD5 | 466719993f8546e32f002e58ea9e36f7 |
| SHA1 | b5cdc08d9f96b56161dd7ff6b294950844cef552 |
| SHA256 | 36a5ffeae11c7d091a22e08fd1f66d49f429885a569b8255969f3f2211d6d32f |
| SHA512 | d8e0b7c24166a198da22a0db0c7556c100d94b68d2694317f910c25bbfc6b7bb42b17eaa2b03456ab94f9659d6887086ed0fe19cb09da1b48065e39f739de4d0 |
C:\Users\Admin\AppData\Local\Temp\uAYe.exe
| MD5 | 4d6f8236869ac73f2d7e920635dac612 |
| SHA1 | 918f0ff63a3fbad388924467f5145ae1f1af05ab |
| SHA256 | a48ecc25e9741105db5f7f3e27cf9c253c5e2d846e511c6a64a570e5c3c5543a |
| SHA512 | 84c69dd4641f95b6e6706f3f9933444da9946912d0a74664d61edc94fcf102cf45ebcd7989991142b6e269d591fb3057aea4ec78ae95856f39275c41b6b3515e |
C:\Users\Admin\AppData\Local\Temp\oowi.exe
| MD5 | caa4a49952d61c2273909401a25721a9 |
| SHA1 | 7bbba25a1b55f8a64ab408b7cdb651cf19330bd1 |
| SHA256 | 727ddf7ee9bbc53dd54e0a3b9eb9e2ab9cb2ee2701249b57ad417daf330390d6 |
| SHA512 | 1cf0d1f005daf754625cadbbbf8c042ad82175c3b4a650a612a27c710ddb6fbc65906fc44c5728ca6ba2d0b57b3e497022f082a55aa696effbedc559a7d9936d |
C:\Users\Admin\AppData\Local\Temp\aQEU.exe
| MD5 | 318829833ffe0867ea3b94c45fd708f6 |
| SHA1 | 9acb01f99eda6462661e7c1a53e91a2372c23e7b |
| SHA256 | a41dc1814242bd1d9241c679998f31eb3e3d46aa3ac4f3c0984b49b607d3ec6a |
| SHA512 | 46995fc4f0b6b85ef673d09c6dcf8c89d5d3ba8f78f3738cece5458598323b5203ce88617fd99fbb586a9cc91ff833d484e87a4d3b5dd21f78394336a79d4093 |
C:\Users\Admin\AppData\Local\Temp\cQgy.exe
| MD5 | ddf29d1bbe56acce9e3bdfcb9e1a9f4c |
| SHA1 | 0b3e2cef3a7a17088b354943e57c39b890a69f4f |
| SHA256 | 1983a555567f2c5aa9d661d3b25db0ad3419355334b38e8cc5a70dfbcede875e |
| SHA512 | 2111d211ec18e900ff11cc4d5f5e6ea272051cdccf2cb5e81697150148faffd3351b1c81bd33edab9fecbb4d11df447d3c76b906e67731299d6876be81e60b9f |
C:\Users\Admin\AppData\Local\Temp\moEi.exe
| MD5 | 7a484021a4aa69691df90e0d7e2b1182 |
| SHA1 | 4520017c1ad5cdbbab048f94b73530b73ae5d8c1 |
| SHA256 | d4e432ebd1cf87c45ac21ae57d675f3a4620a6170881ad4e9d1453d558202db8 |
| SHA512 | c7c04659443195c53e0d7f9a8cf76b4bc9ae658431dd15523be7468bc597fa6df21ab3e7c1a8f187a0478036efecdbf6365826dc3af3aa8d4e88fc5c680de95a |
C:\Users\Admin\AppData\Local\Temp\Mwkg.exe
| MD5 | 55827ce3361c4e01d530e571ed16b572 |
| SHA1 | e39d82597f578a97797e223ae6b9490794069259 |
| SHA256 | 8ea702d01f0003f0ae1e0886068d4843a2ac4b78c2dc9052cc96c20e2feb7834 |
| SHA512 | c1b67378fbe260258a8889ce8c626ffd2be07d1fd96cea0aefac750f9b21331ee1cd1714cba948f16d807010fa7a29d06d1509d69050e428faa6b5a8e0083828 |
C:\Users\Admin\AppData\Local\Temp\cIAC.exe
| MD5 | e5cbcd28ea96cbebe56a7bf4109c24b8 |
| SHA1 | ea6037e39c39256bf0c1a229701a71ac227905be |
| SHA256 | 0469fe00079113e8126b06af49eea0ccced988f7e07eebfcb8432d515c7d4d68 |
| SHA512 | d68912dc0f26342933731f746a0356ee9614f3c86d8f3865e7e6aa62d4435f9da523422ea55d242c55ad2a5ddae1786a36aa35c87738a4c4ed790487e9a3225e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\128.png.exe
| MD5 | 26bb0403eb1d8f4e0414361b49087247 |
| SHA1 | fe51145e8a61f602ef2d519bdd39c8f4331c1ab3 |
| SHA256 | 89751b71318423442c13a2adb337b6e0a7fb76d26868032c07f50d03c3199bbb |
| SHA512 | 69f704f5c05cfe712fbece61a973b43e95566a5d584b9d7987ae592c330622adc5abe209a8f4c07f8cc56c0d091d849b83fe16b813eeaaccc094b5cad4ee5554 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\192.png.exe
| MD5 | 83b52d184044cb057cd2884ec9a5fde3 |
| SHA1 | 225f555330431a13621755f4c9dbdb7d76eb1e7a |
| SHA256 | 7e96007d64c59b6e5e53f2f098452852e2cc6b3f6343bcdde108e4eef9874a65 |
