Analysis Overview
SHA256
7e27f4605a99496865b95850d8ff85e34c06ee25bae1f415ff2fa9b713913700
Threat Level: Known bad
The file 2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock was found to be: Known bad.
Malicious Activity Summary
Modifies visibility of file extensions in Explorer
UAC bypass
Renames multiple (81) files with added filename extension
Renames multiple (56) files with added filename extension
Blocklisted process makes network request
Executes dropped EXE
Reads user/profile data of web browsers
Loads dropped DLL
Checks computer location settings
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Unsigned PE
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Modifies registry key
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-10-18 02:55
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-18 02:55
Reported
2024-10-18 02:58
Platform
win7-20240729-en
Max time kernel
150s
Max time network
119s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (56) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Control Panel\International\Geo\Nation | C:\ProgramData\oyswggAA\uYwUQQAA.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\fyowAIAA\tOAIAYQc.exe | N/A |
| N/A | N/A | C:\ProgramData\oyswggAA\uYwUQQAA.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Run\tOAIAYQc.exe = "C:\\Users\\Admin\\fyowAIAA\\tOAIAYQc.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\uYwUQQAA.exe = "C:\\ProgramData\\oyswggAA\\uYwUQQAA.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\uYwUQQAA.exe = "C:\\ProgramData\\oyswggAA\\uYwUQQAA.exe" | C:\ProgramData\oyswggAA\uYwUQQAA.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Run\tOAIAYQc.exe = "C:\\Users\\Admin\\fyowAIAA\\tOAIAYQc.exe" | C:\Users\Admin\fyowAIAA\tOAIAYQc.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico | C:\ProgramData\oyswggAA\uYwUQQAA.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\oyswggAA\uYwUQQAA.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe"
C:\Users\Admin\fyowAIAA\tOAIAYQc.exe
"C:\Users\Admin\fyowAIAA\tOAIAYQc.exe"
C:\ProgramData\oyswggAA\uYwUQQAA.exe
"C:\ProgramData\oyswggAA\uYwUQQAA.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RWsMcAww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-13315968571552128007-7215335501571334825-2052042153326800993330292121996323171"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nGYIkkIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\auQIQwUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1937557790-36256627515340598881718256302135036636968073605-517568702-1221489098"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qqwoQYkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QGgEMkMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\osQUUEsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XCQowEsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TeEUYkwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fAsQoUwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\puYcUwkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nqYQgQoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EuIUokEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KQEwUoUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1164309595837147745-191911827092898002220072454191039774584-1008797296-1041972372"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iIwwEsso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IwIMAYUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "978822411-466304643-657663664-2073582666-353663782-4585826664204471982124275490"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NeYAsMsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xokUwkMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XMggggII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1221692331-1774122984-2017029345-8001596833602078501755346848-258239552458196073"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PKYQQMMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1555278077-1095475283619828847-902702717404867560-790986019-1838238939704947009"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fAsocogs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ECAEsYko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "120404670-1814071865-1922109289-17869946591070571373-1485813475260270791428909296"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EeoUMIgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1494380145-473954315820961304-737375903653816429-3829383661042082973-755955531"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-333893563-1361551943-921227440-266211215-631452039-1163158537-1296177661-1706615435"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-8090172072086834852-168222037891801767-197654693020106484551564277081455097124"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KCAIMgcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-18592600822058435481786733416-1798739950-13329140851831827192-721510212-257116648"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "173671353-440145275-887801243492957481-1290177151107555078-152131284-1696617646"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sccYYIkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bcoYsoIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jKYMkgMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "97096308716905722109562593571902510299-801105256-723583060-5560952421563807835"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-14131489011992868060-14138773011115040371760198033-2034885953172796631399594469"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-408542063231877311-333565254-883871096426976196-1644486555-5076484321474101583"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-19210768981622311520-41296434913990620713609378315690864841572802209496410836"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-99712963739738461141969566014046084561901631463-6892342311151871919-189824549"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pSkYYYYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1537486464-5364691211837370546394097313-1177086606174646261121357414861881485763"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1196976190-1123181138-688067595-1406704461-1646548929918584906-2012840748780557505"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xCcQMkYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "498009079-81040509313226979271529458532-1939443291-1223426689-15304614121204299723"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "9370891591132444715-826896-312572764-1589594162-1394868407-26095188-918913920"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eSYkoEsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1871507619-2115642616-11035295011724422607-187638365-1509144733-1927404178-382162089"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "51404057014806308621503885532-908265081815203307-135131697957092809656783653"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "595341448-590657384-663221287-103289456173790040133420361498980185-1518219961"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ASgcQsAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "807677981649728464-1625434387-2051216252726335139-629986814321827863126682771"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1912956807927716997-1824050397744734943-1135643942-359659496979914306-1443893041"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-11135889431882484880-1395228279-1142676271-12809818-19009763061326682019-500165485"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\asMgMIYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "11269291531565565601168270924313234229587258809-1771480850-566447199-2022087042"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CAEQAAAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1988089026-2099332456992304673-12984826961974537464-1870203253-17899974061152104717"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dWoAQEQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LkEkUgwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "19213811291131682202-788068314-1185699178616260909-1912211926-1790034575-2085133627"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zSQAAgkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2139611446141310729816832846521698416618-5453099471775762424698050184921713846"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-581339098-193864229-648445986-93243846-2061320679-726832418-1481467148-1594643804"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YoEMMYcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-317458226-127495986511876376441809716196-1736113197-18063429761558486282-1924896812"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iiQsoUIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "18604834352092491301-1084290631-200910589714716272181336213359-3175667481548066661"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "219631673222158712192591530418042380361251413602-2030694851-49661891263854708"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IIkEUUEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1108435765-860401123-1490556963553839894-468009525-1193312907-1808347404144560560"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2116860982-189440117-874929221729635570-20477018251652572852-63678078071617258"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UOooQIsU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2119057171-331093404-19678536581893935717-956002126829554494-84936314-1359693116"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LUoMoocc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1549190467-2515297331916441648-16173700041499115986-758948118-11357053791885629117"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xaQogsoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1889461521-1228254210189044794-683805246972253921379948230-1191432881846633839"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1807311887259069520-125620169-1532575748561661899-14594228766931874081986566718"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-786303716-5506293141764975383170239596796902114010161348691285647923-423019741"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1825651441757485167-1032285404-662047179-518033633-953354369-1878296643-1030851886"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FwEwQQUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "78201640647420882413219374403559871607963606591360993813-7321070351972601295"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jqQoAogs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iOQsEIsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wiowswkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-988642192-12745694271644705139251399889841523807243123573-65264774-587695468"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1967893900-1038070808-133577766-1239416827-216951816-625661029-1217910015983740623"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-396396152946284841-1768522436797675622-6470567061783367616-11541934691984483096"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IsQgsooY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-231573632-7175884461227955124-2077473652-160809590511741614231053451265706818163"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1526862243-8220607111585102439-1133621559-144358693-826768438-17599452141699613220"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QEAEAcEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bGMsAoQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JoAIMUkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-56317250236573010024016599217231153921376643718-142859334218300514241568105181"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pcgUUkMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MCIIgEEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1898032159-57595607-1849837889-13716750271513935845531951387208148051011015251"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GoAwwMgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-18578758405808141111746666600561575841-2100914930-204482323-2023018855-847867345"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1076168226-70810768-512942793-532768290-19826858771022080419-420627051133485630"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1477291540-1150051248191334717-937364441531468328-960280215-345775250-543442664"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MYowEkAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WMkMQgQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1739415411-12285496112045996290-180354018419600501691579261232548294892-1714962870"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-20686332581662265606-1052020067746505542-777693943-430862523-15185522161163087223"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "68691048814771281931416157837-824442035-1128419622-6832633147351132361954015451"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rqUkUAQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-561253202985123821-816304883-2027584555-13163487711500364688-211460231-1665978008"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XksgoQkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lkQQcEos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1175806968-20386033268406664661228448713-1822449771-2104907598-1413819482-2008986815"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-108368450-1234958395-2122362488-183278245-11665628381910652799398676859947617219"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "366664331-10045191652655513551155123030-979375661785923331386054745-1620761334"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hIcEkIcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "13780557342010586701-795305037504083619-330706050-2826157251964358541929493194"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "147729324597764303-1325367661819219537161033484316477071141177011248-863459591"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ueYUgoog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "10860888251316528913287368744-1368290376-75551340217213939827886720811471907889"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cuMksAIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-585642506-366287207548036703319756615-1594141700-12154188381060243448902648603"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "156153058420402303201669295292-1297751927-1524148201-640652744-155405830-1500518820"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SoYoEMAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iUcgIgMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-143852542918204235421331687342-1251009337-1596704421-71081677813195065911564538183"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-547043361084124041-17405461-974705200-17628770997816106491563660647649266072"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dwAQIIYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1498349942540412059134574466527652153-160181519616295305378194812706931016"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JiMQsEwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "18511110471528495442-200343576615801994911818995873-1227228634-1039609038-223686476"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lCkEgoEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "872376868592733480-1363081597191873078914766085632129253197-10152622681708383728"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NcMEYgIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ACQgcEoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "546027868-1346177596129693434549279024522811792-1931929267-1433934706-1915242121"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-980581879-244093465-3278984893002030-478741620-902977251-27800858939077282"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MOkcckcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1383882123-520136263-385733277667846476721274699-683553444-1433756521-1313716001"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SQYgkwwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-707055037-1305749140-17303794901629172092-795071588-2102580136-294149220-393894238"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2143879400-57105589892743586618080231-502376510-273360541-2021482635-1971936552"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "4843912561655332682-17386968141940407532-171646837819562356131436656961-776148306"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FsQcwQkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XwUwsMEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1325843483-777417611619111585-236327183106802200416883615411930026814-1525778357"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "15663994618706604722118816562-1714495971-8859680072020101773551419180-1401428566"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\locckUMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-83158880118278709182002590450-4853620571586408470-585531921-15118955781610238925"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fQAoQAQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OssAowgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iGQgMwwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2059430786900543802092179871-180964574713408221101334053331629876145-530363559"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CGcMoAUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1562225368-568372487-1460043122-1920371300-12594292232039023383808709207-637857001"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "731309180-9839892731368415265816613532-1500172534-1231589652-802292805-141432836"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-11756902751054417701493626861-695030318-920373737-520127929-1854416898-417079389"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YoYIIEkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "9938682427748405711868514095-1829650014334518748-2008213836-8944220301650903759"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xGkQMIAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "510717314-526137458-444879184304033020927544708241829818188004789-339712050"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LgggIIkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1723946812-149416088-4803881854069000111675290800-1797959496-11820753231810680599"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "443251190721789089938881430-116595978758552685414296789501533471204-84103764"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RSwkcoIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PcgwwAsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-11911294953651858441860654125107128360516518695310231896601541248143-1995343167"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-451317783-543423352-562502712-763204590102750128112467710724634589-314967316"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MSscggEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "759704237-1652840553-893258986-540136207-1136272526178168636808535021519755725"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sAkkkwIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ukMsQksU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1897745152-12633787711423969998-1425610941-29676541-1533021984-1039148118-396773870"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "681677434-20079742-1917428498-14539820651048751530307521539-12930688991080172608"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MyokUMQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pwkYYIgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1231332931165547338011824750565114146931216182238-198669244119037410781036321299"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-10712704487142566063144420381066613997-697955690679402792-18806355861496511132"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DMMAsIEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "15689342911551114434-1631889543656454228-16814166481658904030-1656538266130448416"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "4453298241039254090-1601990791-7317930141862232920-1285985688-4806846892062973372"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FAIAkUkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "793734590-15435993310327608711650838351-1816838751-810208363-19527986271033334287"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-18560837082076873666-15054538142961375292426999761610460970-149660594-1294253351"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XoUsYEYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-265357310-1837409270-613837931171059538-161085277265702096114519058591006502699"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tKsUkAIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-17704526632097632917-1962866919196120241198642264720141022741740388496-133658135"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UiQssIMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IiAMEAkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1716934179-352212180-39697946847688396-992339064-16012138661671745127802760021"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\Uocoowsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FAgAsgYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "153483097-804237805326643914-905989434156666041618718480001904005911-480060408"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "15112596851160933360661864326-1753059092-368464575-2058551871167220851664113056"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LcwIsoMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RuoEUUsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "181687998320543442902081185772-1873853552-9756087371566111886-663582343-1543474907"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "17920947802063299626928523042559989961-1384781951123029495-5330947761157862314"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1904285433-3924795511579667114-21144877572061191734-875875025187292265532080212"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VisgIQAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\suocsows.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "16777936211830311775-1830973110-2000691251-3430906161231610801-18465245271630792842"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1285971215-487302636-17408644541728553731-291928386-1560443185812266348-180850503"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kIIMwAYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2263634551605767677-1614769565-1909544869-625028291-1167151975-2039407389-1903745402"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "9217696342071157993506778505-13060735411071428621015247540-175898987-1361181904"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AesMoMIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1302970754-1458500694-529189103692972655-769298354-1060612179865894292-1750829068"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1043709199606872590438689214833413008793887976621403502-7489557712083131253"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1852068434-690606638526515450-925934414504865084-675933071-983646971858580695"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IwAIAEcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "12740208711837121455-2987730562002362442-4921976819283107352090701496118016069"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-310940553651684368-12185490671231211464-613668278-1927958747-440369498353657925"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GuwEcwUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-669988152-2094789613878684742-18570748104964378811276436128-20593922931016851497"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tYAEMoco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-21283410171490351616-11092059011308925062112640509212976489341905940714458400241"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fSMgooAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-14210574411722691718-1498222007-220395673-135292854319027403331030424888-1509039341"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JosMgYkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1620755375-2815771411133013250-615404860-584318880-1669649221956598301-1637173785"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2126078817-1048680087-130245709561678447-14331983681800279071-1805447674-435475448"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1921766070-1748849459448316070-210494617639574185-51915043516665158422119849467"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NkkUgAAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ieEAcowY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-8814476971583273039-1636717070-399497222-10349100851295500611-166892065857412729"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1508732767-1916898141-277212986-44158233874909794213218642581877286448-1708246331"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-32874874715233221681816614294-1537586448642732776-1078865370-982179594870104471"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GoAwwEwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2110751274-1561308653-817787386-106262476-85608966513114510712213434142714921"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-13840538021780392604-997817795-685194001-710672019-2023418113-1614712166-1948278257"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eEYgYQEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qsMEcwIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "18999429651950669536670298361-749825119-517314205158027264919967417701556816180"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "28739441720449135452086677851-869588718181672787675648773645821349-233257096"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1881527355-15403690271329457535-1296897700544394064417891498-1570658503-597175994"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1549666186-132264690191261437121190295721430334390176813178-12288620881338333595"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hUskkMMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1432133769-1025533601-579738751-2041025765-10285016831147413824-698981789-16134873"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jEIUsAIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