| SHA512 | 091fff4ec91a92008ba93adc02cc92ee19b3ec8ad07f1dc3f23af9c35885d566f13cd6b217434da800ce06a913637e1c3454a5dd7a7c60d3a8dc0a35e6ad824d |
C:\Users\Admin\AppData\Local\Temp\mEMg.exe
| MD5 | 9c1c72a28803c75eed9839222e37edaa |
| SHA1 | 8cdf4f24c25545a5e60d87ed59de89e01ac82c6b |
| SHA256 | d7b720e07407d54f198b122b7a074979bc5267e4344636f1e2295fe7c5390a82 |
| SHA512 | 55c15a16cc022d51201b6646084e93d54191ba490b9f6ea0c23751befdfa57379e6907ca73bee5067e13b2e20587e22b2e8f7675ceaefc2904de20fd91dbe1f0 |
C:\Users\Admin\AppData\Local\Temp\yoIw.exe
| MD5 | 5944195131dbc9a9df78f17221ccadfd |
| SHA1 | c5f29c7677a4dd0197adc46761715f8041a7e0c2 |
| SHA256 | e607db999a7fa3a6467675d7208097f491fcb205ded1e5466c2707f9cbde599d |
| SHA512 | 93ee5f4089ad1cfe93ddd8063d1acc4e26381f678cd7e79a6890f13c7b3bd8c789d7086b7b6a9d07a8505170f55b42c46aa7e0a2db0ee653991ca47bea89375d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\64.png.exe
| MD5 | 0273573c23e9374f018ef43eca9a3061 |
| SHA1 | 4f27d3ee6a0b4791009209151662c16677a39d1f |
| SHA256 | f05f6d2898aef2653560bbf543d9635732e0f8b56e5f78ca9226865a79dd7c85 |
| SHA512 | cc596c3d8720b299083a820540aab77b97a3ac25a90c232eec55bc60600fdce6ba550ea116a19d0233afc9f19e37a8d85acdd91f1f091e6a72a3d1e3ba9a0962 |
C:\Users\Admin\AppData\Local\Temp\KAkI.exe
| MD5 | 2f699e70b2aef3aec607d90fb02dc1f2 |
| SHA1 | 840c29e8bf88e60b16f80380a231f0b3a88fdd10 |
| SHA256 | b0b6a0ef29b75ad2e34679c95579950976f3e9b00c3b8783b5a4f4fcac95f6bf |
| SHA512 | 39e17db41c3d4e0f2b64157b7c13a94fa4760bebc83481eb43eec0199cefdb436c4cc426509cf8a1999eedb1c21090ceb914e35d265f8c4c04cbe5600964d6ca |
C:\Users\Admin\AppData\Local\Temp\AMQW.exe
| MD5 | b082f8cb09b77e668d3bf7c184c5af27 |
| SHA1 | 9b8e8b63ae797c5d0a5eff879888c42010939137 |
| SHA256 | e597a2f8d79acd71f551e55167c65fb62f0ded7eee9d0bc28799e30c168ecb31 |
| SHA512 | ba3180e12e4745b26fb595a3c1dfbeabd80cdc644762854d83013143a646f22669f8dd7ce687a48f32b580166c0538468a6f4a28192353f3be4c0a1be352d3bd |
C:\Users\Admin\AppData\Local\Temp\GIMa.exe
| MD5 | e62a0fb99e099380e5f43d634cc00580 |
| SHA1 | 8096c637eb77ae130d78d66291b8245600b9f21c |
| SHA256 | 7c15c72d10753b780313e544507f36f77a292067824657549c93bef8da84c700 |
| SHA512 | e9819c2f822069a43f53f44244a32148201a710bc351b0c443443160ce6d1e20c36de2592d650d2475153bf05af9a28aec9c7bebe5b124a2145bf15aed3544a4 |
C:\Users\Admin\AppData\Local\Temp\oQUE.exe
| MD5 | bf739cb8d6f7dc073f468660fc63b635 |
| SHA1 | 7b0546813e66f49c462ed20d57b38c163c5b845b |
| SHA256 | e57e35ae851ee16137aa1b50f732fee740364f8d7ec57cf6b9b93be26287d6f5 |
| SHA512 | c4f69cac5583570a5e98b5b1201552661fe33e53850bfc36bbd5e56007f3e1293845a198de51a5da4373b18242d30b112f061772640a46256bd68ff59ef7b583 |
C:\Users\Admin\AppData\Local\Temp\iIoi.exe
| MD5 | 91be55dcd2d3692a3a4656c2bb67ee22 |
| SHA1 | e52243a288fac8df4f9d437757ae8237fc75c1be |
| SHA256 | 1f161c8ab47a18c70745570c8f401cd8a3e43500df1c949127145d8da4f8b3bd |
| SHA512 | 6e5239e7e2f7cc1db75f69c1a12958365ab582c43bfeace492966ed4335dc37e24a1414cac3f6e7da2500924158c5e43b610d039391c0f5e5330c58b3336cec1 |
C:\Users\Admin\AppData\Local\Temp\KgQa.exe
| MD5 | 7e18c5c886dde238bae940d875e10d0d |
| SHA1 | 208949a15012c69550fe35fcb8ffff373b5d0a00 |
| SHA256 | 7ab45fafe93b01284d664cbe6afdb7891269c24eb97e697cf0c376c668944cc3 |
| SHA512 | d98f8d85f7c8d29a72ce09ce3c3ebdb44b1194825b4f5ed3c55d3eb5a3f86052546f5abe2f34154f8c870209591aa76047d366afc09373993e94381f030faaef |
C:\Users\Admin\AppData\Local\Temp\YMsy.exe
| MD5 | 69eeec8938c3b790fd04a745f92e2676 |
| SHA1 | c475ade2dbfe3be54ca6b24bdce09cfaedd4a81e |
| SHA256 | e658b293cd9ebfaa25719134e5fc926752e384a2c4428b08868662ccd8637ea7 |
| SHA512 | f5da57e5135289d43b55b2d63077ffbcfdb0e3ad04f3f89988aceb49778627ebc7464fb50186f4202aad93654583835c60e9c5d3b58b43bc96838eb542d4a084 |
C:\Users\Admin\AppData\Local\Temp\wEQm.exe
| MD5 | bfca4093a3115961b46d43e95ac0faad |
| SHA1 | 518407cc207e2bf52b535d1562839eea71919873 |
| SHA256 | 1b355c4253e85dc1a8a7989e1bac850d91356849a74e41f724095a9536ee3bfb |
| SHA512 | 24e6d3d03d60283e6917019403e89877e56811033bc64f0e1a55ce89c47f5d5faa80e61df55c185088ced1b22e453ac4f55b4f9b6d83671d18c583d633edcab2 |
C:\Users\Admin\AppData\Local\Temp\kYwK.exe
| MD5 | 245f059a80771c13b9291922211cef3d |
| SHA1 | 1557b0d0601a1935dacf71d96f5e720623f7007b |
| SHA256 | 435c0c4caf501772c4360752d5961f591326cf056f1a980b716b63338c1c0e7a |
| SHA512 | 3a1524dfdd1f52d87449fae12ff310b87cede96efd03408cbbde3359e565df91e4941838f4f5b1fbb99313131157cc8e82eb77898b18d66360b8f19c7fc0babd |
C:\Users\Admin\AppData\Local\Temp\OUMi.exe
| MD5 | 2c5d935536097d76410023ab348c1a02 |
| SHA1 | e748711b4856ec1c290ebe1fcc912adf27383be0 |
| SHA256 | 36d0cadc6eb6807bb4e3ee28a8be570b45ae22cff905ae92c42243897f9cb5fa |
| SHA512 | 00f4634b0cbdbcdd8f33490291ba20340ecb47c805e48986391d4bfd4bea20ab4019a981a3352bf3a680e02d6e54f64adba15c5d309f0e281e59a1c681978f6e |
C:\Users\Admin\AppData\Local\Temp\cYkc.exe
| MD5 | 4b2cb8d05db30e6b6185fd8d2926b41a |
| SHA1 | 37d035377bd62740dbed3abd9a052795f1add72b |
| SHA256 | b2e157e3a78f9f74621f107915c709409e30a1efe2f4a89e1de966380d8e7f67 |
| SHA512 | bd10eeaf5cd633ff93c3c0f70cf49e23df05969490f47b55194bd84610180d4b3072cfd3f3fec536f4d287232d6e6bcc1c837e7094451a0298ea1db1a3497086 |
C:\Users\Admin\AppData\Local\Temp\wQUa.exe
| MD5 | 7de645dc520fbd96799050cc469466d5 |
| SHA1 | a609096c93425d853a701161e9075ef4164fd13f |
| SHA256 | 393f53c06a47afde3415b8f87237514da9ef24f08caa7f30f87c4aa82685cfd4 |
| SHA512 | 6a1f22b83f38b8c0d909235253a0a5aa8c51149b2b6c24f4536ab560cfc4002bc5d2e629698441a58380c7816f8d18ddb149843b9ab1396aaea9589bd93aa79d |
C:\Users\Admin\AppData\Local\Temp\Mkge.exe
| MD5 | e1c6c67f71992d832c671cb4763df950 |
| SHA1 | 6422189a51056fd5db52eae68b45903b4acccf57 |
| SHA256 | 12335ee88086415a1fc2bd28e85f7d63391b0796979c93a0c06e339d20649f72 |
| SHA512 | a41148bf86ee083346046fbad5c96e6dc1422e96cea32cfe0340d78d2075de5b142dc1d225f0334eea6adb88b702dd3dfb5c836775166c555eb909321c517b42 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\128.png.exe
| MD5 | 30962af6aee55f2d2bca0f3f62192728 |
| SHA1 | 028cf610be049deb278fbc8fe62d6b2c49ec530a |
| SHA256 | 96da68534fd5f93037c110539947d327547c4a71e65b900d4852c74e09d577e8 |
| SHA512 | ca9937bf2b838c4d3beb244ad744141602a09789e430291e834d12ff48833cd3b555677f101222fda94556463f1df76c74c0f41ece0a0a5057959e5382255614 |
C:\Users\Admin\AppData\Local\Temp\WIsE.exe
| MD5 | 0133430ba47814ad6a61c516c6706bdc |
| SHA1 | d1825d3f4aa5c7333f9849d1c9b5d17e4338c9a5 |
| SHA256 | 161d3e1968ff977a128290ba05183f025be96c7cedb33ab75fe33f924ca2cf69 |
| SHA512 | 3d6ecbb7862c6e788c3bf9325492d48c46a81837c94f9c2a22bcd59636e95feb8111a00c7eb0a26157cd58bb2512cf2574a33289445561b0bbde77dbbe8f6471 |
C:\Users\Admin\AppData\Local\Temp\GgMa.exe
| MD5 | 74d3a365687d429786f2ae5fe81b1ca0 |
| SHA1 | c4c4801937cb0fd080f2e144f015effb318287d6 |
| SHA256 | 3749b4b2958bc47d89e8142f4d78a2fea6d01d82a179f0cd40602b3ab1a3e3db |
| SHA512 | 1793f92e4a8884a390d3659c034914f99a6d984b3facadea2f48caeda45fdb9b47a6e997d65a15b9c6a7c3257e2bae22d174722c4feb39b93639cc5c09cd5723 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AppErrorBlue.png.exe