-5647513012044430998422413138-335954941-8473210805716534321142449691-486452126"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "569912881-11787813981549191033755545874179065744418479336-1892831351170547083"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rkYEsIUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1722922404-1900951650-21173908551788490603-417171453165697415728414338-85467086"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BwAIYQcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KOcokkko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-10141629411167116332-1764387506924437665922043921975361671519296608-308632528"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-500694397-1181092398-1168579111637097504784924939-1880955318-671351977674479546"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1084448915-1881129488-2100005968106669340320389646881403369336-1531550852125812830"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "10510898-2022414458-1064621814649006101444847069-681825266-1382763012-687329502"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2083038862-194593003312084155441125855431944161659-202851322-258999149-1765659353"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UKkoEEoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "4131124121773218760-229045301-1029625703-1308563307-713469437-13362927413453605"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "145103255-787894563-866239352524971284-17873201481832154858-1222326718-2071870769"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1809452458-9356072561956307823-609138141164878727-624864960-315131428-1636258758"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EYwcIoUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1514688239-1493666144-132305534411022805521286909682-1598576270-2226060731074041793"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qkYswsII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-852206046-10555747451723527545-262959012-1147840111-584826039-1929930894-1756775261"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ByUMgEAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2207413201601504773-243761165-422588879-8922752322112760340-1069248226-1667764935"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-281827216-15197001769961113768963750511127526244-206516894994733878991822932"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1676368331502187740-17150402181359303115-1049634392-4787964531983833060-148277458"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-18899508141973139668-1183575714633699938-1379714086152475319-1118761148-2128610378"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rqkAwkQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-89241121-5933569451767685290-82540742-699243833907238426-275861994-1430404344"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TKYAsMco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2082334299-37299690530971094-17637449469485467979237569071204643275-973887137"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HGcUEcwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "3407758089981084351962173787-1831634815-114887998-1595987222-882450470-214694329"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NakMkooI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-861827654-1824621721-1856841067-873998369-2002663597-675411415-580040422232802971"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1996274635-1327822980-443074637103163320119888020951973089187-1795863709-924287720"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1096978398-16569130721198922694892155351256006291-8859849571857721052-750763650"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2060270619-1380337287-88883532920738328414486359017481838302075478828-649645678"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "14170299561545183127-20774996521309652047-21179037561235630408-16160791611402570659"
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.179.238:80 | google.com | tcp |
| GB | 142.250.179.238:80 | google.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\KQEwUoUo.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
memory/324-311-0x0000000000400000-0x000000000043F000-memory.dmp
memory/584-302-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uUgIYcsk.bat
| MD5 | 0806839e9273984d918e8a93a59887b3 |
| SHA1 | b68b719b991132b76f26f568eb42a826afdcbbbd |
| SHA256 | 4740c3b1d717f7c18b0696cc3f08283a3db0d51f75f279f86d4f98e6d116e514 |
| SHA512 | 29c8a14e642268a03d0ff3206d4276a4316f76fa36d68ebfb85fa30b3d564ad86bebe82322531433053e8058dcc063cc73830b667d3f9b0a31cff42cb3407bc8 |
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
| MD5 | 3d404187efd7b9fb9810d112bd8cc368 |
| SHA1 | 4c18184896e46369b2af6de3d84c25f44d3f051e |
| SHA256 | 410fd53c9634965c2b56efbf7a774d79014c98a2cd1d767adc51636e97428c5d |
| SHA512 | 5c1ab1a5309e0d2ea3f08e0e01d1291cf964de682c06812061d46d7bf8db454d36532c58fa511873564db9cfa9d215a63e752d57acb5038581b3b9a55dd27390 |
memory/2092-289-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1968-280-0x0000000000160000-0x000000000019F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AuwAokQk.bat
| MD5 | 535137d6c2416c7d74f7ddbc8aa79983 |
| SHA1 | d9c1931daddf81dcf1b526db2fa325d02a78471e |
| SHA256 | 4a36ede9693b9d68bddde0eaa0c407d3a1ec1b5523ad04f49f51f2e2b7c01752 |
| SHA512 | 4b352dfccad8c887f2fefb7470001bc29b6e10fd90585c77ecec71248c6bee8b62e9319cb3db6202af76c4dfc0f8ce01ead6a2b984cbab8f28c3cbbf8b37c001 |
memory/2460-267-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1644-258-0x0000000000170000-0x00000000001AF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vKcUAQAo.bat
| MD5 | bd66d7ce9b7af4c146e3aa3b15c9e791 |
| SHA1 | 783c1b8c7cc02a23896c6776ccbfeff3f0a5f43d |
| SHA256 | fe6b3cc1c7fe550c8fb4a52f9736d08d0326eea4bfa43a9a2f211cd309b65748 |
| SHA512 | 0a7d6e79a51e6f2ea59a1e2be787b901cededc34bb5d78c110ba942c0431261538a78af0897e4774ca2874cd5b153445bcba432d0c3f077c6baf7191698ff585 |
memory/380-243-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AIkMMAQI.bat
| MD5 | de0f4eaa5e7f3609a6b9f78584b94801 |
| SHA1 | c4e9d2fc1b6a7efcb999ac3d40b4a38b0e0f77c4 |
| SHA256 | 1f8debba32e290faf9ce9c5f4b551e30d7495f72198a0cbbc5e1a95d7f31f5a7 |
| SHA512 | 4d588003edd707c39cd1f75129724a52c02f8597e6ea132de1e39d22d0303bef6d66d2c49775f7e6280729277b74c630d4b47da436e29485e7e2d2a493e79155 |
memory/2780-234-0x0000000000140000-0x000000000017F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ZecYEosU.bat
| MD5 | 80b06bb919bced7accc694b67ca22172 |
| SHA1 | 1e341d32c67de7d2100fedfb48f05cc2daf80af5 |
| SHA256 | 97da8b647609d01f51e13c5174ec3391d15145a66c43b536d43b4f00cde2d780 |
| SHA512 | 256bb7592b7138342252fdec32ad2445d1772255f5d3e2cd1f96a667372aa790d37623446eb272249047e58aa09d59cc789b0c55dd32f5ba879696e43896dc91 |
memory/2920-221-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1804-212-0x0000000000160000-0x000000000019F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\bsMcUEMA.bat
| MD5 | 71b81a698aa6a91da9ec294f19866f75 |
| SHA1 | a07086517fe9ccc6f2ac899bcac99e02e1a899ec |
| SHA256 | 90cf42b1e8c1bee3af9635a579cec5d7f1bff27db992c5bc54638454cbc2bdc0 |
| SHA512 | e27b9cc038628c63285a4d1ca874e1416c05405676e88c23943754f09cc5784de7fadb0054b1bb7787ffd7d2a74be2985795173c02e45aafa00d173a0fe18d1b |
memory/2164-199-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2920-190-0x0000000000400000-0x000000000043F000-memory.dmp
memory/584-332-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\DQAQIUUw.bat
| MD5 | 6e072dc16589706cccb93efa8febdfcf |
| SHA1 | b57ad2574410b794060b8753f9af88133098664c |
| SHA256 | 02a6e81976dd139a2985420a5d047a47b32bad9caf7b8a2a63141003ac5e634d |
| SHA512 | 329fae3cc416819f195436bc4b619d3c3c64256b21966b9cf2704e06dafdd4707af34d43f229be6359e1550d51718f714c04e4477b3439e9d9981232721377f9 |
memory/1864-177-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1892-168-0x0000000000260000-0x000000000029F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ciQUYYow.bat
| MD5 | a2c86ff2405b5b85058dee2554cb2cdc |
| SHA1 | 2dcb7a7114d62214be302a435af16a9b050d9a05 |
| SHA256 | 23b28f27b5c58c733cde9b91d4d9b045c4949be228ff7e2a287a419604a61f82 |
| SHA512 | 63fe8a99f6e810ac0317abd93e1b645186a4d1b9930ca741a65a4a71ae6cf42a5f32c8b197aa6be2c37eb48aa34bdaf1f56e3e44fa97c012a2fd781ac7fa6e36 |
memory/1668-155-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\UUgUkUYY.bat
| MD5 | fd2c102a1cbc7e8405f14eb5623fd8ad |
| SHA1 | 997b2b806d5219b1a45b7e72a5dd3102d0a29150 |
| SHA256 | 22534e2be894bba38e45c3d85d7f978c0853a438bc3c69ca32c163422e457fd1 |
| SHA512 | 05a46b1a88279b864cba48c8e4eaa2f3a3ccc1b72f4834341541e432977e7fa5eb56e590da8a98eecee60ac8040744b8f631ab8cb1d7d47e8e75b55a180aaf27 |
memory/2272-132-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1460-123-0x0000000000190000-0x00000000001CF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cIEswccY.bat
| MD5 | 0e11b32e23839f0e8ee79c14717a3513 |
| SHA1 | 0d65bb1b2e4b343594864498e9f85d07511add6f |
| SHA256 | 0cd70a3f77676045e2402631a035636f3a2976ec40a77c8954bfe60689d7d522 |
| SHA512 | dc50ec7fc8872a48b556b6b6e1ecf8af3291818ce641f6c5421555d84ca51cb92576c94fcdbf7ef35463cb02254af6ca264a06bba3a4bae1b3d59ea28b8e6dba |
memory/1768-110-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2016-101-0x00000000001A0000-0x00000000001DF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gWgEYQcQ.bat
| MD5 | 01e9ef29c4681fe0d83c2eb4b04cd1b6 |
| SHA1 | d4fa8754f4094dccbbf5914c9931e761f481573c |
| SHA256 | d5a966da174528519033876b36aeb63698f503bfc775d1ae642d1cc8d76546ab |
| SHA512 | b0e58fc14171bcb895a08cefc4d4f601d2048a7ae8c01db4404d637b16638be8f441fe5e239b278646de84e74727cd3fdca8f0321f3fcc49bfc5be6315d76170 |
C:\Users\Admin\AppData\Local\Temp\wcccAgwE.bat
| MD5 | acfbfae52193b117cc078bcd0f702d5e |
| SHA1 | c9412ab85a65ecb6fc4e90768c34f85b0be9af5e |
| SHA256 | b4cfebbf9a58fe42765d97c523cc7c245ead5b343bc5dd982fa778e814a2c5b5 |
| SHA512 | 36a85522c133d0de6ed12bb0d25f87b872a68d3119e922f1e19cb9762ab1d3f7e083663191cc85345b96b667ccd2e90f8986f2550f198d099ec6b18bb3eb3178 |
memory/1740-88-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2360-346-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2472-79-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GKMEYkUE.bat
| MD5 | a376676436522d32114724a59d2569a9 |
| SHA1 | ae48f0351a1d67c7647c6c416dde54779ca87e36 |
| SHA256 | f4d5527fd4207f3c688e3e1d99b97e9cbb8356a3e54cc290894761cd0942b040 |
| SHA512 | 293495f52db7cc8c1441612b4483bf34935aa0afcca4e6155bd7a3822c80c139585c45d2b11ade582e45a275778130e7713e7874f335d73afa06f21f1f16ca87 |
memory/2772-66-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2188-356-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2108-57-0x00000000005A0000-0x00000000005DF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FGMAYgkg.bat
| MD5 | 01a29c9a2186f9b4a16b63edaeca5a5f |
| SHA1 | 483e78dfb235eafa3ad1a59bf88f5110ad42a961 |
| SHA256 | a555a11e0343d83f9498c0a7af19feebd97908923c4c692cef4f695b13546325 |
| SHA512 | 36547b4961fcafde31e5b8a0e1f88c9912214aa9a3d398bb8df6a40e4e419965a9c822b3caf917b2c9d122175ff69345b33954c092812ff7957d3fc6547cac39 |
memory/2268-42-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2752-33-0x0000000000270000-0x00000000002AF000-memory.dmp
memory/2772-34-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2752-31-0x0000000000270000-0x00000000002AF000-memory.dmp
memory/2268-29-0x0000000003DF0000-0x0000000003E24000-memory.dmp
C:\ProgramData\oyswggAA\uYwUQQAA.exe
| MD5 | 41911908467782d16533c99424efafc7 |
| SHA1 | a2c1a67383e9db6d905ea2293eeb5cbbc0aa3b71 |
| SHA256 | 1c8ab27fbbb88aa669f4e2db2785823e7a1afd57edb2eb0c4871c0f73d57ce6c |
| SHA512 | 0ec6e7ed21238a2cd10d385defa0a9e3c2e674a5aa259d1e8f8f83b441998f3f5c26e0df20a73e2490fce386d0a76e953f30041c4ce20290d73dc407917fb7ab |
C:\Users\Admin\AppData\Local\Temp\fCAgQcsk.bat
| MD5 | 198730bbf7143997616706859ecf430d |
| SHA1 | 4127a5c7c77a902974af7bc8076c306efe9fd711 |
| SHA256 | 536ead52db84de392e94b9645d873d0e98e37cb2df13605ef7f80f803d84f0b7 |
| SHA512 | 13c3631afd85b3f203925930be68013a25975170a049ed3a1e55b71ec0b929444afe0e56671e564f3c7e071ab4fd1ea12e6ae8702e40fba770b025a1e27b2538 |
memory/2684-30-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\fyowAIAA\tOAIAYQc.exe
| MD5 | d8c21265bea0b503478e9c9bebabc353 |
| SHA1 | d3e7e22208f9d3420a0a5ec085c8c89518be9938 |
| SHA256 | ddb76ff19057a51b7b3c8af459446ce82156885228cd4b80d3b3560e8c2493bd |
| SHA512 | 7d73c937c600d7cb8811c90367498d7a8135ac5f38e492e7c68314d073523f24ac4f898ab8e80708eb1118a2c017b76ff0e78bf6ca8c80e3a39ebecfab776ecb |
memory/2268-12-0x0000000003DF0000-0x0000000003E22000-memory.dmp
memory/2268-5-0x0000000003DF0000-0x0000000003E22000-memory.dmp
memory/2268-0-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\mEEwgQYo.bat
| MD5 | eaa840f1f2bb40c05970c0eef4fe847b |
| SHA1 | 38b067eafd219caeb8b042a85601afc51a84b6e4 |
| SHA256 | ead8c5a592d126a1aedcdabc529be0e1015afb1f190ce5eb0ef1a8649d94cc35 |
| SHA512 | 27bb7179627765d8ec0e68d2e7ff1c297d72e1826e7301535781a68553ac76103e3a238840d342333820190a68f65c77ac9071df83cb697e9b8f195a68b6db42 |
memory/2140-369-0x0000000000120000-0x000000000015F000-memory.dmp
memory/2388-378-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BiEAEQAg.bat