| MD5 | 8e9f1702fb3badd336fbd857d5b7dfe0 |
| SHA1 | 66f93734b5d0796b319a2eec0504dbb43ed63af4 |
| SHA256 | 539b469377fb736c2d5776a2ce1ed60e3679de2f7a17d72d69e650cf19bc49f9 |
| SHA512 | 177b8fd4ad34771985b3e84268f68e7f876621fa6fcdccccc85f191c44d72a14b8fa195e5ce36685490c7910e4fe7ee75d8247d14afd0a54d3d50adeb5cb45d1 |
C:\Users\Admin\AppData\Local\Temp\eEEK.exe
| MD5 | 68ad5668631821248d573b1eb002fa09 |
| SHA1 | 635f8bc5d0e03bc696e6818647de65b5f5d382da |
| SHA256 | 22831e7a298798d2912858cbfe7d02e38a0ebc488f63d0c27406128fce1af4ab |
| SHA512 | 82a3a1b8f4da48f7589fa68d7ef62bcec436e4db32afff4d6fb37171c8c9a9c40fd1c049c7c15a8613ed3f70fe8aff0f118fac877fc2e8d08b75803c4c72f2af |
C:\Users\Admin\AppData\Local\Temp\mAos.exe
| MD5 | 534add475ab75cc70c5275e21304b124 |
| SHA1 | 47e719492cb127c6119e7b993dcedc6333b2265b |
| SHA256 | d243c4a7eb14b491829d081c841fe2527cf3a7d4f2d5ee205fd19a2472a5cb07 |
| SHA512 | 30886c631f6e4c3f3a3328d7fed151b836894a838b3ea007baa134525817f0024e84e6db3d03ff4b9cd4160fe3bc9c7ca7415e71cd2045d8abb48933931dbd33 |
C:\Users\Admin\AppData\Local\Temp\gIok.exe
| MD5 | fa7989e05cd7fb5abacfcfea0a3ed7d4 |
| SHA1 | d8a0e75dd1dd0fdf5d5df56c7cc30a94026c2893 |
| SHA256 | ed1a307c8b0366e9413510e246e49d2f6996e7ae540fbff98cbc2ca0c7508354 |
| SHA512 | f4b74605e6de8080c8de971e4acafec841dee8f485bf15632888bd3e16dd558a7d7058c809790cb3aec2d5eccd466afa9026fa503ef46567023e553e62336b5b |
C:\Users\Admin\AppData\Local\Temp\YAwI.exe
| MD5 | 82b21a8c00533fe4f24128d075a4e87b |
| SHA1 | 9db1889f8b93b721c95c7f7cdb455f9d5d6ffd41 |
| SHA256 | c767e20b882902fd26f1f52ef0ac8f32f2ef142b6a1023aa0f4d19cadef5d20e |
| SHA512 | 1a2580a91bad4fe55a0e986da817180cbc91a0709096112eea5ba00c4b6f4a4cee2d55b7421f4d78aa983b9818b6464466fc63297281eb7304ee101c5bf5ca07 |
C:\Users\Admin\AppData\Local\Temp\oYwG.exe
| MD5 | 1871488a01284803c010eadee1120bba |
| SHA1 | 826329ccf657fa7577d065089922e9ac8d485703 |
| SHA256 | e3365fdf91f2c2a598f8fe63dba37ee058ac115ebfb88e6c300c7c5dd7a0a840 |
| SHA512 | 7df817eac0d54058db7da9b9b5730738268e4e5e1613b6ef8ea9b94b5473074fe1f61c215ccd07d1b105742cd8fbaeed25e92ec4c93648236c35d8a9738e4226 |
C:\Users\Admin\AppData\Local\Temp\KUIU.exe
| MD5 | 8108878607e6d1582a3065b9efc6133f |
| SHA1 | d6a990df4c0719bc4bd37ad17c7ba0369aa56e06 |
| SHA256 | 0a5b1a985575a29b78f73290005c7da0ea8bdbdd5b58f696d217ed422a14eb86 |
| SHA512 | 43c1e4ef994f1e717d2eb44a78bb77fa20cb20fa6bcbee24b23a38cd6f54885a72e25b181404fe4e5ef8918c0413a9007f2306e30e267dad07b114aaa51a8c90 |
C:\Users\Admin\AppData\Local\Temp\mUou.exe
| MD5 | 85ef7f148ff17e3e6712ea00c187c97e |
| SHA1 | 86ee1e9f5aad83371649743539ae1bbc09e2f3cd |
| SHA256 | 053505d7b36f47cf020b53bcd1850dfb67a5c642e5c1d8f3ef83476052c4d686 |
| SHA512 | bcc2dbec482d4b206829be2ffdafb429fcbda44ce1664856f54d57f0b3d89a735b6f5f1176698e4de420ba809f502eb9ecb576dc0a3bae9075bf1eabc42e2496 |
C:\Users\Admin\AppData\Local\Temp\kUgc.exe
| MD5 | 25f86dc4e3dd30379b0adcde789fe06b |
| SHA1 | 345a16bd8b6724ec6e4b7c6a2a2bea8b9af3b6b0 |
| SHA256 | b903b891f718592e76d788c3ad82c813f272498e34124077242100d8723d97d4 |
| SHA512 | ad33abf1ad58add2fe7160cf65ddb0dee4e92a2d92f49f09645a8d54f31237ea37197a4d20b0ccb37c84b0c0f5e2e5664cd2962e1012eef3c39550d916608ce5 |
C:\Users\Admin\AppData\Local\Temp\kkMM.exe
| MD5 | 19a32082e714c3ff88a0ba5aa1a5e8fb |
| SHA1 | 6529927fb20f3d81846bb8a70007a63c515380af |
| SHA256 | ff186120b03bfcef5a98580fac5a9157743519861e9859966248abf97ab7b7fc |