| MD5 | 50d80402ba37a51cf6ccd2b5663d8b0a |
| SHA1 | d4fb768e7e43c162a8958f1fb7b98f9861aff0e2 |
| SHA256 | 1f7ad3a44dc876dffbea1028c51f9ed776f2fee4da806afc50115cca2e0d6aad |
| SHA512 | 73022739dc3b1c9cd908b2ecaa13a07339635c67deeb240efff4f09edf9acf8caae06bf11acb31bc2de7f07aac7118a59363147703bb8f5e3eb4cb6ccf5f1db0 |
memory/2488-391-0x00000000002F0000-0x000000000032F000-memory.dmp
memory/2932-400-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fQsoYgkI.bat
| MD5 | 188509d1af6ef9e65d48b87fb7c87db5 |
| SHA1 | d1f2b3e00f291eaec1f43a2dbf2e20d35a114d48 |
| SHA256 | d41a66bbdeeef98dbddd8bacebac9032d68444b9904e79144d3d78a55160c83b |
| SHA512 | 5caf6e1620bdeec995b7833c71502b7247a2e84fbd420a260344770a1e8b0a158d2495cb2ad2d413c58b91fc618dbf35b372db04eac8068743e044142808bb42 |
memory/2716-413-0x0000000000160000-0x000000000019F000-memory.dmp
memory/656-422-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PMogIkQo.bat
| MD5 | 1d5abeddfc1a73a5539f22c884c2341e |
| SHA1 | 5170a97a50f766d4901749f09bf4e76795d28dae |
| SHA256 | 6fed26584cdca4c3c8a1e62c80a6e6612029ead74ad32aa3d59c4903038f1aaf |
| SHA512 | f846db89e7fc367c1400ee4fe50010f61900f5ffd2040576d06989d524203779030b7ef40503c4b875ecade8d1dfaf4b4400ff4e72242f6f893da745b76aa536 |
memory/2756-435-0x0000000000370000-0x00000000003AF000-memory.dmp
memory/2624-445-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rqMsIooo.bat
| MD5 | 1eca80b706dd0153565bbf6efaec1c53 |
| SHA1 | 281de5ac5bd9bfbb22ec138fcab56ef0f8dd68a8 |
| SHA256 | c7d0eeed83c6bb0aefa4ddfe8c00909382e66b1822bedc403674edcece9ed70c |
| SHA512 | 250ed97d2362740a012d32e174eff015db6f21ab8cf7a41172fe5f236e203577bdad5734affb1a52a0b1351f49ed0adecbf4c500472041199c00c99d33b9665d |
memory/2356-459-0x0000000000400000-0x000000000043F000-memory.dmp
memory/408-468-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IAQwcEQQ.bat
| MD5 | 297938985e93ff554d3a4d73aa68261c |
| SHA1 | af811c34f075956eb925e4fe34101a5c54246ee4 |
| SHA256 | 1ae01594ecbac3d5d06abe49f6e141642b776b474c5cdb639665b345076aabab |
| SHA512 | a0a98fdf6c59edba3694c5482e65197a58119aea8e975a6ac74df947dff9e0a17a43b35b9574d3349e808f2ff9c9b2f5eb375544727037c5f47311a906bc6a39 |
memory/1480-479-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2356-488-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WIMgAIgE.bat
| MD5 | bb810b199663e1e23604d0dbcf778ff2 |
| SHA1 | 9ea1f22e7469120ace1aacd7ab08b9d4a831cf46 |
| SHA256 | 80ac0899ddd3d642340698ec6be0cb22ebade2f88ce9cca5fdf15465f50a47c5 |
| SHA512 | 093e00550cfe730fcc71c0895e25a53d383ab9bd46801a732bd83a1949c9748291c0de8a9d6bb516785a4580d84f3a2e9b779c9a107d9fef3b78d1f0d790d70e |
memory/1480-506-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\awQUMcII.bat
| MD5 | 30a8a0d042adb9cf1f1224c647b56548 |
| SHA1 | 3a8aea84c609c81d679adfe972e3484ee8b165e0 |
| SHA256 | a617263f918634096edad598b1a8096f8a69480a81870fad76bc79cb713f2541 |
| SHA512 | 997d9b621527ce02a065a4827ec1c9257d4dff7517ee5db285f477d1425d1a9472d5a74eb1a22d88dd84b5fb9953120597b6327581edf6a6919a1b72d84106cb |
memory/2540-516-0x0000000002230000-0x000000000226F000-memory.dmp
memory/1600-526-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QWAAoksY.bat
| MD5 | 94ba0bcb91a2860d88d3a06ab3ca935f |
| SHA1 | af26ddcec0288ea1c3eb97a0aa6819d85282ea15 |
| SHA256 | c21e24496f17af93f9a5971dbeb777d698713981d23642ce1760c2529349ca8a |
| SHA512 | 0b4ded537568cdae2f6abaeeb36454f552e78f3cd742e5d5f7669e11f5aec71278a3fd266d9a1b563626dd2ad90487819de4bfbe3bb231ecfecf040ac4f325e3 |
memory/2752-537-0x00000000005D0000-0x000000000060F000-memory.dmp
memory/2876-546-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\HYswcwEY.bat
| MD5 | 0d0150bf40350a60ea6ff6accf282fe5 |
| SHA1 | a891b639939d222d70b1693b4725945c13fb0d50 |
| SHA256 | ba226e1f0f624eccb992e97c6c7e9caa330a7ad01916ef485a374771ca95ec21 |
| SHA512 | ff1eeae3ca8c1a467a49d3b0c22efbd10a8f161701bcc1f524d75f337edb2e797f7a6612506700cc65a6bb25c3f82272440907950897f822ff532423c3a52a73 |
memory/2716-566-0x0000000000210000-0x000000000024F000-memory.dmp
memory/536-567-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2928-568-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2728-565-0x0000000000400000-0x0000000000432000-memory.dmp
memory/2716-564-0x0000000000210000-0x000000000024F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\JCUUwAos.bat
| MD5 | 202c4abaf4193659242adbc6064b6f37 |
| SHA1 | b4350ebe597562507aa19e868363be049e5e9bee |
| SHA256 | e75119443d291179053153868bb0347918cf8de208fc9a93f6363fb912deedf6 |
| SHA512 | b4e465f9777c5689edc3b5b0ed0a8ca40e499f77a191f137ceda5ccc78c0feb5d327d3e82f8ebcf2e8ee4a8cd3093c4816a62a439d77635ece425d7f09f6bb6c |
memory/2924-578-0x0000000000420000-0x000000000045F000-memory.dmp
memory/2136-580-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2924-579-0x0000000000420000-0x000000000045F000-memory.dmp
memory/536-589-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PyEwYsow.bat
| MD5 | 1132bffc5559dce257ec5807ee7decb1 |
| SHA1 | 06f8697b0c89e0393e0c9ee2fb5f6d2fc1201fe2 |
| SHA256 | a35ce0e94430d30303cadb1b17b0e5721ab3ff40970d32b84006b5de479fe0a6 |
| SHA512 | 8a24a895d0e869fbae9d3630f8609e7a2b879cc2652aedf9254760eb74d83b92a567fc6c83b4bfcc3c47438ff5d22fa1804218cc68fdf94b1ecece5e62d9df66 |
memory/2684-600-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1688-599-0x0000000000170000-0x00000000001AF000-memory.dmp
memory/2136-609-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BYwYsYow.bat
| MD5 | 08240afd4a02024974a1ad73fad04757 |
| SHA1 | 4d15daa5d641abea3a898be17bfa868379eb5eaa |
| SHA256 | 8dac9e7efd44bd63db94363197a557f60c9c6cbd2309af64838213af708f010e |
| SHA512 | 6f51f3d784c0ed7087c99641ae3445c50359b8e7a40da33401bf12438713ba246ee0464a8c4c49bf711e7c9cef40892979ed52b51dfe03486a3204781013f3ee |
memory/1852-630-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1464-622-0x0000000002220000-0x000000000225F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\oiAkgMEY.bat
| MD5 | 63624c8929a8822d7119447d2ba26925 |
| SHA1 | c63e64652dbc274f4920e9a3d3e453d77d212f6d |
| SHA256 | de36719f800f7f778a7cfbe57adb57c7fe364270d373c795b6ca630b1bf5d106 |
| SHA512 | 47124cb3b5d068c811ca3e59f1295fe30ed7a48daa1f29ca1bb36061d5ffa384f7354fcd1167b923aa90d2b3105adf0e10108dbe2b838fc18e2de88060cfa975 |
memory/1756-642-0x0000000000260000-0x000000000029F000-memory.dmp
memory/1756-641-0x0000000000260000-0x000000000029F000-memory.dmp
memory/1656-650-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qoUMUQEg.bat
| MD5 | 5cd35baec537cc6eb043dcdfd1f227dc |
| SHA1 | c8b40540a24ba4943d7e1f2ea615f458c73faf14 |
| SHA256 | ce3205c577a0dcbcb630973b61fe972baedae180879ef8d5e631a5796647ef37 |
| SHA512 | a25fb4a6845b6ea80665c6c27672113dfcdadd7980c00e325a352e5401c58f19ce6533353e221d7683136c39f5d719850ded0dc6f056b528cfb789986ad0ce64 |
memory/604-669-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1984-660-0x0000000000120000-0x000000000015F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WIgcMEQo.bat
| MD5 | d511767e10592f1e60f9340b4432a8e1 |
| SHA1 | 0ab409e5c5e89a98764a251c58058a06ad79d1d6 |
| SHA256 | 3bc33560cf4353b3940949a18e0dbef52467f2678c00d5b77fc5d1d91c1670f9 |
| SHA512 | 930f2e17015ae1b3f9f33c336144b1705abef8e8f5c09391f12ed6db970f44b233dd7ced4e79ae4272df22c923ae9a69c5cf9dc892feaa203ca73b978b0a36c8 |
memory/1192-680-0x0000000000130000-0x000000000016F000-memory.dmp
memory/868-689-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\McEC.exe
| MD5 | e9905102adfb6826fcd3968ab7c1326e |
| SHA1 | 35d83539cde00b8b0591df9e1f36b8c9328074e6 |
| SHA256 | c68f4c22f862f21dcc762e1fc8189fa2504c2f3ccfb6ccadb28289f23a35099c |
| SHA512 | 9d766ed545a06508d581e291d42985264f93544144fd46b7033a6dbc55853bad1d529ffb4408838eefee1927fccb059c21f6e39422615f4045596c20df38a975 |
C:\Users\Admin\AppData\Local\Temp\uesMogEo.bat
| MD5 | 471349512add58d31f4dde35b87affbc |
| SHA1 | 6334b14f02d6e4ae8eb41468b8b2b0c976ada27b |
| SHA256 | 82a68d173da631c83ab1985e81b7bf2379e701b406b26e3df16de76c4dd139c1 |
| SHA512 | 10490293e41ad6d6312d4be8c6f89517299de55f1cd21292708d21783392707f307bf5cd354e098b7c883b53130cf7de7be8b9fe32bd63f9672d0eaaab387ffe |
memory/1212-715-0x0000000000280000-0x00000000002BF000-memory.dmp
memory/856-723-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1288-724-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tWUgYwMA.bat
| MD5 | cab101ef9e0da520e2099c66df79f64f |
| SHA1 | a872b6770a6b84e1afc3ae04c28acdbbf40e7d29 |
| SHA256 | 462a59d0a75665b6591b0be2aa23b1540d40f0785147e84fbe09a58c029411ab |
| SHA512 | e5edfb0b212503fddb599ee38928de78cd5a12fa23b9a4799cd0d323f6f5288cbf6e2b88b9a1134b0cef85d64bdf95e0a00a69fb596736ab482d3d932dbcafe4 |
memory/1896-735-0x0000000000120000-0x000000000015F000-memory.dmp
memory/1896-736-0x0000000000120000-0x000000000015F000-memory.dmp
memory/1288-744-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vCMUUcwU.bat
| MD5 | 432bb095c6c3fcce796429b5e86a4db8 |
| SHA1 | 0b0881fe75e84e27a34844071725229cf6c04df4 |
| SHA256 | fcda19bce8b6c771759ee2982f02e2cd8dd4a6938d724b79fd9e6ab77353f938 |
| SHA512 | ca3bcf770c86ec7c720fc9c5354369b68e4ccd7b8080b28024ca1a6132c21867a63fcd878b622a04d22e2d00ccbbfd7dd74e23d809a13e968692b047b64711f7 |
memory/1652-761-0x0000000000180000-0x00000000001BF000-memory.dmp
memory/2536-764-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2620-763-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\LcsQwgwk.bat
| MD5 | a298c65849310666b56798631bb0ada3 |
| SHA1 | 8fff76e112f08811925a7d856ca30daf63faeac4 |
| SHA256 | 72b0c006474b44dae12a35bd4867db25e851d8c35e9a22ed89668b373107d853 |
| SHA512 | ae4bce5ae4f9b78b7f13d2263ce5f37ce7bc79fd2c570de087df4b47d13ea9d71dbdfc2ebe2266dceaea1851c65c0218afae514a2feb63543519eca74852ab18 |
memory/2620-784-0x0000000000400000-0x000000000043F000-memory.dmp
memory/324-786-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1752-785-0x0000000000430000-0x000000000046F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\yqgYAokc.bat
| MD5 | cee3515ffcf8fafe08d3bcc5a48f5bee |
| SHA1 | 8fa1cc22604a7a6555f0da2ca33a86ca63840b1f |
| SHA256 | 61df397d1219016b8c5e0000cf23f14d5f093b1bd2b6abbee45ae2adf906a3c8 |
| SHA512 | 4bfac792e1eb7705cfea7b81bed46e953ddfbb22e1c70d76719cc6b117eb5317868381cf3ab0014e6eb9a644902f56186cad5e3b8867bd8243ba9e135b34ef62 |
memory/324-804-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2888-806-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2204-805-0x0000000000130000-0x000000000016F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CKEAYwkQ.bat
| MD5 | e0f294cd81b640f2e8e5aa21c2c89f78 |
| SHA1 | 61346b7d431db4577b5a39e028529d8d2ce486d2 |
| SHA256 | 0ea3550d397bf6042ae65d340003e7f3d1d81b6631befbcff42b7fee1296c9b9 |
| SHA512 | 3af0d434220556c8ca42d83328fd2a1b7cc9ecced19b2f9d6d97aa9c398afdc19497133a06b0bb2a84502b84d2a7a623c39f4b03cbd7db4ca06bd89b435e10ba |
memory/2888-824-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\wiYUIQgM.bat
| MD5 | b625d927c77add756ff430af1042cbfa |
| SHA1 | e3b755d92058d197d271f7afad5588a4457e46fc |
| SHA256 | db38b5b9182ba67e49530961baa533ba0109e3bcca471e6b8f593b521a315646 |
| SHA512 | 315106d359cd73c11b81e0dea5bb1606d09777de9283c300a2ce1a74974a192ab67a288e7fd11cd37bf42f6e93296934f55d97975cf4480a785a997f13f2f688 |
memory/1836-843-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\sUscMksU.bat
| MD5 | fb5b0732711a32af58a279c0cd97bf41 |
| SHA1 | f24e7f7427aa0ebb38dd4c26bf8aa7a4dea70619 |
| SHA256 | be2f14b8b7069805632ebb5730693277763ca489440502f341ea3a74bcff3e0f |
| SHA512 | 6c70a21dea8045458412022577d4092d02037b4b670421036d6d3514528dc398dd93b657a56801dd4172310fa4d190c8e26110296b583b0f00153c3fda03f7c7 |
memory/560-862-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\LAIwgUYs.bat
| MD5 | 28d3c4c7ddac4232f1b6b777fcf8ecc8 |
| SHA1 | 57c5054beb94a4e4eb01d131cbddc08a4591a09e |
| SHA256 | 94cc2a1f400ffaac580933950865722cc49f656cb91a940c0f3bf05f060580b4 |
| SHA512 | fce4533af49c9c926f3c035894aa9fbe081bbb1cfd9a7e1677c11e2a793997cab511f9ce97646a20d22e6d037d5618c28921a0eff6465c00bda4a28c5dbdbde5 |
memory/2472-880-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\xgUwEQsA.bat
| MD5 | ba2d21658af020604bc51e16b9df763c |
| SHA1 | 7ecf4706ac81747f84360430bd7caf33d9a1fdb5 |
| SHA256 | d1303fd5d06468a070506b359f0ab00b50a710f095f0db2ae367ae022726864e |
| SHA512 | 3f94020ec44e88f1830eb3448d83d6ea0509bdfbf3991cf02445b5c8771c6567d3ffeb2631456bef8ac8dc20429b5211a9929d5dc8dba6c1800f9c1bfdfc6272 |
memory/1228-898-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\LyMowYkw.bat
| MD5 | 51d88710e29239b3f5e9f6e9e868e9a6 |
| SHA1 | 7873a10b466a452915cbbd627b07290e1321307f |
| SHA256 | ccaafbbde3dfa47153e0a3703e7362615c4ec12654a2ae0668bd106099acb340 |
| SHA512 | a4d9de8629c52bacc74d87dc060eeb6fa60347cb66c56a5bab2b8d842786d96bcc3955442345a01a0d6a8fdee31592fd4085246e88eb3a59b8cb588ce9601fff |
memory/396-917-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2164-909-0x0000000000170000-0x00000000001AF000-memory.dmp
memory/1752-918-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ZAoEsYwo.bat
| MD5 | cb1a83023c4ded0b9d1021c66c98d7b1 |
| SHA1 | d531060638580e2a27f89350937bb0c7b94aec63 |
| SHA256 | fc227bdb7ec6ea145d63dc0592178e2fffaa292ff2b15aff4798c9be6c40280f |
| SHA512 | 6972e8e514f833823dd705d50be56266b38273e0b30210699b8671e708fe336fd48c3f295418408e1c32cf663530be9f906129f87ad18b86565304f8a3705a4c |
C:\Users\Admin\AppData\Local\Temp\laYwowss.bat