| SHA512 | 2bacd40dcb1b6ef012d1f39db4d7bbb159859f7dcb66dd9074bf673f653afb64c42273c971228ee283b0877552566dd77a34bacc89698065b2a3a4f99434316c |
C:\Users\Admin\AppData\Local\Temp\scIA.exe
| MD5 | 70fe2d2e2ae06976c4a3f76eb66a3dfc |
| SHA1 | 1627b43666d5d7c676544730382c18a57852122b |
| SHA256 | 6c6d49df47a898bf1e3410a713702b14a54df34565bc6e90d6f4bc5d807d0cc0 |
| SHA512 | bc6e1de77d0625e947c04a0c971265896944c600ce52dcab6e5939b7856ac2f2a1ada387031183ab6f1d21de53b7c500f77691c00b9c6db1afcb6ec17a7814bc |
C:\Users\Admin\AppData\Local\Temp\oIQe.exe
| MD5 | 8ebc604fb4e7a5d04c63bf402b8e70e6 |
| SHA1 | 6dca9207305c94ec2304362902eed294229ee460 |
| SHA256 | 37de41b47efa5cf5cdab43f52a6abac97c23b3fa5bd4836b913a21868dce38ab |
| SHA512 | 1d800a5c580058d68b2e3c7c3d16c81ebccf0396e11e3fa21f1852b555b8fcedc2a9ecf2c0c7011dad44919408d90ea55ffdf73c64e6107f446712c000c95633 |
C:\Users\Admin\AppData\Local\Temp\ekss.exe
| MD5 | 3aac97a072ab32b43436a9bab4954864 |
| SHA1 | 6f0e845644714896b6948b31a6f4c17b019d028f |
| SHA256 | 003bb67d4f63b7ed364c983485268697b53fc2b0796580a4ff104b102ff9821f |
| SHA512 | 0ca5563168e93af88d0b5f335c4047fa029573c4d4b780306afeaca211b192cff092df1f20ea3a28e4a831a5bb8e28a8560c07d3ec84dd0f4f6b286f42e045fc |
C:\Users\Admin\AppData\Local\Temp\aQQE.exe
| MD5 | 382f60bcc25aa42aae08aa7b30dcb6ef |
| SHA1 | e2d28abee5f3b27ac9b91f3bcd8ca5e502a83850 |
| SHA256 | 6d261a4d3378e3b6ff261928c20bfa27aca1192be144e156074f553af4121163 |
| SHA512 | e0ad846fde5eb4066bca962d4f35a00827075d6225774c4a36a55150e38de0376f9588b4b9b496ba6622a079db400df0ba66595161c6a4b0b955a3b7fc1ccae0 |
C:\Users\Admin\AppData\Local\Temp\woEe.exe
| MD5 | 85488f08d21d40e0dbe7ab97c3dea7af |
| SHA1 | 45c0795be0a434d6360e9ab8e92a49ce5dae7609 |
| SHA256 | 05107d7bcac153cc54c5e9f9376f867ed399818cf40e3e41f430aab990ebfb0a |
| SHA512 | afce06eb04c97986a54bfb169d5706fb04425005441bad19b7b8456d143f81c1dbb59e1cbbe911c1e0f92902b21569618ab0ec3c94e1b7d210758c012d4647af |
C:\Users\Admin\AppData\Local\Temp\KUAS.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Temp\EYgy.exe
| MD5 | 404cad1a5b6d80b92f3069aed0623133 |
| SHA1 | 977df0d782412bd8cd60bf47f62797ebc91b9662 |
| SHA256 | db4653b5e765d87c8a62ed961df44a73043f82be5bdb8b39d8a6c8ebbbca8c1d |
| SHA512 | 8a60f810ec70f2cb1f10b84ab279acc5c9a56146d5cc10b30b1123b6d8337014129e7433486d320e6b51f55b54e580ad7584c21986ab164674c32b96b4d4dbd6 |
C:\Users\Admin\AppData\Local\Temp\EkoQ.exe
| MD5 | d98a1b6a4fe22359b300354e9adcd71b |
| SHA1 | 296817213d0e6c5d4ba187cb691a57503a1bf405 |
| SHA256 | 13983c1f80215ca546fd97064c9768d9189ced2e9ec76ba3ea5066f8475c1c65 |
| SHA512 | 96c6255275867f46f4e05f565ac817e019df297f17e0749c3e6b34fa62845b160d239fa1a30984f594b25eb9757946e85d6084122dce6bf5a1650857a709093e |
C:\Users\Admin\AppData\Local\Temp\AQsg.exe
| MD5 | 1cf70857a1730857f6e08201538b3878 |
| SHA1 | c1fbb4351fbf6deb5bb8f461e6e3c75263c29fd8 |
| SHA256 | 74ecb9615f2171346d1c28a90a597e8cd3ae0ab3060a5a86d9341b0ebc8287b2 |
| SHA512 | 055645dbcaa0c1fdbc73efacabe2404cd81bbe0bf2deda094895f705a7864f2ac4e4de770cf14101c1415ca26b616901a5174de112f7c3f9bfd6a71635ec038c |
C:\Users\Admin\AppData\Local\Temp\OEsq.exe
| MD5 | 1ce3eb04ad64db65d532e88c2a5bd07d |
| SHA1 | bdde125bddce43765bac8974d9bfe5ceb965c995 |
| SHA256 | c9ad678617f80f7e00380566003974566bbb6f9ceec23e95119ac94f2e3c16a4 |
| SHA512 | a04dc002dbdbe12a2653db22575ced3942f0a35f5250d6075800df66c9037bcecd575cec2d21dc400be0612a3796403bb920c5c22a6749ce74ef06db4f6697d6 |
C:\Users\Admin\AppData\Local\Temp\Gwsm.exe
| MD5 | 68b4039abcc24872051841a76d80d090 |
| SHA1 | a323bda0ec73423d348e04ba5a8575de761d51a3 |
| SHA256 | f128f5f16671052429e5ca30d0580631399543d6e94d032d98bb627a7f7d8b2f |
| SHA512 | 9d86bfae5aee53c0d3f32c0a7815ad65598fb68635b1faf7828a348f3111c44f5a9a131262a0e2a970e3ab12e7198f29df202028251423878192a825a8fda520 |
C:\Users\Admin\AppData\Local\Temp\ScMg.exe
| MD5 | 3e3e5a99e9481c477280ca1782f141dc |
| SHA1 | eaab66cb99afe5c4680c576025c0cc4bae3837dd |
| SHA256 | fca4d6bc951599094663993d2bc0bceb02e8ebbc7fba7f8cd6618c263e889ca9 |
| SHA512 | f33d96f6598444fdd2097af951ea8dbd369d06c8e2c9ac41a63644d8e394fbd35dce6215d859c181dbdda3e803094e09663ef6dd9ca9e175a7525daaf600aaf8 |
C:\Users\Admin\AppData\Local\Temp\SQci.exe
| MD5 | bbd29f450b45345b5a9a6861fa91c446 |
| SHA1 | 1ed4fbb08e7169960f601adb11bc437d38ab2a62 |
| SHA256 | 62dad749a34885ef2b3a1ad30075b8754e31ef09e449fd1af0d3722828b06b85 |
| SHA512 | 85a4d8502a9c47a5e0651a9d8866280540cf81b6b3863eebc6f2c87e03b44b343cf9a147acef77d8209011730fa4406984c79b6e9a0e76782ce8d85567ff98e9 |
C:\Users\Admin\AppData\Local\Temp\AEke.exe
| MD5 | 207fe032ba64a51ffd466258a3a642d4 |
| SHA1 | 10705d7e82cbcccb86680174ce8fd25e6c0ce1ce |
| SHA256 | fed4027732297326bea21b7487409b7da57a1b56f613e465f9d85de8fe10edb4 |
| SHA512 | 223e62c57fd1226fc03e6eab6455cf8f4558d53865038be512bf735f54995fec99fa7ac5d7f8ebb224fdd8cc3e19c80b00aec6032e5b0558e659fec61d605474 |
C:\Users\Admin\AppData\Local\Temp\qgEQ.exe
| MD5 | 7b85964d4e72e0cb046d4eed88102dc7 |
| SHA1 | 73857b74498025e585f2dd5d6467d3a9c2a45d2c |
| SHA256 | a67d04715651c2f0fd4e00d51bdfc8f1a2b981a139ef4495486f45c0f7ef5d97 |
| SHA512 | d1758d7416f7c115675fd37041c7a1d33e344b2f64b4a5dca35a477bb98db610e9ec528e77d7f8e5f83206b383168a94c9b03a2220bf254f4c79097041846026 |
C:\Users\Admin\AppData\Local\Temp\UcYa.exe
| MD5 | 377e9e67096bea2fd5e2e846ae72d86d |
| SHA1 | add3832e7f29683d5c330d71211024393e7d771a |
| SHA256 | f39d4221433670ca260bc4a69a20ea7fdef803ebc9d69ee6f942aeca8da446be |
| SHA512 | 0de46aa5f80081f43a1a2c96f579e5769bc0127fcc9c36d6641933d6b2b62760c00515231387e170c36ee7fc99d20ca0c861b784a622cdfebcf1434ec11ca905 |
C:\Users\Admin\AppData\Local\Temp\CEse.exe
| MD5 | dfed5b48db123272e1655966a9347251 |
| SHA1 | 2d394a4ff2705a87d512b7112d501dcb8fc707ed |
| SHA256 | cc29709c5a9cd1b2f4a3ac7c374120171b3b61479106ec968232c0bf3e49e775 |
| SHA512 | 2530e99a2aa742e9e9fba0c614caea61abcdec2ccf25a95da2003314d3b020d34f88eff8e8db92f20a38a09b9fdb6e278cc4d2d347867fc6d40e6276698b8853 |
C:\Users\Admin\AppData\Local\Temp\Mkos.exe
| MD5 | 9c869ed4f0ed0453797b4d9153ba7039 |
| SHA1 | a0e154898163034452293c988cd47bd00b7307a2 |
| SHA256 | e85e8ed8a649336fcf116e7dbc630cb487702cbffa987428f66a33f6b3a8375e |
| SHA512 | 0b4d9c9948f4960882a0fb086d9d0d0d6750081de1be41ffe71c95cfcd89a5a7423ce504dd0897f3439226a85d6ed222f49fdc8390e294aa41d223683165ca1f |
C:\Users\Admin\AppData\Local\Temp\WsIY.exe
| MD5 | de444a75a80717b13313057c442b855b |
| SHA1 | bc54e7592a215c50dff8ecfcc791b4ddb4461d55 |
| SHA256 | 409b92492155ca87e5d5ef32af57bdb9338c147a8d9d561e65ca181ad1ed8812 |
| SHA512 | f9880198834a79c77d310893781a9bf6534aad670068921631be77f631f41b480c21a9b5858849f5a6bb3b8e1936a76d7920160ca21cc98e5b557f46d9f0b80e |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\6501008900\squaretile.png.exe
| MD5 | 3e50df0ebacdc1f727cf9a3031134d4d |
| SHA1 | 0bbe0409d4df9309363f525b821fdc5f0624bdb6 |
| SHA256 | 8becb38e7f55b69fbd812b636011cdf3710059e9d8b2c46761ec99d8581a2828 |