| MD5 | 1037cc773371215198ca619283934cb0 |
| SHA1 | c5ff80502cc0ec4dd45b6fbb1b40154a5c190b5d |
| SHA256 | a65451284a66ff0cb8acb4f9d65481b3714d2d261d27262b81c73fe6a52ac59f |
| SHA512 | f2d7af8878bd033e461641066814c4bc7eedf31b6930e65be57c8f9dcfb398ddc5756db07c416ac1519492ef5e134adc3df505896fa2ef75f34001c967d1a01e |
C:\Users\Admin\AppData\Local\Temp\wEYQcwwY.bat
| MD5 | 511785fe05c23905d367a3e9fbd1c92d |
| SHA1 | 8e9479e958ea237a0227bea927d20fe0bc074191 |
| SHA256 | d6b10c5a875c29dd7742148e250204e2de13243770154dee9c539c22c81c21ae |
| SHA512 | 3e14cf51de3704101d54972db96b66c0c90cc9c1a190a3b0c268c6f19a6d917ff46627a90eafee923ded63849263fb00b0856e4aff36b021e06d60a6f0b4ae93 |
C:\Users\Admin\AppData\Local\Temp\KYcQoYEs.bat
| MD5 | f34270d31ec593b5df53677f81698414 |
| SHA1 | 2a0fa47916375192e78d1db98893f0b6ea33c370 |
| SHA256 | 6b6fe2f653a23886ab3049f3077c8eb77dd5e2826a5b3826da110d8d2e46d3c8 |
| SHA512 | e69f4a18f02df7ba868f91d246eaf243bd9b41fe4676b7bcd6ffdbd5f7f0551a8a39a5350a02faf6a870c5e2cd3b2930a9c3427e2b5609d1ecea66c59ad55701 |
C:\Users\Admin\AppData\Local\Temp\gesYYQks.bat
| MD5 | b388bd1fd96a37b214c225bb1293758a |
| SHA1 | 1c93f58cffa6c92fd69db47dc20f18cba6fb04a2 |
| SHA256 | b910ec5e0a49d5724678c879f1bad7b3612444452b6e7087661448febbf41a0d |
| SHA512 | d4447d0c1758c4654939e6e059a7cb50c29ccb3313afac0db43ecc969a17b4cddd5f6583643822fdddd75a32dfa9d3b4b584609ad0e9be1f10ea972a3de31cfb |
C:\Users\Admin\AppData\Local\Temp\jcIAIcQw.bat
| MD5 | 007b62ffc3f3a6456f899c3b2d9c8872 |
| SHA1 | be747069d505825420703c8973c89ad8761d919a |
| SHA256 | e58dad9421ac03b45acabcdfee90004c718f76172c9a9ceaaf24add0680191bd |
| SHA512 | 535ae21af5a2eada34b9a148843840f2f8d2460c52459f845e66a075645708179a201c77026eaab069871e5a1a622379a8400e9abaf270fd30e32cc95da63933 |
C:\Users\Admin\AppData\Local\Temp\DgEsgQsk.bat
| MD5 | f6573c1f10bb4d2b80ee5dde0e1419c3 |
| SHA1 | 183170560f2c82e768bdd3791610cb7cde79d332 |
| SHA256 | 3442b65ff1fdb2f71b19197508073ff41fd1f89e003d3cea37c4c7fdaee57d3a |
| SHA512 | b77c38f617a405688f5e74c2ecf1fe88dbb16549babdd76675fd3bdc8c34b00d544215ad189051756a3d80869aa4b173f7b9c5eb74237d349cc96febe1b10795 |
C:\Users\Admin\AppData\Local\Temp\zSkcMgwI.bat
| MD5 | e3ee028d9da5a5656da9fff75223fb1c |
| SHA1 | 8b740fe025e2169c6e1864d21d2fda9e73740055 |
| SHA256 | ef19604f41e4908a0c0226cf23213195b860d98109382d90b1fb93a4fe032e40 |
| SHA512 | aca4133b6b8286b0b2f6758223c8fe43d705d59e08b54a155bf6cce405b462a53feed8f1b85e3e102b457146f5c37c9a581da3459503f0b8ab551e0b95eeed1b |
C:\Users\Admin\AppData\Local\Temp\kYYy.exe
| MD5 | 9291400b0fc830748c370d20f8484d61 |
| SHA1 | f3171c9a6429cd0f24b3f7001ff260011aa22d07 |
| SHA256 | 3a0e5fa524ffe0847ce5c987d8c2ee381080719971b8666b53dbcc2d175bbcdf |
| SHA512 | 6cdf39fe526b4ca2e65b4f0e9a6d6c04d7789d53369bdfacb9719677053009820981958554abce01ec2eccf9d209db48b47736ac1ac1a7094ada0e1ae2df1d06 |
C:\Users\Admin\AppData\Local\Temp\KcIs.exe
| MD5 | 95a97b5d0d09be10614796615c1ead63 |
| SHA1 | ffb6a504810fe6d95e027577fd838e49f4b8be34 |
| SHA256 | f1ee53537354a8174c20ca04635c755fad55c02c187c42817fc47416166ebe42 |
| SHA512 | 6eaccae86df1f452bff111aef52c588599fe7c965b01871374351ae7bd72b1a15164275c041f510558ac68493969c781e5fe098649f499688941b7c005a5a1d3 |
C:\Users\Admin\AppData\Local\Temp\wMoQ.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.exe
| MD5 | c25062f8d6a433c3610a8fb6618aab84 |
| SHA1 | 53f22b08158f88c494c579b2b58d1beb242a41c7 |
| SHA256 | 18cc044507404a0f2e1d6a95faf22ddc18a6ec9473d40f12dd0a815259268a6c |
| SHA512 | e860b096614694119a22a5b8514b97618d87d3505a0523ec5ea2596e613f6d0cce3ddfc778f7ca02cb225d3d86ebf51adb3c72a8325c0f2ca4b6af3c6c215746 |
C:\Users\Admin\AppData\Local\Temp\CoEu.exe
| MD5 | 643a596d2c6706bc220f2c7b48d15859 |
| SHA1 | 3704135fc4286c2498fcfe8e835c019bcf7aeb2c |
| SHA256 | 074d0a801682fd718ab9f311c716ae2e98cfbf8303c9e73dbc380d477265c426 |
| SHA512 | 8486404257d0920227d4a1baf80f4425e83095f37b832638a67edc93aa8bfdab47c3ba7157be6d85df25bc6ca5c2ce79ebdc41d02d8b7eecea62a20e7a530eef |
C:\Users\Admin\AppData\Local\Temp\AIIgUsUw.bat
| MD5 | 10dfabaeac70c99a918f01990b01b7cb |
| SHA1 | 6aeaa185db8f748defabfc055273e0e0bd1a851a |
| SHA256 | a77f4d2c71043fa1f1bfd4a9a874b3716feb59522b7e09d03b4ecb0a8a71239b |
| SHA512 | 3a31c478cd46aa0a9d424be31d42322517e6c38184e54b7faa65a52f677882d02818b04b148296f16b5e9725ff3b4b08c4af3cb7fd1ac8997dc06b9f27c5b114 |
C:\Users\Admin\AppData\Local\Temp\kEYQ.exe
| MD5 | 147599f02a9ad194a7c2cb2f1f090815 |
| SHA1 | 9a00b6879cdcaceb712266682d1438114073f117 |
| SHA256 | 06980b54b493d46756ff1d8c26860293b0666b062c0f39e9ebe9d3293457b151 |
| SHA512 | a7a97a64a91d7a307270dec5b2f6181d20b11396fea7eb1789581cec1516f527e2f8a03db4f5fa95c3e8040846f69f74c02543a92c1a0060352af8a8dc0bce50 |
C:\Users\Admin\AppData\Local\Temp\MMII.exe
| MD5 | faf9cb4ea7ce21656833b1065574102e |
| SHA1 | 7a7be450c5936141804a3d7679cae7e22a6644b6 |
| SHA256 | abc300f2fef2784ead2e41b6091434cf01a9614e7d0e27d9a90b0057bda3e052 |
| SHA512 | 12f2b4b103aecb3c3d629e13e3122effefaba656024a6083352dbea18900456339fed08c2081eb4b41372658324d200838aac09989417f12b28e89737b0790cf |
C:\Users\Admin\AppData\Local\Temp\qYMA.exe
| MD5 | 3fb7b8cee2d3560785151ca59bd428d5 |
| SHA1 | d4e3d1cbdf3d5afc5ca93def8e8f523ca864fb7c |
| SHA256 | c4e2658d532c8180d828df2d96dc98e4b69ac7eb46cafd8563aa9ebe456c3ab6 |
| SHA512 | f99b562f1773714ee5989463ddf87dd1823bf206a06c7620daa4ce6e91db7f5851a03845cba07a97a86ea4bd382e16eb8c3623e66592964d5c0e58e9942d3cd0 |
C:\Users\Admin\AppData\Local\Temp\WQkG.exe
| MD5 | 53d976aaac016a964e5642f9063dc9bf |
| SHA1 | 933712ce29ee802fecdfc6e42e17985a5b8345b0 |
| SHA256 | 78c5b036e97c16d9b693add38872bb2d66779c37aeab423586b85531c4ac91df |
| SHA512 | 6d543f4ebc6d73181c6eb5c920ffef75c9d54b50b1eae99619cb5dd25c5e3ddd9c4a018b118509e610773cd6f1a2309b8cd361011fb68a73e2ac3e26eeb571e1 |
C:\Users\Admin\AppData\Local\Temp\eqgkwUcs.bat
| MD5 | 13e2d2c82415178a939409a2725194d8 |
| SHA1 | f4376e8321dae27b6f12b23249822a4ccdc0d80f |
| SHA256 | 31554c90d7bbd88a9c933ba7be9ea3f6adaa0a5dee2078f1922fffb014c958a6 |
| SHA512 | 706c5cffe535a67b1d689fa4e3e531728ca425580417bde320699885056d4e7cd6064e392d0f819003aa1dc3ce3842c875ce6e4086be0749341ae54f4be4ada8 |
C:\Users\Admin\AppData\Local\Temp\YQQw.exe
| MD5 | 24919e4adeec72fec4ebfd6652710405 |
| SHA1 | 7e50c436cda9ffea104083d8a818620bc167d182 |
| SHA256 | 17964c2cbf5f89cf172bdb4418da48819d069ba620c45e9ba81d1869a4a276b7 |
| SHA512 | 229a8eeb7c1ce76c109b61f21fc8daed5345cd0744718646665bc5e76c49600a69ca7fa49c7c0647d98d263f305121ced01c08387af4510e569bdb64a098752d |
C:\Users\Admin\AppData\Local\Temp\sMUe.exe
| MD5 | a617ed35644c162e13d6efb0d32c5e8d |
| SHA1 | a190597b553bc317024dbf81e383fc87b3741983 |
| SHA256 | 3111d245d930bf0240e7ecf6a42f1f5cff48907cc6371c9f75787d1cc8da2fe6 |
| SHA512 | 1249a9b4408335d41520fe073a935205e30a3a1410018de02d0206f558ac394704e3cc306476b3f6ab6ecdc8eef72d25be9abe41a5104159d0aa91e3b573f872 |
C:\Users\Admin\AppData\Local\Temp\QIQQ.exe
| MD5 | f41a93ae1c0c688b05a6b89be10af08d |
| SHA1 | 4c36302555ce774ed406fde002b522786d0a8f34 |
| SHA256 | 991ca3e5397a85db23dcb0b44516c0cc79adf21b9ad831345f6ed8c71c86a8a4 |
| SHA512 | 5b1e9cbb8e1e1d0a6ab6fbb26e92b3b93b8a6a37d686fe50c4e2cf70256e97c5a698f9b1679c2ea98ea0902468505d94197f1080e22714cf9060b2c337f22b2d |
C:\Users\Admin\AppData\Local\Temp\eQsW.exe
| MD5 | a8409dffa9de05dd199b8e57c4320c83 |
| SHA1 | a55b8995d41e711e78cc8e6aa67e23bc30e36acd |
| SHA256 | 1bfef3c3e8bc33a54074e96d33878223923e94efff4e12666033dbc8c4a37893 |
| SHA512 | 00415bf6f45c48e31ed708514b6e0401cb4b3878204686eb8d3dab19905ec1322637e895b3974920bef995fc8d2eda5b03c22f67852030d558bde8eb259afef5 |
C:\Users\Admin\AppData\Local\Temp\CkMU.exe
| MD5 | 5268c23896f4f545a60afa0b69d90e84 |
| SHA1 | 8b49b5d8f147d6b3c6a82a23f774aaad713bb09d |
| SHA256 | 58cda3b237d2679d406db47ed1d82477019b275bd4c791d87dbebc97cfa098d4 |
| SHA512 | 28118575b9c909b3cc9e3ddfa78e4b15531c873824363840a20b81be17199d6ed1a2fdf68cc28f740419245e863167fb77a4f663f4c5db107d1d4f9a42d4aabd |
C:\Users\Admin\AppData\Local\Temp\qsUkcwYQ.bat
| MD5 | eedba3516afbfefd29a27ad646187677 |
| SHA1 | 738d82c3ca65c9fe67234662d98746b2c247f849 |
| SHA256 | 3fa73031542a5d44114385325c48f9c08ff0ffef06f0565a661b177e461d9ca4 |
| SHA512 | c3dc5b2461a9679a0bc7c32d342aaf3fc8024ce1090639e593c57b136f7ac85a6c559d4c812023c40f9e306b3be53a13a2935d9b3165d46dcfd5c9b714d359cd |
C:\Users\Admin\AppData\Local\Temp\CsMa.exe
| MD5 | 4ea57a285f73b82906166de4d61e7d82 |
| SHA1 | ba3e730073f6bf3d8145d0886d6d59e44cf8e734 |
| SHA256 | bcc5277c7b5de8f8106b47915c179f8aa417332db07f2c37435e0ca03704460e |
| SHA512 | d71b9b4348a5cc8bce650fcb458faff1d6b0dabd57e1cba724dc824ae05d2bc9befe448602cb6ad0c5d847f2e35bf97f59956b570d148e77fee2d28939823647 |
C:\Users\Admin\AppData\Local\Temp\SAYW.exe
| MD5 | 1a36f98e1db1bbb89eaadfee3de101fd |
| SHA1 | af7007fffe0e7c6adfc19116908863d7a3f28417 |
| SHA256 | c94fab8a11794a047b527bad18190eb94a015a2c422d1cd863f4fe8e9e43c378 |
| SHA512 | 763a436110a9e5b4e9ba9ce6ef2cb5293c22fc6bfb564651c0c1fe1b455c234f7a4add283ae17408505cf8a98b4b5f71e83b2a1c49dbb5fbd4a0fbe2257b2e18 |
C:\Users\Admin\AppData\Local\Temp\AAAK.exe
| MD5 | ea2db9eb5496b2b8182b432c7cdd8eed |
| SHA1 | 2b04ea8f4dddc210e45fd146e4c212fa2de8e2bd |
| SHA256 | 4d429327774d757f72bb15abfc13662d01cabb8ccf7eb24719c0dcdae6e80248 |
| SHA512 | 170f20c1de18d133fb70f60c2db844a4937ac57867bcf182a213562991617bbe5904e1b4cbeba4510e5aaa238808be42bfbb85cca78886d533524e86af45ae11 |
C:\Users\Admin\AppData\Local\Temp\cQUk.exe
| MD5 | 6d12979ad7add06a4b34a9ab436870eb |
| SHA1 | da2c25bb6cfddc1a86cdd0a431b9a776b36a297c |
| SHA256 | 19758c6a9b2aff3a11e3159bb95a131e34358aee47c59b6f908a7d34372dad90 |
| SHA512 | e237e430f0cadb6670a1dddd1d796b5e5b700bc03364d115519b70bc3d5cd2c2543fa04537bf2cfd90210a118ade2d965f6c6ea0cf7369754e8b63374dacf19e |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp.exe
| MD5 | 7b8e389c63b0a38b0076a63b085d5878 |
| SHA1 | 6b6428be2cca43abe2d1d0c3e55e048d143af2aa |
| SHA256 | bb0e29ada72d47abe1f736a1e8100deae267f4bbb6f7b38dbdf99deefebcaa5a |
| SHA512 | ea8d0cc8277a6ed5ebc59ea13a916f1e626a6ffa6f08995a33449369ee306ec0231a7c75a1197dda50feac862a159453db2c9335ffbc28c99680802d4c11b11f |
C:\Users\Admin\AppData\Local\Temp\aEQq.exe
| MD5 | c87646c16c2a2261a7a4fff1037363ed |
| SHA1 | 5843b50034a7b8db987f21ad3314c2bd27663c36 |
| SHA256 | c3f01ec016c378e48c5265a1316fc8f64c4d6377f0ccbdc14bf5acbd33186be3 |
| SHA512 | 0b52c1e132298aee9f801310f9fecac7dac9772aa5a38e2155d4f8c16650e52ccb0f329d5f017231bc849d7e55d1e42b4a67037d607ec062ced4e596a5da3466 |
C:\Users\Admin\AppData\Local\Temp\eeYcgAAA.bat
| MD5 | 860683c864cfa894d83a553070d1f1c5 |
| SHA1 | 68cdf91a7370dffb805b5f1ac389b87af747b504 |
| SHA256 | 1b628e2c9ffe5cf2c95e427a1a7bbd899a5dfd6e0e13520f917e383045cf637a |
| SHA512 | 9e4d89673392a51679efed7481aeb3207cd871a32be52bd06598ece8e2efa71f8acf581f64e720e370ed17d1f59c1fa10236de70fc70aa81e80978de1c4b3c44 |
C:\Users\Admin\AppData\Local\Temp\QYwC.exe
| MD5 | ceab4a7b99f5b386a9e52e1efbabf5fc |
| SHA1 | d978966d8149b61b744622f5887b3e0edc25c2ae |
| SHA256 | ac0393452d7eaac07d67642527445fc944b161bf6a039c5e41f1a059395552fb |
| SHA512 | 0ab5082a91b49dbceee89e1614946e4bb6558777c84c4eeafe0d0035b48bad4b60af96ec65f1112adb257dd7f52f2d5f4fbaa52932edadc7b664e2d5a0027b04 |
C:\Users\Admin\AppData\Local\Temp\EwEY.exe
| MD5 | 0afe5bd47d2a23e2d91e0b52b188bf2d |
| SHA1 | 1bb9bed7cb9c4a9d055f3792f0d3925241f19616 |
| SHA256 | 406d4acb8d9866a8a3e17b287563578585dd366d961f18d6c501d14036eb551b |
| SHA512 | fabd3901cdd4efb5dff3e4bafbfd9b2bbf8b50c979df630ab3c53cb72c45690cd102bbe9c8c6051e4628ee2f511b83ccc85f26a84e6361199d766e95a2d41dd4 |
C:\Users\Admin\AppData\Local\Temp\GoQY.exe
| MD5 | 6595496b7d46237940489c1e0ce6e8e6 |
| SHA1 | c1fe0e68a0c1e7a5c94097bde214f023d8c00fb5 |
| SHA256 | 0b2841ff40f8e7d5e5d08656e83ec8fc4ded3e81d995fc5aafceae404e742f53 |
| SHA512 | 1f9920afc3739d7bc20511722ad1bb476d2b28cd0e4208ede7294e2d0229f1c192d9739ab2a5a13e8aa47db6c071974181efd4b914db2236dec77342128c2a06 |
C:\Users\Admin\AppData\Local\Temp\UMEU.exe
| MD5 | 5c816547650c84e103a6acbda6c70ffb |
| SHA1 | 8028647bda1490e12a129303314e48759dd5728a |
| SHA256 | e822a16c6cb7cd40546a5f9a64a0718369373b10a94027d1c27919e521ebe739 |
| SHA512 | e9e1b563ff0ff3a0fd87933abade54458e4e897e165c203e0a1243031d564185c8bcc6fc5b7d8cea3ca2d26ba4bb8d554bafd344f97f7098f0d7c33b5f7f220c |
C:\Users\Admin\AppData\Local\Temp\SQIU.exe
| MD5 | 59fc22e1b9f6a679c0db6a891a21bc5d |
| SHA1 | 073c834358b869f266764ed435cd23a5ba062611 |
| SHA256 | e3c396cb04a1adb2b4cc2f0d235dbc4dd75f229e4c8d31dadae1d721b32c9261 |
| SHA512 | 8ef7fc93f4f568643f2d878bdcf576508e500d84b158f0f778e09497574d6106c9eee61057a6d8f828764302e2a27249d802db8cb533a3a4afa279f1020310d5 |
C:\Users\Admin\AppData\Local\Temp\gYIQ.exe
| MD5 | 0ada5d9cfda784fd44f9716d9f3b46b7 |
| SHA1 | 4f53d66d6c4c3e2ccd42191b1f43d2b47a21db28 |
| SHA256 | 670a4a3a16d763c712e5df6266b9a03e8fcec6d54cd1c4bf36b026709da0703c |
| SHA512 | 367fe44c6461438fa34914ac0e8a719b03f585def6af630944155a645cbdfe00cfc54bbdec55e82a91d73f0b2c45188873345fe01e8ff6bfc509d2c9f2ed6ae5 |
C:\Users\Admin\AppData\Local\Temp\WwMO.exe
| MD5 | b0d18f7295bfd218d882f6d82aebcc66 |
| SHA1 | c9d04cd75b4903c4046fd52d54ebce614b4cd0ef |
| SHA256 | 53766a85513f49ca0257e84b63a4a9f9e0285cd4aadb3e5a080b0dce00a6638e |
| SHA512 | 5782563fc91dec068a97be5affcfb4450c9a2e0e7c99a41346e696c3ee74784ece8fca084f669f1bb53b3a87a49287cdc61b52e9cee4966c7f83a3fe6016093c |