| SHA512 | 17971519f96d927e230125bea4aebd67504b1f1c5e3277f45cebfbf9e41615d1635c07d82f4c976918a6df594f0a2888ff2fd190b0e6cced96cf045ccf280cdf |
C:\Users\Admin\AppData\Local\Temp\gAgI.exe
| MD5 | 6a66c6081c98a07644e26ffee853fa1a |
| SHA1 | 1afd4f6e7efaa6a720b9b3e9500f1794ab23c5c8 |
| SHA256 | be1ac08291aa511da14de2a14f8acbdf00518c5c2a2c437728e98592073ad6c1 |
| SHA512 | 26e6dd66fc2aa139783cbe3d57a9b68414fbd178b42edeab949d66cbbadb2f0a43287190f3c5bb3d2142f362b052001007ea00d776e28d69f65efee7555b39a6 |
C:\Users\Admin\AppData\Local\Temp\SYwO.exe
| MD5 | 0e2e49b102c2c9fae8aab9e2d5fe87a5 |
| SHA1 | a346b2b90c37dfdcd5574bee37e9a38acee79cbf |
| SHA256 | 1546dc78284b0f7d9979fee8e5a4af058d8bddb584f68f4374c4da61a5e5e8a2 |
| SHA512 | 554709f8c2cf91065dd6875bad6f2ce2919661b5a704c8fd409bd15103053d0f672ed0eab33ce9a4e61a2aed874042c9a47df0fb8dd4b8a36c834747e171a1e0 |
C:\Users\Admin\AppData\Local\Temp\acwY.exe
| MD5 | db20f5ec2157720b7c81537346e228d1 |
| SHA1 | 9ebda7ca1417aca471fdfd5f69c0ff6765688615 |
| SHA256 | 6e2f54ae91ec49ae1374715d1c185cc2cb4060f90ed83c6bbf6cc98112920bb6 |
| SHA512 | 2e13ace6a244aa2706e614f8945246364baefbd5600510b350193757aa44a5ed3ee9fc79db42be59d272077093416eae6fdc1152d26a6f3809c47f55dff94227 |
C:\Users\Admin\AppData\Local\Temp\IIIk.exe
| MD5 | e198f3957a487a3dc6082aa75518e4a7 |
| SHA1 | b95a6041fb05d66c4ddaa67d0a47fb66cf3dab51 |
| SHA256 | a3dd6fad6ab184d826cc3870c06675ae50c6f38d5ab42753093690740be8b1fe |
| SHA512 | 77600b07f33699273bc307f8ab644535835e525ba723bdaf2da17f7e047677f6e29e6b18e9b0a0bd4b6557f8955e3cdc779be56d4a41f6d34a67679c69740937 |
C:\Users\Admin\AppData\Local\Temp\WogW.exe
| MD5 | b00a2e66a87fe398b720436dc5e357ad |
| SHA1 | 8dbe69d0a62d289d3e09bdabd7e1cd01bf368656 |
| SHA256 | 4fd647ef23c7507016eeba3c5758039df16240599001a18d0ec51a606b43471c |
| SHA512 | 50cff67a165a1cceff7970f8a468ed1ddc2215fd6bd81f11289d3ed2f14566be45abec039f15fed2d5999cac7b7dd66321d641699d6ac4e3d21c812269ed579c |
C:\Users\Admin\AppData\Local\Temp\iMIe.exe
| MD5 | dd5b253f3abf2e650e1ff24cabe91f9c |
| SHA1 | 3757d0441b2226f3a01c53c593929d7546ca86ae |
| SHA256 | b23ed8c1747c978efc4e8f3b45eae72a0b8704db34d87847df328cca2102f3d6 |
| SHA512 | 105ef5994e83f67711d98b7ea76d9429fb68b5bf81923c41ff6f2a39de2bfc4e12ae10faf08d9e372065086287ba51ff8dc605a4ebc37455f89beebcfc90fc6e |
C:\Users\Admin\AppData\Local\Temp\OUkW.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\eYYA.exe
| MD5 | c5a477975553faa96bac4559993ac91f |
| SHA1 | 83c7399fe9c6021be1d46898f9bcd19ab2afa254 |
| SHA256 | 3d6d1a211c0199e176f238d75bf1283ed7c0c8078bf6d8b6c738cd5278a6023f |
| SHA512 | 38dde6a2803570d54f34ab0bcf431b6dcc1a8bd9ceae11c5f63d2aa0e96c4add79d966098fd98996944eccd72e889f1471765034af19c606ecda6d9e5000e10b |
C:\Users\Admin\AppData\Local\Temp\GQMC.exe
| MD5 | 45630ec8e373196e85567ccac0c24613 |
| SHA1 | 224f20d982b73188b9eb53326b2cf5dea6dc3ab6 |
| SHA256 | 424713d35a09ee0f184140e95e61cb709aa0602688e942555c279565665bc9fc |
| SHA512 | a612b99cc9f5b450bac00b560a2979676393548c401cc9e8c5e2cea0db1fa2e07aa299b18a20ee9d2ae343575089316292875e506dc90f6b097e6a06510cf993 |
C:\Users\Admin\AppData\Local\Temp\oQwg.exe
| MD5 | b555fdb3f4cba1e178360bb436c415f1 |
| SHA1 | 52c11933c0cab3a139f2f5b2f414506513ab7f6b |
| SHA256 | 0e6949281b37d2f8ab73c1be7b108cb63bc21bf61eef216a4ccb441c96a5e06d |
| SHA512 | 878a73303c158bf82ac2dbf2b927fb162ea5e07b2820ec890ba219f07152c88fd36665d2f7bee4ea61b45aeac41828102dd10b641a617b4c0d067b211d160b56 |
C:\Users\Admin\AppData\Local\Temp\ucUw.exe
| MD5 | 03ed29f01ce2fffd52847c878740ea41 |
| SHA1 | 2d5d0de4d4b416dba6dbf8e205df0405682a8d77 |
| SHA256 | 016839ebb2c4a138bf7e744ec59571e7745664facea4266bb9db34f8bf1f2fd8 |
| SHA512 | 045379ebab504546ffa323a03cd091acc80e1dbe2d5eb3de2386f3dd833d1d47d1f6203d145502805eba454708de708c4b73975138cc1a37c017653b60f99a2b |
C:\Users\Admin\AppData\Local\Temp\sYIe.exe
| MD5 | 8166f03de89e5b684a0496257daa691d |
| SHA1 | 988f9b505bdab7edb6b602449a73da8b729e2bcf |
| SHA256 | c62c80b1ae00029e56aef0c18062781c63b6ce355300cb834ea3b856ab33ee8a |
| SHA512 | 229c2bc909f967d548dbf97196c778fe1b0f15ce6380963a041ad2b7b47824424ccf335527210559d042d7522bb70fa18f7b881a51098457d4f6a249773f77cf |
C:\Users\Admin\AppData\Local\Temp\wgse.exe
| MD5 | e16295bc092e6b4f84c83bd070961a79 |
| SHA1 | 9a1c41cd5c57553595eb94f9e41365682b757397 |
| SHA256 | b7860fb4c016eb19c7f321cf8ba2c0fc8318a4175aa1fa421d1747ebea9ce2ff |
| SHA512 | a5f9e2305b613be838fa8a69d415e04d19b2a3c8813a41510f0cf3c5a0ac88de85ec32377e409e58ce71c9209dc1c21888e3544aaaa94e079e2e7c7855856240 |
C:\Users\Admin\AppData\Local\Temp\QcwQ.exe
| MD5 | 5d18f2d633742030154f8be0220ad6ca |
| SHA1 | f1408e327662e9748f8fccde2b0135efb6217ac4 |
| SHA256 | 8ee469f87f0733f596b82a7dffab6fab9126ec6f67d30cf5129f9e31023c33cc |
| SHA512 | 795bd6bc85d1bb6bfdafd870bcc9b89e272b28735a9d76509e57c429332709a7783557756fae6ba7585a80ad0b41d57b7b2e30ebdb267f4bc92a16fdb07a5665 |
C:\Users\Admin\AppData\Local\Temp\MUkA.exe
| MD5 | 90bbb5e7ecd8dd24a20f0d7f2d22c9ea |
| SHA1 | 2ae18e8ff3a641d2e7b926e692c55f990c26fae2 |
| SHA256 | 5d567042e3db1c7a48a87a8b33f5d915eabcc5f3e95fc635ed09990e2ba66772 |
| SHA512 | ff385ba261834df249567da5eae11fc2fb626363155f756f0c56458864b47f7312cfc15570777114c6b031e1c82f73b5c4965de29c9d354e3b586f4e0a7b5324 |
C:\Users\Admin\AppData\Local\Temp\ukEg.exe
| MD5 | 1c7837b16decb1a6c4623bb571d37ba3 |
| SHA1 | 613d8eaebd36e049dbc22a8f4d7f8e4ddad65ca2 |
| SHA256 | 0c24d0b7f45ec631d9e1a922a78f74629393cd6fcfab841f7053e5758b6cf2ce |
| SHA512 | e83de11e2412092c38ae60c239f6cd53af05c087258bdd2ab929ad543be016ede01fd83df2c7d14e08a230a56327f485d784fa9545c0b2d8ca129c924fed0f5c |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.exe
| MD5 | 6246bb779020d20f8cd7493ae3439ffd |
| SHA1 | 7799e2a7a99d72d39790399e6b14ef1eb20a0112 |
| SHA256 | 2a5d7c93d60e50090a705c773d563d8f900f1cd37a69434e4339faec4b21dec9 |
| SHA512 | 8a73aba8d997dcf425a7c9bc3ca13e8a585f65ed2023e2cd83a9049e3ca48827f16a48e24a1044243e3443735330a1250a21578426f20f0d3e117f84f50bb61b |
C:\Users\Admin\AppData\Local\Temp\EkMK.exe
| MD5 | 4a7e4cd7413647c6eac0444b95b0e33c |
| SHA1 | 485691e8261fa05f90997bbcb686ddd862d8b497 |
| SHA256 | d3c4a55a2d822e69cc241de5543c00099bbac4be20cfec5cfab47f3551d0b440 |
| SHA512 | 38abc9768a94614ee6e68e39c0509c790427a38775553b9bc643903591640b47d62acbbd9d2d09793992b2a02e703345c26d6525cf31f1ad9cc6b621596dca37 |
C:\Users\Admin\AppData\Local\Temp\YIoO.exe
| MD5 | e874859c2af7f532d0dc58e9f8e9500a |
| SHA1 | d76742a0dd54d21559d9fceb8c642ea0312d88ac |
| SHA256 | 5eccd967e02adf26c9404aaf493f943173c1cbd24b43caa06d5a364c01494adf |
| SHA512 | 0b732762f707735bc8729ed5619358ff0ea6a3288a0300bf6a4bc8f3707c3b20f3ddf9e6056c59ad13188c4c1a4587f5c305137db01f3abd6e02f97bcd918537 |
C:\Users\Admin\AppData\Local\Temp\oMge.exe
| MD5 | 5fa4123c2ab3844124dbea89a8d4cca8 |
| SHA1 | 45582c0c88f25325c01b0837b387d27c040e3f87 |
| SHA256 | 229891730fdb13413aa391771fcff95601698a296069b8344e39906fc69c5cd0 |
| SHA512 | d88116903c6ea9731ff7a09b2b116acedbd4dbaa78abee7151bf6ed4fb1071573b62293aa8fa2e714042c46eef71ddd0b0b68982cafc733ac32709809ab0b597 |