C:\Users\Admin\AppData\Local\Temp\PWkwQMwM.bat
| MD5 | 05f80a5afbb655461f9dfc175264fe79 |
| SHA1 | 94c5db4af8898c360ccb0efe101d6c13410a6db1 |
| SHA256 | 9139dbd3c5e80b121fd1308f48079473e41d91658eb250ce9b5f0121a75fa23e |
| SHA512 | 8a5a93bf1a7a4d90c08fa35d914464987347dc6b1f8ffc9682aaafe79fd65e30a59e5418d68b65f96de015cce120b8504fd20eb2edc7b28c7818fbf7af749d3a |
C:\Users\Admin\AppData\Local\Temp\AoYg.exe
| MD5 | 4903af1a31d1dad0834ce3a268a2a2c1 |
| SHA1 | ab1a04c01d856f2625af3c0599da0339bad1a6bb |
| SHA256 | 4cb5dad2b93364bdfdf84e6016729a5f1f9f37aea752d32186097dda31d9657b |
| SHA512 | 34dd29bcfed0aeae043b815dd69dcb58d62133c260d6f615a7a1c9e83c0ec948509e2160251ce809c34f5f05bb02e2d1efc5afdc0277c2bda26a33bc7078d096 |
C:\Users\Admin\AppData\Local\Temp\kkEA.exe
| MD5 | 20f26ab7cc734cf2511f34874bf62964 |
| SHA1 | 3e1ea50ac26905859d69e37672c9960a96eeb3a0 |
| SHA256 | c2c5569c00cccd1e66c89ae31b7258a4f87a41fb0092136a94d2916cba0eeda3 |
| SHA512 | b977d11b0acf1760dc7b1745b3ac0061af2aaef7e9c7aa3f99c1f28fd33363eddf4e423fd097703125914e663e8750b607ef7631446d675137a53aaa90d6e76c |
C:\Users\Admin\AppData\Local\Temp\AEUC.exe
| MD5 | 6e4f12f1100590813cde343bd481ab09 |
| SHA1 | 36ff263d53c53a67feed75cb2f0e50281b9565b8 |
| SHA256 | ecdba7ea04f17f07e0ce72cee6c0c12eca7e836a2c51d1b9048e466871c0be93 |
| SHA512 | f871cd0c400eb0d7e02240956de4ea2916c2e0045b792c91f15a1d1113b1e757be1822318386ff7fc1fda57ef829bccd0001bb629847dc25684c61cec38d155a |
C:\Users\Admin\AppData\Local\Temp\mUMW.exe
| MD5 | e662e0ab50f0399698f6837a9378ae31 |
| SHA1 | 3c33550762d3fcf455c2da1a5884e671fc3e5d6b |
| SHA256 | 3efce23c494f153083cb1bb82292fd1382928f6c1c7aef14ac022ff6ec6e7b3e |
| SHA512 | 7898f8f69bff29ed4c21e456480417f81cc719bcdef829869d7fcd736e1d8e9c2f12ff37e4132bdfa0a9299b05ce0267345e28db4562ef1bf001e42e1e18ac07 |
C:\Users\Admin\AppData\Local\Temp\EIoQ.exe
| MD5 | 390ee5b4d83ee43e3233a486a1f32a03 |
| SHA1 | 4cfd1572d215a387d3cf0f4c802c0d8c61f55a72 |
| SHA256 | 64a4a44793a2fcd6cafbfdf8c627a81dd82212a1a1bb15956be28fd2f35bb9c7 |
| SHA512 | 4dbdd4d68f9ea354ecc6cce68c317544d58ca2c2900c5391017c49913937237d382622828516ef93ee40025ae04c7c84b75ee93222ab2b5e33b3f43322afc47b |
C:\Users\Admin\AppData\Local\Temp\AoMc.exe
| MD5 | 881d757f89be342e4833456e5d7cfc8b |
| SHA1 | e5aa0f5c6b21a4270b46451ed5f56d7e0d0c8351 |
| SHA256 | 9e31af6476b410d0e4c09a12aa75f48b8cf1692b4d59da17d470a9e22273fed1 |
| SHA512 | 2d25d950040e57d8bc5a8b126a4031ce69fc15be6e6d1e1cc20f970bbfd861df30687d5819a118a21208d9015cb7df2853f844bdc66ac8027c3ad49144193685 |
C:\Users\Admin\AppData\Local\Temp\YUMK.exe
| MD5 | 2fd82d0b012da05701bd1898b23f352c |
| SHA1 | ae47be5a5a67c8f1d526b6a400341683c192cc91 |
| SHA256 | cbfcf42ce0c362356222679e10fc7fd668087d7ee234176065413ee30cf918d9 |
| SHA512 | 40a6d9541f28e5348d7bd6e0a8c796e002876338dcf1766e3a5bc5b198e2599ae61a23ca01c9799d059550a7c449ae45acaada656715573f64484b0d54cf43c3 |
C:\Users\Admin\AppData\Local\Temp\BYcQMocE.bat
| MD5 | a101a131f2894621422dd25c48a520b7 |
| SHA1 | 49c2225278ad162ee81f4946f0b6ffc09c2f1b6f |
| SHA256 | 552b9adbaad45142bc66100d434d77cf5eb7c0ddd478eedb9037e991372be455 |
| SHA512 | a7655482d85c8bdbcf5e8e844a81f04426b0b740871b872d58eeeb736fc10b746057c2b75c002b5dc0568e54fd608c729dfe9090f99232ba174f9c4f749d1a62 |
C:\Users\Admin\AppData\Local\Temp\iUUM.exe
| MD5 | a66d8eaedd301aba2c4eb5ce63ac7e52 |
| SHA1 | 590155d6cb24be14fd5c2159f469d3ee9080229b |
| SHA256 | de0a872ad1296bca4ccced1545ed7964d7336e0d9fdab33d3a9f89c81b26d458 |
| SHA512 | b47f07919e7c902693d5adf070c95e574b79392cb5850c7944d407c048af7a18b2513ac1b1801e31f331b8528a1cd0d05bc8a62c0c9c4366b592e5743fb99195 |
C:\Users\Admin\AppData\Local\Temp\WMIS.exe
| MD5 | 06650e36cce5ed722b8209f75d71878f |
| SHA1 | 737b57c02e6b957cf3ccdc53383a8a2571732b90 |
| SHA256 | 504d358df271a37b1b84a9374e099880b0a6846c36b8085c54c95e0b5e5cae4f |
| SHA512 | 677284ecc9621e69b7839bb162e2a69243aa7945718629848a39b64ad9c0fc6d93daeebec91105f66ab1c82f79bf6a0067809eca73a37ec801a2ca17feab8f48 |
C:\Users\Admin\AppData\Local\Temp\IAcE.exe
| MD5 | d460c44e1ce0fd6b8a395b4f63158145 |
| SHA1 | b44ebe578b94e85fb209232c27139d7b6f316641 |
| SHA256 | e17e8885fdee684f38f9acc1d50364d3c6fd3395b4d9d57a73007885e7e746fa |
| SHA512 | fc231b49799d4dae9e245d9fe06686fc9ab1334539cd046215c8043614f89b320cb5f48b05450cbf9088a18119eddd4befea9c12599d5ee6b4937b0b8c566a48 |
C:\Users\Admin\AppData\Local\Temp\eQoE.exe
| MD5 | 21942c8dbc1a1ae1e52699efa5dfa4f8 |
| SHA1 | 5760008d99d889ba7ddde53e06a36877e160175c |
| SHA256 | 368e6f8dedfad62bd6f3be171db38076ee7e29f5407680e58c38eebf86f387b2 |
| SHA512 | 53f1d2d6b3317d77891810ff5fb2f57c17b811c1f480c19d89ba610d16bf61dee7a205dc1e0042a26f634a63d69dcabb3838125c4430d56dbd7d61f0661efd15 |
C:\Users\Admin\AppData\Local\Temp\iUYW.exe
| MD5 | 305eb31a64b9f1bd6eff57c8fad0e043 |
| SHA1 | 7ce939ead754740ec358a9fa3b1b950163507f3f |
| SHA256 | d5b23eccbd0149a0de0fb37d6c893ad07d67e1f913777aac489062603eb541f9 |
| SHA512 | 44a347096539d863e790ff3da68d4495d5f52ecd17fdb99f5251e39ff37a8f1094591c211dab35524946f923718d77a10277831731b35f9cdecb913788f5b61a |
C:\Users\Admin\AppData\Local\Temp\eoMy.exe
| MD5 | f407daf545ccb9a8f7687b848ded1cb5 |
| SHA1 | 096b9068d6a751e4106a9bd9e0f657b690a93cca |
| SHA256 | d1916dc5e247a3db4d5e8d7f835b12ffd221587e76430f149606f593744c6bf1 |
| SHA512 | db938b507f554010e6b1ea8d6c2d071aee88688bfc468f83c5dc8c65517ea9e7d83a5a96dd19b02440bc25b70a4fe126dfbd867e02f5e2d60affc5109ce2eac1 |
C:\Users\Admin\AppData\Local\Temp\oIUI.exe
| MD5 | 843e65c88997722c623cc7ec1b3e7b25 |
| SHA1 | 266d5a9d199c8bce7f486a22db6e227f26029eca |
| SHA256 | 04f7d0f2c53ae4fbabe2ef9572426ff91269f23c69905467ca28cdac4479b123 |
| SHA512 | 9a414df495cec45d33aec54a76aa2fbbc933b375f71aabc8a303880448920f9bdbcd44aeb2a4b4f8c4d745cf1f08a72e8605a450b83dfe6c9080c773387ecd37 |
C:\Users\Admin\AppData\Local\Temp\ucQs.exe
| MD5 | e397d357299cdc5dff27107092ca0291 |
| SHA1 | 71660640e973dc62fcac24daa26ca3df6db26c6d |
| SHA256 | 43ea643a595e0e31766ad09cdbe0c993b42cc412138ce477b3f3c3976537c07e |
| SHA512 | acfb7fb6a028af37cf6ece9ce4c1aa5fd863c61302d64b636f7cfd46fa82f5f3962c0e713a743dcb0ead589c4e0552ab7457f0da14761fde79c83e8e3b88e65e |
C:\Users\Admin\AppData\Local\Temp\owUo.exe
| MD5 | 6e687b0b43891cdd0529cef9836e62a4 |
| SHA1 | f92feec7f0ff1d8283b000010e2cd7f4d4bfe347 |
| SHA256 | 585023c2a7edd0754eccdc42b468c155b46dc9610ee36aee0b1c2c8ec160d91b |
| SHA512 | 27671cf6d57da421e83e5b622101c981ec48af6051e4ae963ead2ea32d5b2401b137b3f099065f78c7395aa2f82ac784fef92cb5199e7dcce184fa11856e8bbc |
C:\Users\Admin\AppData\Local\Temp\ZUYgYwco.bat
| MD5 | 9384fd91faf414db9db88834dcd490f7 |
| SHA1 | cb43446bc9c6fdcf0ebf03025dbeb559a82a87e1 |
| SHA256 | 299945137efd49cb925d2135a3695c747f7ee3f8330b2517c453b1c85f180a57 |
| SHA512 | aac6252efa573cd41c73a238df9fdffd91a36d30d800e7a3f31050ad223d4ca710a76e7dfe270c6a4340dcaf1471a454013f58562724a05193e72026ff53299a |
C:\Users\Admin\AppData\Local\Temp\WwQK.exe
| MD5 | f647122d46e0b268867d2e7422d35fd1 |
| SHA1 | 668527a4be5c9c9a63494da60d7cc15238751ccf |
| SHA256 | 7dc08967ce181c87d8a97e4129a94358ce461423e2ad2b093b0bfd6184a5f457 |
| SHA512 | 43d0ee79692380deca4332c383141474f78423b5f41f242355dcd17c27be23bc60e4cf3820b2d472a8b64c823882921fdbbfbd106915e825bb60d37373a013fe |
C:\Users\Admin\AppData\Local\Temp\ogQY.exe
| MD5 | 7b788c8614d98ed29c9f7e51f26eb116 |
| SHA1 | f64fcc7769f1ee45ebbf1c5b452fc0e173d65289 |
| SHA256 | 038aad6e6b85bf560c0175b16086268a05f2ba84c205c35c14f005f336c65c11 |
| SHA512 | 2172616f6f40011d601521febd6fa2ced25108fa50ef3999dc16f835ce76d173b5ef1375b580b61b400cb1cfe252f6958ad10f9052a1ede4a2bcd1ab91926d4f |
C:\Users\Admin\AppData\Local\Temp\OUQG.exe
| MD5 | ce90c226b47056fa2e8fec100b94e322 |
| SHA1 | a75ec30ee307506192367ef3a7bc70f2b189f359 |
| SHA256 | 5bd2373a96bc9c74c62d32771072e76eb6031918785ba27b004ada32060102c9 |
| SHA512 | 50899b6cbbcc74a8d6391d9fd07b141202879ca17c440a031a0a927f0d494ed5195c0498650af755bf725cdae8228f60048e9f728a5e48499ceba5d64a855c97 |
C:\Users\Admin\AppData\Local\Temp\GoQW.exe
| MD5 | dec745c35dc8e64f593246d6ae5d5704 |
| SHA1 | 021ffebcb3ef5fd0b0b3486d9f94ffdd0af1e07d |
| SHA256 | adcc5b7f93747bb7381f4983788cc7ac7498bd8269226a7fb466bba2e39249b3 |
| SHA512 | 81a5b52047536e25175227e31af8a2a435edb879a04a976a927833a7b8f70863abf3bdb0e3d978f0412785c1490b7f10fddeff43b7e30c7d571502db0e763c6f |
C:\Users\Admin\AppData\Local\Temp\osIW.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\kIAG.exe
| MD5 | b8d37a26f68b3e5e01007a5713bd0112 |
| SHA1 | bddf9096ca2d0dfd07c918891c6f5a2afaa8f06d |
| SHA256 | 77dea9f54d60f749d02f503bc1aabd347d745baf469d2b3e52e3ddb35c51b3d5 |
| SHA512 | 9170bcc54775c3767a4509a06f38ec3c690b530581f19f866af4733d9eac5c9c7fe8618176e7b6507418cf84a89ce8adf0608e29d3add23ebcd9236e9d52b5a0 |
C:\Users\Admin\AppData\Local\Temp\pAUowooQ.bat
| MD5 | dc38bba58d9fcca7e4c2c51c60859620 |
| SHA1 | c4a561bf59235e37100133786fef3bee1f9ef58c |
| SHA256 | 767433d79efaaa555ab13d5ddf19308249da58b49271cc9de28899f4002b51e4 |
| SHA512 | b618fea84744726fbbcbc40b5215be34a9d7c49b3b111e8fd12a4fdfa87654df490d4694e7d0b2101d2c8ed25de96a12812038c73eefe173c9cd6276f11edd2b |
C:\Users\Admin\AppData\Local\Temp\AQcw.exe
| MD5 | 173d75c7e8b56e0e0c0d9eadfdee2d2f |
| SHA1 | 22faaf1d844604ed2d18815d7e81b7dfaf60319e |
| SHA256 | d9e05093ab3415fd7a6c28aeed12d780beb16eee127c74d10eb377d6ce60a898 |
| SHA512 | d56d243aac4bfb51d1e13f4da0ad97c07648e16dd89cca59ae6b70716a4000083094b2108adbdedba2c9296edb2537e14f81716d89439cdf3f06478a2ad03485 |
C:\Users\Admin\AppData\Local\Temp\aAsy.exe
| MD5 | 7d4cae6b86d5249897745aaa11526ccb |
| SHA1 | 5743a6c94383b30699074da2a2ff03e4a2a87257 |
| SHA256 | f12e6208e5d3938c973c85bf51c166f3ea4801f0febcb444e7792c050c9601d7 |
| SHA512 | 74ffa4b83008befaebc542c2f13910d64279ad399f2890b1e9a8f2453707606d9ee6529bf04632c2ebfc0cc2f4ade80cb2a307c24c48ba7c2a3e99752eb9c259 |
C:\Users\Admin\AppData\Local\Temp\giMoIoQE.bat
| MD5 | c146ddf8db43d3d716b43bf58f3f40f1 |
| SHA1 | 0bcfa782f746b2b919b7ab7018da4fb6d25bb497 |
| SHA256 | f908b802d50d8e11afbd6dbd32ad621c1a7076c05ea53eea3e68f08c3fd7e259 |
| SHA512 | 65597c629216af65531520fc6028c6bcce4afb819c6e7c6a9a5e4143da29690601fa7ea1aeffd2d582e9f72d81b0ad17aaf27c9400b8e2801b395cfb746f6f81 |
C:\Users\Admin\AppData\Local\Temp\OsQkgoos.bat
| MD5 | afcc63eda8b78986b307e91155155896 |
| SHA1 | 3102658ab752cfd2964eeaca54dd28b824cf2e54 |
| SHA256 | d9f7b604d062cf82f5fb9282a2a618aa7a5dc816cf8303ead4687d348e3d559b |
| SHA512 | 80b2eeed03f97bbbcaf98c64fa98f803a37dad6ad2907e4cbde05ac27e5b5cfe6ae490dfee8c4507ee71b9c0549fc6ca93a8586690d0dce739b69b751c9de0b1 |
C:\Users\Admin\AppData\Local\Temp\OMoYgsMQ.bat
| MD5 | 185deca01006aaee3148bb4c197c39d3 |
| SHA1 | fd94a2dbb1b7398264f0f1d4ea97307844a4b789 |
| SHA256 | b87a4b28cdf5d24c5065d347e9982f1fb409a008a477a1c282a813c9947c8846 |
| SHA512 | 10d03959b7cccc90848646557eb3e5d7c7fa2b6e576f5bb3c4845d06f7ae3293bd386c47a2918000e1a2586b28e20d3061fb87ffc48ca9ad600256d3ab11d022 |
C:\Users\Admin\AppData\Local\Temp\emkMsYwU.bat
| MD5 | ff9f468869caab57860873e365d7b462 |
| SHA1 | 6a6e85b3d36fefae29f760c5128855915c25c9ed |
| SHA256 | 0a59506b11a281053c2228e3e31340cb9c6d8dc54eb6e13e04d9a204b560c72c |
| SHA512 | 59f3454ffd8806697fb89d6996d09ac1c94287811491ec41ba97abf9219c14bdb5e238bfa0a72f06137b34064a7f58ed46bb5e565b4c3047b4f011bcf3e83fa4 |
C:\Users\Admin\AppData\Local\Temp\dOMwIkAo.bat
| MD5 | b49305f1de06eab4359ad8b9b7aa3b2d |
| SHA1 | fcfc903e75fca2d560945d286940dcfc12554b25 |
| SHA256 | 0288540cf682e45970f358edc66a4abbefaaca42c9c13cf7faeb5ee2340036ec |
| SHA512 | 2a8fd1533bec68f1a86b15dc6e9876754d12f0b69fe6b8b7247dfd52053f276e9a801cf0b6d4adf52819af726082ba9df7ffddf96a43d038d4568946b84eb03d |
C:\Users\Admin\AppData\Local\Temp\DqUMQEQI.bat
| MD5 | 29c18b2c022ee732284acd744618996b |
| SHA1 | 5bfa39f1f0dcd26985d319d6e8a579f9fcf4bce0 |
| SHA256 | f75a36b1276c896c95f22505444a8b0d2029655af9cbe063f9dd11457ba5c97f |
| SHA512 | f69c8dd50432a88e0c12aee6588f5e2a5b39ae5f21378ab726b0b515d1067bd0adc00afca834c0b8b00138292b267acd42de26334e9b8cee4d6d52f682a9876c |
C:\Users\Admin\AppData\Local\Temp\baEIgoQQ.bat
| MD5 | 9eea45a7d9091324ad02050f8d442f1e |
| SHA1 | 112a2ca16e1b11f7e1c98a89cec3fe5f4bbcb178 |
| SHA256 | 590834e1605f24ca2e4c36e2452c0fd5dbb7b422a1c0df8be5ae616e2f24b833 |
| SHA512 | c966b498612d5d8288dd3b363d673e2e549814efa20b47f940334bebc10bea105ee376611247bb9514279669704343289a09109dcff06d6c36b33a4639d16a0d |
C:\Users\Admin\AppData\Local\Temp\lIwQwsgI.bat
| MD5 | bc925aab9a5e2240e3b95775e695daaa |
| SHA1 | 2613cd28547a891e5b074399ad2339c16522bdb7 |
| SHA256 | 098a1a0b9eafb659de6110e384b54b3440fd6117d03e7a07efa5baff03be736d |
| SHA512 | 9b362ff32ae814f72308b958358d5753a1aa937f5565e4829c42aa0d6bc4314d9fcfd62ea7c21ed8741055024d1c8476e0614035a18dde798fae153f7408f81d |
C:\Users\Admin\AppData\Local\Temp\ciMYAoIk.bat
| MD5 | 235c72cf3fcd4dac4e3d2c3c0134d592 |
| SHA1 | aa088929ba899c10c3ad4ef5b3f233077f995efa |
| SHA256 | 8ecf79994b6910aaed5f4e682328a3216864cf965e1ddef449e9c87adf957bf6 |
| SHA512 | 04588b59259414b5f22150cb10905e291e5fb83b84efd29dd32a03edfacc668265a14587dce47926a399e19c1e9b9b673bfdf78f02b9a3bd947006da44d2f503 |
C:\Users\Admin\AppData\Local\Temp\eOAEUYck.bat
| MD5 | 407b514631b3bc44430789513312391a |
| SHA1 | f42b7c5a8ee665e2778e01d533a608b0eebade1c |
| SHA256 | 7d34d4ca3cbcc2a44e2b496982e931c609e6a64657295c0ec0644cdf7bd0775b |
| SHA512 | de10d639026811104698ef09c23fa4b96c780fbe583a564a5705be87623c20ea13cc545f522eef0ed224eeafe278085dc6f02b4ebba4d4c67fec4c7652b6093e |
C:\Users\Admin\AppData\Local\Temp\MOowwIoU.bat
| MD5 | 1aeedfcbd2c9fac962d9fad73114598c |
| SHA1 | 8a432a7dbb11236d45dc8e4465cda118d6db8bbf |
| SHA256 | 3aca4b2bedd667e355a45a92fe3c79e159ac571c6bd4a968cea5fc44ba808704 |
| SHA512 | 2768d57427f40f89acbfb97f5906bdcd165ed326e7d8534b12e13c15f1b584bad65fbf6122daa7e81ac18af53b7f64e68c9461fcb2eb723a257aa2b6ab22b549 |
C:\Users\Admin\AppData\Local\Temp\IoUc.exe
| MD5 | 474b79103a20aa8abb5f8c1a10ac947b |
| SHA1 | 7315a98cd515b43337bb10440b700375528d3416 |
| SHA256 | 7c45b61aca4f4f70829007461acaaad3891595cb59657ff0ba99414bbd9c1a5d |
| SHA512 | 2b547e286fc8673a924ddc507a9d37093afb18d2395a11cb56ccff0cee15c23e6fbff49a791beaa9921b099379216784a127ed5ccba856bb12a266e3c439918e |
C:\Users\Admin\AppData\Local\Temp\GoUy.exe
| MD5 | fdabd4ca9e3b0270d62acefaced12ebb |
| SHA1 | 9b98687fd30e0f55486c95e0d2b5710906595b2e |
| SHA256 | 1ad4043042dca461e8ddbed141a3f83d28db0b0915988a35575e0a3e2a791ebf |
| SHA512 | 4efdb371a0bb36cd87b55bbb1b5231949ac74419398866c226e589209ef7d5605dbb11b4537953cd1e80d865d67c6025d13ebfb3917227a23f80bc58e829b742 |
C:\Users\Admin\AppData\Local\Temp\RAAYsQkY.bat
| MD5 | 6e3d3bee063dd22de5be6370767a766e |
| SHA1 | d01cba3ae4f69c663aedf567cae6a82a6cba2c00 |
| SHA256 | e0fc67552f58a4f32aa5fdaa2d550635ee15601116c9bece0db9c908f87b7e10 |
| SHA512 | 1d540ecb52795406183fc36698312f2fdcbf1ea13f72fc7760ec7dbdb5402ed5c1fdbee321990fc6dfbda7f07c01a011b7c9d225b69661b8d207b02dd448876a |
C:\Users\Admin\AppData\Local\Temp\UAsq.exe
| MD5 | 658b14bc9ed15161e4ff8c94db90096b |
| SHA1 | fe07e55d9645c16d1f0ea455424f4c6c61e22194 |
| SHA256 | 271618716a3c09c0db07fc187c66cbe69d895a79c463d9ec50119d8aa62d8274 |
| SHA512 | a97ab61fcd74b9dc3ecadaa019bdd757fa13abdfeddb714082f25d36c3556aa33a5e3645ca71f49ec4f9a492e565c94e91933531cf9c324f3e8623b9937338c4 |
C:\Users\Admin\AppData\Local\Temp\kQcY.exe
| MD5 | 12abf53fe28dfa3ad3a4468b15c67af8 |
| SHA1 | d9390c7b9c835eb5db6716d1c4a299dd62db9425 |
| SHA256 | a0da6e8ff8031977ea397c47a209e19e58af2f5ca14657c8af8afd3d0ae30b7d |
| SHA512 | a2cdefcc1cece1a9722f1fdfd323373ce6df2dabaf968a295b09535fae4d6c62fa48d82f3b3bd6c3e4e255f72dad9af6a67ed81a7d87f50cfcd16a3e49f23e79 |
C:\Users\Admin\AppData\Local\Temp\QAku.exe
| MD5 | 0090a9f111559a72192a21a7b3958397 |
| SHA1 | 380139c1777b2d195d97e2977ce550e6dbc5e8b3 |
| SHA256 | 8296640f85cc72c9787e5ce384b53c69dcfc26c766ea529773d5761c810bc4fc |
| SHA512 | b20b2ffea61e77c30fac8b77dcd85dcc81b5608dad74c238f4d0e08fd755fcec829147ef15b129999c0f3fcb18dcf3f36d794ae9d3a3f7bc623736182d561799 |
C:\Users\Admin\AppData\Local\Temp\gIEE.exe
| MD5 | 575c050255bcf1c67673ad37575dc361 |
| SHA1 | 8b0bbae57253f7c343f82dfbd858da83f49fd4e5 |
| SHA256 | 1f369ebda2c5a5a633fcdf9ff33e936b619c8cf386f651e1274f4b43295f2bab |
| SHA512 | f5ba8d8a531c6f1513a8ce99ea134d128616fdf93b4bcc4e8ab1359a96a4c538e4222549d234d4d65a392a65f0496e237c5a052593957a4a41b140dfcad6f704 |
C:\Users\Admin\AppData\Local\Temp\okom.exe
| MD5 | 80da54a256e1305a6221c54ebd9ea0b2 |
| SHA1 | bbeca024cc82a7966d69ff499d645049b0ba2267 |
| SHA256 | 072ca11ebf8a78027d3b2fb9de7635f55b1837790237d4397013c1bb8fc8ad55 |
| SHA512 | 10123052e34f524f78f4b842e5f98e6398029e412d29642e94866608d21dd2f6e0dce34c5c28165832593cbb041a0d65f4eb06b6af10d7c53f8f0d2785514d78 |
C:\Users\Admin\AppData\Local\Temp\EYoC.exe
| MD5 | e1d2bd27d379a1991a2af58221899921 |
| SHA1 | d732ba0fdd72de873791f7f5543f6f914741eb74 |
| SHA256 | 8f734b19a46a664828523815eca3a81a6905b801ee10d392f1c298864cca4238 |
| SHA512 | c467da57323eac98b6cee427fa51b6006e6c33525c47df8065effaad8f09e1c1d50326bc896b6f7db086f68b1628253f007a503fdd20efe4ff0ba8a394d1c78f |
C:\Users\Admin\AppData\Local\Temp\AUAS.exe
| MD5 | 62057bb7e79ae0315edd8bd6cc087ebb |
| SHA1 | 06d9771bb78233b63114177e9355d8e1bda0591b |
| SHA256 | c77f901702e49e5c5889bcadcd261a9fd06a02d53871f8a847ff4ff81d79ed7d |
| SHA512 | b7100fd8027f3691899aa939d01aeda5324a3fd03432d5c33fab62bbbdc21c965615791587f3bd7aec057f0aa1006962bafd7829f64426bbe28fad04a6c64b45 |
C:\Users\Admin\AppData\Local\Temp\VwoYkIos.bat
| MD5 | 00f7b10bd9a299973051cac9404c0f77 |
| SHA1 | 8a8354b001834d6ad1c2d8f5a30b44d94f7e979f |
| SHA256 | cefd38e0eeeddaa72f2b56f0e1d329bdfd5524a8fbf7ba27fec4e11bcbfc8b4e |
| SHA512 | 331841e266de8ba1c9e0d3fd6e1a6afa0eeec49bd97f1b800386221d5556b57163911adc8c3333e10ef6fc493b95065b7978acf2e29711d3b226cf65823489fe |
C:\Users\Admin\AppData\Local\Temp\EYYg.exe
| MD5 | d362624224d1c9049eac52876063f5e2 |
| SHA1 | 3d553c4412f39257253febef8e25220436be78d3 |
| SHA256 | b9a6ad14cd257f9ced98a7a0884cc7a5c6b8d6c03d98fdf2fe56e80fe2d9b3ba |
| SHA512 | 8c79441524a81a93777f592c6fdca5a51b20ad0b1ec8e7b0f5483457264b3c1267c1f3b8bfb7e43563342526bcd21e9ffb663538f281c34b61b1a6d72a5f735d |
C:\Users\Admin\AppData\Local\Temp\GYEm.exe
| MD5 | ce2226fba98a54ffe96dc38769ab3d29 |
| SHA1 | 5c164be73ffadf6ba2c0d7810f9ec7e2cf205f11 |
| SHA256 | eef4e7493c9a30cba86c9fe3bfe91edc8e5f6454316b25066c09f5c526bd8cfd |
| SHA512 | 953635a0eaddd4f4190947f1c0a46a5c670d963b5d48cb1a71c5673b890381a4cd407a894c191443738248f22416adeb3ad8d88d2b2b8efd160128a4335dffbd |
C:\Users\Admin\AppData\Local\Temp\GYQS.exe
| MD5 | fb918c352676376f0dceffb7102ea291 |
| SHA1 | 0dda0caf9b4a2ba8c0dedd20a1b1452a09fdfa09 |
| SHA256 | c2a9300d29456c32934bf5e769291fbe9d512d3c20938f1f6df804ddc38e360e |
| SHA512 | e00d529947b5a13f49db5a3b5856bf419a4a4f1b85d7274550c20704bc9e57be6e93e7803ada133fd902f649e7927789528b2676b99d5335ba029199c06ab86b |
C:\Users\Admin\AppData\Local\Temp\YAUS.exe
| MD5 | 04b651e9fbb20b93650d637afcc0c5eb |
| SHA1 | f39aaad35c6c94489cba5369536c7c0af73a6b61 |
| SHA256 | 2e9428e602b812ce205851a9e31a5d8e608d50063dc8b97dd6b144ea117b5dd9 |
| SHA512 | 3e5ba8ced4289c02c63b242c5483feaee07032f6ea9558e29c25ec7e260fd8afb68d78871812f902d3812916a869d43ae096a96f19328618e9df6d5c19483bd7 |
C:\Users\Admin\AppData\Local\Temp\YQIu.exe
| MD5 | 5c20625783bbf72747ab657c1608b5a9 |
| SHA1 | f42188fdd08540f1291f32f0b178fe578b35209a |
| SHA256 | 948d30ee4e0af3621c59a3633f4a9fb1cb15efa13736e1f2fa0206971fc23ae4 |
| SHA512 | 6964130ce8e399c5bfdd62fc324b9aeb7c747573a422486ce10326d645df739d91a70eefcea53a8dd07c7ec03ef7a7a5ab687c9439bacd825d2a36dc07fc74cc |
C:\Users\Admin\AppData\Local\Temp\JiggsAcg.bat
| MD5 | 3411371ec420777cc07a70442f16fc29 |
| SHA1 | 8be9b87226a4b491a3d8d7e7a13f4336328b1031 |
| SHA256 | 3fb31a65ce80731ba1233c52698a435309c0d0e1fbd589b1dd5d0e9bfd3ce826 |
| SHA512 | c0d6f465b531cd45d7d7edc1c4e1f1dec9ce78f645481dca0681147e67bfc4ce25864525a14c775220dc7dbf4bfccee614854d32d88093e2da6c4dabdd1f634f |
C:\Users\Admin\AppData\Local\Temp\UckY.exe
| MD5 | 866b4502da5bbef8152126240d300b9d |
| SHA1 | 6f45ed463602aa786aeb7db8ddce37d2898728d9 |
| SHA256 | 143e23a427bdfa6d5018bcfcbb7221325a7a8a47678ad055f244e4b94d4861ab |
| SHA512 | 64f5dc5695a43b3f06cdeb281bc3ea7fdd421d2696430cc73de9ac8b997ccab906b9f14e1dd426a13fc92f9edf0adcfb43523a63ee6ff1c283af2e1f9cecccf1 |
C:\Users\Admin\AppData\Local\Temp\ykgK.exe
| MD5 | 656706c2e14c7fac2c80f9fbaba842e9 |
| SHA1 | 94c00d40acbfa91110dfa292d376a76da96977e8 |
| SHA256 | 2d6a548e13108c156caa88b78ff6acc8607b87467d0bc5cab84fd4d5a750d19c |
| SHA512 | 6d496875aba4c7b65d09720d26bdb3c14c75e01a13825fdbddc16c97322921d8da7aab4c09f7b4a08dc6aff3173ca2df5985fb6c01c24561d68345d3387a02ad |
C:\Users\Admin\AppData\Local\Temp\oMUe.exe
| MD5 | 770d49563087fb987f9578b532bca251 |
| SHA1 | 00994fdbfecd64235c02012a050f14e9a51f87a2 |
| SHA256 | 98c3063ebcaf8d9d7c7652716d64e3c5a5cf97b020efd9c989ef5c94c2ab407d |
| SHA512 | 44776bd968c432ab4879e1ffc15e190cae92de533b311e7c693ce52f232db10629e3f3095c1ba3e48b8d6a6b7384bc9bbbc2688459a2d0c1f22a0f0ff85efb33 |
C:\Users\Admin\AppData\Local\Temp\yccI.exe
| MD5 | b07a00a6833a12202f560d1af1769462 |
| SHA1 | fe6e3c24091e52eed37e52a0ccdc1664d42b7382 |
| SHA256 | f17157f59da4128cac4771cbea031c063dceaa4963656839b503a8a97548400a |
| SHA512 | e8fd76c4788f728fa60de3af3d4ede583db6d16613e37ea3689146dbded5de4046fd694a4946eeb1a4d217a25b02a7420ed6a81dd91889eec2dc90ae072acf32 |
C:\Users\Admin\AppData\Local\Temp\JokkYUEk.bat
| MD5 | 76965d5aa4987df9d0183d03c297af38 |
| SHA1 | 45a31fe10d45989b337f6f74222468444b79f4de |
| SHA256 | f324b2679a3f309b3ddbcdef06358b090f422340dc292769cd9478bd2344fe6d |
| SHA512 | 73251e2bdce43fbec274d972d665cc63ef6a40ecabda898012aef48935722c5abcebfd11659fb69fe8d4be26bd9b3d1b5e7f74dc571a8cdc31775103a97fe9b1 |
C:\Users\Admin\AppData\Local\Temp\wUAG.exe
| MD5 | e204b9fba2ad79dbd23c7dd8a0ea2c47 |
| SHA1 | dc6f31e38989b05856295dfb1bed16cdc8626925 |
| SHA256 | 352d437ee3f8d36076be8b1123f59826b31edcf4df68ea267c1e47772dbe88a0 |
| SHA512 | 2b437faae3bc55b7831d2caeb05000bbd13300d7773fb562ead6222b2b500582681702ebe8a1a347d1b9720e642dfa90e54a28e7c85d6dc8f9c1dff6395bfe21 |
C:\Users\Admin\AppData\Local\Temp\cEAK.exe
| MD5 | fb9be72dfe6c3ef4e1482f41c88f8893 |
| SHA1 | c0b9288f5962c61217c97da10dc5bdb10daedd20 |
| SHA256 | 58d74a71bc3ad300220632e728d1cdb4a527e9ec7b9b56707b20e31c0b4897da |
| SHA512 | ec8c50d7b4998047496b66e9a2dd64fa14acd0c7ddf0aa0d9c4b61cdddbe475fe90c5bfdf62e3c3423bb77ca4d1a46a3a7d318e85f1ba68f3e58601b4be628bc |
C:\Users\Admin\AppData\Local\Temp\GcoS.exe
| MD5 | b9d26e5900b64fc7dc97d62e08c825f7 |
| SHA1 | 16ad6322be08dd7299344b49f80ad781b27a41d3 |
| SHA256 | 6e97f24b76ab5ac7e9d1419cb373a67837ef76246fa479c453b9e1f501e84b4d |
| SHA512 | 0ec01752acf4e6d6f2186da7031357d4eda48f944a1c45de43b1205a9a21406c5680f3bc9ac707a31503bf31b77f9cadfd381437f397af841db452813d57b3c6 |
C:\Users\Admin\AppData\Local\Temp\oksi.exe
| MD5 | 3b05353e2cabc59a0a0d7debdc58bd8f |
| SHA1 | 158499c98ce8fc0f3302e64bf0b4a6b99849e0b7 |
| SHA256 | c0622dd26fbc0016bd227cc27522561e372b8d2fc32dad6247999fcb86631065 |
| SHA512 | 8f4b0d076f1b6f230ff838cc89edc3fb9cd588f6bd1aa39b203b677fbeb08b014069d43f121a93759ddcb7899e03117a790ed0ba48c72b8299263734223606e0 |
C:\Users\Admin\AppData\Local\Temp\SUcu.exe
| MD5 | 0aa044915f01b564c08de3c83901e8c3 |
| SHA1 | 1230f4ce5c90b98e567644d8992f6a838641c4e9 |
| SHA256 | dfb40bd863c4741a2c024f3a6f27e8097aa98af523788f13b750398dad9f17f8 |
| SHA512 | da4613d61c1cad0c752939aea8ea6b4ee3ab0a9d827aeea008696ff8554ad85b37210c6fcdd8e3d79dd73e298119e3484e28a1ab5ddcfb928d0e00fbd7b7b553 |
C:\Users\Admin\AppData\Local\Temp\QqcAgcIQ.bat
| MD5 | 89c3381b272a13b39589541b741a0982 |
| SHA1 | 939fc496e1eb457ff2fcbf6e6ec5a5bae95031eb |
| SHA256 | c3bfc828d20e49eaa4c943e6926bbb85d469abd7f58a386c4ebbce75a831ec65 |
| SHA512 | daee0f6f71df6c764f96a8aee342fb0d24d7ede71a02947594d5480cee674d13bcc752d2500379354649d88d0c5afbc07d1f0623d84acae01c4b1bddff191300 |
C:\Users\Admin\AppData\Local\Temp\qsUm.exe
| MD5 | 5de906f1db72c38d2078cb9f27b16831 |
| SHA1 | 40ae572f1003d00e230b0dc6afc4d80537d0b266 |
| SHA256 | 7f7aacf85e7c673d570b8a5203a65c9a54d45c876135f6835d519967d075abac |
| SHA512 | e8abfd38a0677941b23f3d71205b86ca0544d5ed515b9434c9ec7330ab2e081c9421ad76dce2927ae3a0aecb24936d53a81460b7d27c602d9480dcbf66dba5ac |
C:\Users\Admin\AppData\Local\Temp\ykEK.exe
| MD5 | d47c3c10cf31302ba84d1c372a4fd50b |
| SHA1 | e2c4f59c53666e87a80c3058d6f7ea9ff9c09c40 |
| SHA256 | 820bcb8279a7991e5391db5cd2e21a41e92431cc3643cfe3a1230befb2b5fce9 |
| SHA512 | b104a45ec8bb90679d914ebe539e0520eee4232f5b361638c785f03b4f606729cc28a2c33f4786c4455f81109e43c1d4c141a82f74cbc0e3adcfd8dfd501854f |
C:\Users\Admin\AppData\Local\Temp\QIUosock.bat
| MD5 | a94b90e7c7ae6d9dfc43b857adedfe3c |
| SHA1 | 1fb3e0da8eb4f6419c462963135b23bf4a0b2e3b |
| SHA256 | d86464b919cf55d2039911aaaa86f42984a9acefcf2728c58598c7e4311f9ede |
| SHA512 | a40f5f5bd9417071afea248dea0bba0a634ca3b49002206460ca889122351a512e82b39112a4e31863c1806f1192b08112e258f336d9b8f668fe4eeca941c2dc |
C:\Users\Admin\AppData\Local\Temp\Skoy.exe
| MD5 | 8120891c0874014cc83f3ad4f61195bb |
| SHA1 | c9913f2242641bda2c164e655e6b4fbe205ff666 |
| SHA256 | e234194dc5d992b34d66dc7439f32e57653aa934344fe81b6f0597e2269705b2 |
| SHA512 | 27dc9a52d7a0870473fbb3860a115a4127bb3c918b180b222e0c67d6152e34b3bd7252f4f43c08da41bebc11481d9655c4e79566b76bc7110b9ca3032a343528 |
C:\Users\Admin\AppData\Local\Temp\yoQQ.exe
| MD5 | 42ba9b67f3669da712eb22e26a37b899 |
| SHA1 | 55d66374272d29fca134ee721ddb947fdd12677c |
| SHA256 | d071c36793277d7d3c228f9c0c2ca06eefef69487557e90b673efc40871c34c5 |
| SHA512 | 9e765f5cac2d04742b1b490518e44ca0e2290a4869a82bdf8b6a9fe05034a202760f0d00c21b5891fca61f04a2f79e17a31da6462eff42f12e8624dc50427cbd |
C:\Users\Admin\AppData\Local\Temp\sUEk.exe
| MD5 | 5d1d505b537672ac9fc7dfa0f1d1e20a |
| SHA1 | 2dd65105b73ae6c219405c7f48a5b59bf1bc3b63 |
| SHA256 | 6cb22a2aaacf99f69bd15e1b16b3a56202dc4f7a71dd0787a3a6e84300b1a943 |
| SHA512 | f6e0c6b9aff8afb2b47b32e333555786f08ac236114f9afdb6e1bfa876333c3b0bd586fef47f03094540bb22616dc3af31f2d1d32bf2b2e342381a7d98540faa |
C:\Users\Admin\AppData\Local\Temp\IQQc.exe
| MD5 | 6ca7635ab4d914405fec780e4aaf9a1e |
| SHA1 | 6ab142182ab2fcab7de76d6c5c216a7677e35aee |
| SHA256 | 178aec003cee30c12b5116d5db6acd0a45af51e9db28b86aa639f9afcbcc8695 |
| SHA512 | 5773da045cc27194859f9d3f9b71477157016bae1feef0832225289414f90f90b6f50dad9ca52f4dc51b432d2cd78593ebfa779a6ee8359f4e396f1d3f06145b |
C:\Users\Admin\AppData\Local\Temp\uAYYsMQs.bat
| MD5 | 27c4d19b109064c69dd07ff48e6d2e21 |
| SHA1 | 0ad217734b2fc59ce9bf4cc7725c4f3c4bb9544f |
| SHA256 | aad51d426b68a493f7f23d4323871c5b4c2a7d727a7a5e746b5e1364690bc4dc |
| SHA512 | 129afbe147dfdb7b433d425bedf2d5e5d7ba9b743c354da7708ffb91dc7811783aa86f343f7b47ae1fd992408b665a9f2594ad574de0340e67372dc9597008d1 |
C:\Users\Admin\AppData\Local\Temp\wQMw.exe
| MD5 | ac6911025b55cc1c762ac4756af36bb2 |
| SHA1 | 69dd7a1545bc1444c3a0f1fa3258d76620453ff4 |
| SHA256 | be7e5688c3149ff6f37325fc94268f84da3e6f40cc89c405e5eae725ee874440 |
| SHA512 | a664525420e4eb659438b324cf0490f85ff556aabf98d9e8d12902ea9c9eac7a4fed3629642f2cf88c6d5df818c0aff151ff1a832c5bace008ffae7024f86a0a |
C:\Users\Admin\AppData\Local\Temp\aQUG.exe
| MD5 | 5e7b73205558ed4a82353d85b68cd5d4 |
| SHA1 | 79b5578d72dc7fe919db63e215b5bce104b8a62f |
| SHA256 | 7d0ad5686db0876f5ed46aae571a0e4be247e354a7b853530db6bdccedc370d1 |
| SHA512 | 5122d3b95650c1d97d619f1dc11c4794d3984e7a50e7a3b3c07fc96caa55ca1efdb96f6f78a87bf8d36c429032f5a2187f8bfabe0c08168f2bfd1c86e05496a3 |
C:\Users\Admin\AppData\Local\Temp\AYMK.exe
| MD5 | fb0825106aa7bacdcb08e2c3d6a9e1b0 |
| SHA1 | 9b7e2375bb2cd8c5a0dafbc2a1c1ace6cebbb2ac |
| SHA256 | a561f2f991c53d4e02996f779a1c9e3fe6c595ccb3cec47a974bc2a700e1351d |
| SHA512 | 955ba9d4abf377022c2072c1871d026714af30d314a5b2444f89b2979b22857360d6358013cfeab7fcd73a34d4e6932aabc5bd2d4a199c72fecf0ae0bc4edc7a |
C:\Users\Admin\AppData\Local\Temp\GAAW.exe
| MD5 | 79dbe398f95dac6bf0e3dc2a4ea170ab |
| SHA1 | 978cd4ce7f4cbb340f4e0400cd320d6c9ddd294b |
| SHA256 | cb4c1d31d629711a987d9e5382e5d6fee7cf026fc29fe7c26664de3aee892505 |
| SHA512 | 67d2cc4856d0e1d35d6383bc8efbef7225b8c4391e6be1520bd0b4ec6fa08a6e3475ec59efb04f1c9571e4289ef16470b49e9488095318e0621a43f2d14edab8 |
C:\Users\Admin\AppData\Local\Temp\gEgO.exe
| MD5 | e0203629cd06892f0d71c90c75c2fa9e |
| SHA1 | c4c9a7e1fb1216867e3dfa34edb33b34b39a1791 |
| SHA256 | ac5b3c3b39dd4970e687d22103da4ad7834f011c6365bef7df3500ea5e2b2de5 |
| SHA512 | 93a2d2df80b38b08aef7efef7a2c9c37ead9f3bc2b0b20647e4be48c9079ce3c6a746667b20253f7974fabea2700fc60da7e54505c421afb5f8d0405247e7c1d |
C:\Users\Admin\AppData\Local\Temp\OQoe.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\wuEMoUQc.bat
| MD5 | 416b00fc5ca0d14c21e0bf65955463b1 |
| SHA1 | 687aa5bf83c1f2f67074a33125c78b9f7bf6c822 |
| SHA256 | 98aefaa36522162482c62d727192808fdf46a019672a96a5187828d2beb4c08d |
| SHA512 | a0c708adf90d945f5d0fddfbdbc8d84d1b2d5e6e5b988fa53873744e41dfb0cc63d4a009572f84382860cd8780c1e0a2c455862c5298c14d6b89f611911f2735 |
C:\Users\Admin\AppData\Local\Temp\ScIw.exe
| MD5 | 38741cf1e6025ebb05ead5d026a4458d |
| SHA1 | 84e74d739394ac887414aa3860189d9d7ec6b4f5 |
| SHA256 | 8027bccfc4c0241548f61011ec33e2b44702853036bed5d7f355ca2d80db5e64 |
| SHA512 | ee5482f4aebcc40b5b1903527bdb2c3a7230a5067fd2fa36470af2f2a61a8333dd59d7cbb32a14e63734bf3fed355e0b972c64c06af362f6963a6e88b7c8f5bb |
C:\Users\Admin\AppData\Local\Temp\QMES.exe
| MD5 | 303a7fc7463e84c1360d2b168b2de280 |
| SHA1 | b6e534ef435e15e901a6222a4991994858521289 |
| SHA256 | 16cfa2be5488e34823953c8e5140be278a81376d61b44eb76831f2967a5a2ce8 |
| SHA512 | 0f67f970bf1b11e5ea39466e298c213b13d7e5a9d05a0491a40c01da706330f8201239c09347582d267759e6e125e83271f3cd567b200bf9b17ea712587e0260 |
C:\Users\Admin\AppData\Local\Temp\cgks.exe
| MD5 | dc53eafb9eb90e34a6f31e5fedee3526 |
| SHA1 | 470d160a29ab63271c2ca4edb55e215810844e8f |
| SHA256 | 7ad09829b06aac3e27619139beb15d19382ca3c5aaadb28533aa127ed069c1af |
| SHA512 | dc16dd29515c48bda4f56d406f95768080eb28544681bb4753d0098e75e2d61364f30e4361bd911b64e06d8e76c61371211f03c0b166d6714adf5bfd5dc7f4ea |
C:\Users\Admin\AppData\Local\Temp\ekos.exe
| MD5 | e8a682fee0feb818b8445d6a21aa490b |
| SHA1 | 556f8d7dd1f54e4dc7a832e57e08c26e04952cd7 |
| SHA256 | b41e917fe650b551e692e9e81028f55504459038005efef50ac1828e19234dcb |
| SHA512 | 12cbf740d7fd44ed979adb093ee5eb7e4180c14b78f81c0220e75083bc57ca92235c9de50efc5c50899efe0625ecb2690111398a7a406f16ad2c581adef6e32c |
C:\Users\Admin\AppData\Local\Temp\AwMw.ico
| MD5 | 9752cb43ff0b699ee9946f7ec38a39fb |
| SHA1 | af48ac2f23f319d86ad391f991bd6936f344f14f |
| SHA256 | 402d8268d2aa10c77d31bccb3f2e01a4927dbec9ea62b657dbd01b7b94822636 |
| SHA512 | dc5cef3ae375361842c402766aaa2580e178f3faec936469d9fbe67d3533fc7fc03f85ace80c1a90ba15fda2b1b790d61b8e7bbf1319e840594589bf2ed75d92 |
C:\Users\Admin\AppData\Local\Temp\qIUW.exe
| MD5 | c172605ea8607f864ec8bac7dc27fb78 |
| SHA1 | 7bac1751f2f56238c17c03071165eab7ccd4950c |
| SHA256 | 35a8312374344a14d013d9947cd5f2e088e50bac10da244c7c7c4b243b723ebd |
| SHA512 | 6a5932aadbe659de09a5a6a120105872ad3ce1de0f561d5f81abe3c4f28a45a9e3320e89e9fd19c47746457de4f86c4f15712a403ce92d0e6a18ad8028d0699c |
C:\Users\Admin\AppData\Local\Temp\jIgkYoYs.bat
| MD5 | 2574727fae51be47acab25fd9cf34ef1 |
| SHA1 | 3b16646cf46e652cdc8ad5618f442f5c93f06be2 |
| SHA256 | 5f21ce34efbb8239684aaacfb93d3fdf03f00028529fc063eb18955ccfd64456 |
| SHA512 | e790282c0f8e130b06c378dbc3a4341be13dd7d596af62155cc0f6fc5a92a5edca1fdfde68fabcd60e84fa96ec00bedee0bd1e7af6c71fcac3cd9e849f8afa05 |
C:\Users\Admin\AppData\Local\Temp\wowy.exe
| MD5 | 555c44212adee7a9689a13c156aaa455 |
| SHA1 | 5011e2ec18d81e5c409ddd80b7a9a5cbfa5bd9ea |
| SHA256 | 49559cf429532e852f600c0a87fab7d2d21a3217167bc206e3b359cf6b907f99 |
| SHA512 | affc48f45920955ce3f2fec4e560ca7af6496cc4f5c5675e87e46586c161541879c95f063323c2992051d7cf3ae010fdba91a5e9e3bc01c0293c6f5e4ac96557 |
C:\Users\Admin\AppData\Local\Temp\KosQ.exe
| MD5 | deb82e3239b09e3c3609df47c8b790bc |
| SHA1 | 6ea3c7070645bf9f54b142133decebfddf589492 |
| SHA256 | cb18b5391b925cb77f78c5673925a3911ca71a51be6b38cabdaf1e7ae05a1f9e |
| SHA512 | 7a4655b603c0758979e54e6c1a768a27180fa2278bd78cd7978c7e0b3141785dca80cbdfc7b081a93757b604f663da04d14a824bf1166068887c816fca48decb |
C:\Users\Admin\AppData\Local\Temp\SkQs.exe
| MD5 | b60ec2347f55d8967a8935ed1cbfd678 |
| SHA1 | bb2a66df3aae74a176f551a79e99be181652b428 |
| SHA256 | c420764317695a3ce03b5382949511542e4ab18b2a03f98583ccf994c5b3cb82 |
| SHA512 | 52c31bbf2312fe9cf63ba88eac2b9ac6fd43bec5442b09a8ccb1895674af9d01c88fbadbcfee4e7ecb029a2c28c61a77abd206afe9c7ec162ba1c61e6b33dcf9 |
C:\Users\Admin\AppData\Local\Temp\SAYM.exe
| MD5 | e169176a1fc6da7a0afbae869799c2fd |
| SHA1 | 2c4640952e4e90556df95e5befaa37db84c2c8b0 |
| SHA256 | 589bce3aad0ae021c3e050cacd14b6a9ac5d41aff6a5cd3f04274821f215826d |
| SHA512 | 9b28819c77cf76c9121a97a62b088fa46d5655db2eda115855548cd3550197408e856b32d446d26e62b7f9853e48b6c518c625595afc08db4473787dab8b689a |
C:\Users\Admin\AppData\Local\Temp\AAIi.exe
| MD5 | cc9cb704055c2bb1e388c77a96b1a42a |
| SHA1 | 7488913176f51f47fce63041115989c627b48ecf |
| SHA256 | fbe06b848a07e3af41e0bd68dce0821240acb6e769910ef194f8abe5197592ee |
| SHA512 | b7b295b91b4acb48d5492d7b1007c79916117671033f3dae77b363df282cc0860f04be4106bc7cb8f8ae2282cc4b6a521341bf318cd690dcac1c1ef0f4d442a9 |
C:\Users\Admin\AppData\Local\Temp\egos.exe
| MD5 | b6f289e7f069f7ac956f725002f2ca7b |
| SHA1 | 1dd18cc2925272bbaa208b95e793967e21435574 |
| SHA256 | 357550b9050870e0cf12af6a14d326bbafdd83a83c6805e4f19978581a8a272d |
| SHA512 | 742005e71481579a6848f83ce7c6fd9794729b3239a3a64f3aff1659669b6b29412409e812be3fde046d21910022a86171784d17a9defe44abd55d7127bfd20d |
C:\Users\Admin\AppData\Local\Temp\JosAgEUc.bat
| MD5 | c6b610064039969c27a036558192df76 |
| SHA1 | 7fa8de4bdeafaf019269cf16a77e2b1a170bd862 |
| SHA256 | d9456109734ab4d069a8647c225870dd297abd8459267002cf00f50c5f7f4cdc |
| SHA512 | 250465e2c3fd9a055647c8cbc406da0fdcd3852a0d7287a9b5e23d45f669c8112da6b1d22fe360a9f59c6d6a8e2853c3354de04b0e90a6a20b30326ecfde7ccc |
C:\Users\Admin\AppData\Local\Temp\SYoY.exe
| MD5 | 32878193c208ed784b6661dbc55edd35 |
| SHA1 | f2d6d2cbab2b8da76553c3a89953294c11d3f2d8 |
| SHA256 | ff484cc969fd20a5993d3c05bc54305336c839acb47ba05586f479329a5580fc |
| SHA512 | 6b3f638b80a85ae75498871524c225fb67057e21c3eac4cffc8ccf3ce0533b1f6c2d0f7a85ae3721a3f7037c34fc0fd86ba70bb3029fea22f236b0b64a424597 |
C:\Users\Admin\AppData\Local\Temp\mYcw.exe
| MD5 | 9be2677762ccfe175d9cc3f86a8cf54c |
| SHA1 | 6012dd040d7786959db4cfa3f143b87d421b7136 |
| SHA256 | 463645b772251ddce1a8f4aa007b49092dff0ff2a4f55c187a805a8123c4cab0 |
| SHA512 | e2e02a6a18947a65d7c85a94c292011fda336e3983cf3709d2dd7885e418b3f4f53cbd3a9fc079dc7e5d976f77c81c6aa7d29b0713b740631f01971d8e9d9973 |
C:\Users\Admin\AppData\Local\Temp\uUcI.exe
| MD5 | 6f8437fe9c7a15a59668572047bf3a2f |
| SHA1 | 778c6ac278832f4492a6365a28c9262e2d22d518 |
| SHA256 | 0b18a50c4bcb223f76b66d16ee4ce8db5bb894f955b470887ae33defa5bbb826 |
| SHA512 | cef9597561af63a8b20018af3b8d2621e71290009cb4e4a85f360b9f9f335341612ebf67d535ef43db81af7ffb4ab29462f72cb8b8b6d3c6266e2b9562b073b2 |
C:\Users\Admin\AppData\Local\Temp\IEIE.exe
| MD5 | 67361f8d9ec1eded31f4d10c3f1da940 |
| SHA1 | 1873a5f7b1c1dadee0267adb549e189e8c5afd97 |
| SHA256 | 5034c62b009a206d25402e435fb0fd5b31869d9a255db55f5635a3b6f1db8fcb |
| SHA512 | 2980b418ff4d17b4ecfeb03fc1eb23f22e2e8a941022704327fcfd553cbad788b431e9ad3cc75f29f2a9c7cfbbe896fc995fa88ad7ef3e328279e3df8f80ea3e |
C:\Users\Admin\AppData\Local\Temp\TgMAcYYE.bat
| MD5 | cbad039a125ef1101924e37c8a5ca4b7 |
| SHA1 | e59c7171487bec7d0e25e3cf30986f49f452f6eb |
| SHA256 | 41c911c4e39152b0bc6e2b15a7f0ed86253544b8225707d5a83bb89241b6b62c |
| SHA512 | 22542d030db5c7c5e8d0ea28f5bcd642b82293730692e331956ea9c1adb7bf12a29d328cf8d59117b91124a7ef55816972c240a2bfa523d78ffc6ad3b8353c86 |
C:\Users\Admin\AppData\Local\Temp\usoA.exe
| MD5 | 92a7d90635a974635693eed449550fab |
| SHA1 | 86ddda78e1996e5cfcf22065068874348bf43c8c |
| SHA256 | 4ad2b4900553daf3dfaa6056b78ddba257527c230fc46c57fa88b9a1f04f0f8b |
| SHA512 | 5db410d876c3e7799e9dcb7efc4f9f3bd112700e5b87d990fad64df9ffdd242064b57fc339400be8df9ec58ffcd9839df82ba4d5227ba8ac9f71b16608ba9288 |
C:\Users\Admin\AppData\Local\Temp\yQsq.exe
| MD5 | 61409bcf90b0ad496c9d3f2581d6ef4a |
| SHA1 | 8d3c4bf4acf2a80ac2987d91410e945c7530e53f |
| SHA256 | 0acd2b3b755e36d401c72fa743c27eff55cbe27a43c099b043311b66eca16574 |
| SHA512 | 1c0e005a9bcca1d97376170f4312cb14d8caea4f5d96b85d42a88c2170a57f2f19cfdffce60a5e1e76af8c8ac113883bb0a4ca136b794bae69323796ce42ea37 |
C:\Users\Admin\AppData\Local\Temp\YMIA.exe
| MD5 | bf8a44060cd74c3b0b1809e1becd6dcb |
| SHA1 | b52f26287a861582f2695e8014e4ca9ec2f06488 |
| SHA256 | 8c81882fcc5224c52708f443642ca6cdd25adb8cd6da11e95c65365983e34e2d |
| SHA512 | deda0385bc04f382f44375964c0463fe4b78d4dbbead5483a65afb0b14f9fabb91d1b806e79455e255b803ac4a751cba9dae39d1b488e44af3f9707d099d166e |
C:\Users\Admin\AppData\Local\Temp\mYws.exe
| MD5 | 91652acc1c383c2e13385e2609c878db |
| SHA1 | 414f5880bb2901a84d372701eface5bf68df53dd |
| SHA256 | 4b76de926f22bc19fb5056ef098273e07eff799968e77b81f154522018297902 |
| SHA512 | 726747f19b25d0104b18794e6ca626aff7d7253e3b181944ce7e62b0969c862e61e72bf3c2211c23bb306ce36ac09f02b5ee2d6631717622918f2ab19d2a5c6c |
C:\Users\Admin\AppData\Local\Temp\tsMokoYw.bat
| MD5 | e680a5c33359d8c8672b495c6e4665ed |
| SHA1 | 309880c4c7484e4ac981cb8a267ae98450c8efea |
| SHA256 | 9c42e5ee9e0ee78782dd25354e7dfa3e8c668f7db32257e22a926ba2c87c19cf |
| SHA512 | 19a32e715fc4a5cff414d177a52a94b3ef55f481651726b345978270ba6fc24867daec07768d1ae999716f5b54d3236a7918dc9dfc3b7bd6e457f831fc979d7a |
C:\Users\Admin\AppData\Local\Temp\GUkq.exe
| MD5 | f3c08e5fa4c92b4161abe9b62fe95d3e |
| SHA1 | d5761452924a15e443502223871744a4f83ebe89 |
| SHA256 | 21c92c6f875f30caa8c045f0c9f360d755f4ecf10ddb2660a0fe2cc2c7bec883 |
| SHA512 | c29f6e65caefa83a4b970e288b475db1f1ef7ad188404fba2a26326b1eec8b60ae61248ea57029dc77c0dbf23f360deadf7dd94b7d3cf41354c5c3381e0c8a8f |
C:\Users\Admin\AppData\Local\Temp\oYIO.exe
| MD5 | 95eeb97bc7b5e133ff0056e22784b67a |
| SHA1 | e4cd2f8b24c27fe05eb28c0e2d96be5c77c92a6f |
| SHA256 | 4d86bdfc7101ea091a5ed62b7d55ea0f962b7f9f449bf95fd973379442eee683 |
| SHA512 | 0fc339009556816f66264a5b99a670057d41249cc78308f77f90d7a911e0fc3f6fd5c04aa49a9e7bd7e44331100da96bfa6d7aaf5f59ac9437e6a3e5a024a118 |
C:\Users\Admin\AppData\Local\Temp\MAEC.exe
| MD5 | d097a02b4397d17f8220a47e0d3e5fef |
| SHA1 | c0060a505e6bce7313a6d94e4ad48d3d16f514d4 |
| SHA256 | 9070fb2aa3b8bbf9832d0de9e5c3812a62f59a17a24680986ff28deae3d4f706 |
| SHA512 | 7c55cd4a8abeb6727d812c8b0e51174c5e33006d173f3dc3a7bddc191c479b4644090a65a1430f333b1d528212aceebaddf9862295109517d599a35e9d0cf0e6 |
C:\Users\Admin\AppData\Local\Temp\mgEE.exe
| MD5 | 2050290ec8c9bdcb9f4857b870eff67a |
| SHA1 | 2d1f31f3fba6eb8c735fde89f371865ee2f0642e |
| SHA256 | 9377ce2fbf03fd493afaa9a98de42fa8dce73ac3981bf2116d0b3d5494f65b82 |
| SHA512 | ab793278e1bdcd0d8cd53fffef9e94e02383a167bf39d688e96823dc7d27f194b08ed6983a759d731dab89af6acfd2a9c58aedfacef6923017c92ef526f9814e |
C:\Users\Admin\AppData\Local\Temp\WEYsYYwo.bat
| MD5 | 7c84d97416b3a6f81888860e2ed36b29 |
| SHA1 | d00e6573cc562e8bd82626116b58205e506a4dc6 |
| SHA256 | 9e5eb9747a3f9f4fd13ad4e0b07a2c9211d92aeb0827b63da989886582eefd32 |
| SHA512 | 8247330ee070dd445b8f85644683f78ece642d968c599c991d3c0a2bac92fe8db744b08aba682ccae2c184743ac1a55f843aaaf30634ecbeb732901d34b8a249 |
C:\Users\Admin\AppData\Local\Temp\OAgY.exe
| MD5 | abe522b1ae1ebf2ab0f71ff93401aecb |
| SHA1 | 40d5a33662693466190b00669ea558cd7adcecf5 |
| SHA256 | e51399e809799f3091acae5e4f1b09d32c30e31ef4a7116a1dfb14d74c1e2dfa |
| SHA512 | 03ff0ed182d86d7ccd4bb0891780aa8daa5f0cf538fe3d6117b35b8e97ad133ef51d1f1a0a874b3ae2a50ee3280f72745a1a3030185e0bdda7565923bb3a0e36 |
C:\Users\Admin\AppData\Local\Temp\EIoE.exe
| MD5 | 43138911714a08eaeebc84eaca892ddd |
| SHA1 | 92a5dc1bd977f52b61418e2341e67d024b6467ca |
| SHA256 | d09b7a4913b2c5660d52b624ca9d990de2673929286a821b61d6bd14c9bb9c1c |
| SHA512 | 7300f775b7ffa6122e747b885781da42ef95b7f42e124f62440b3876e09f28f30eb26264461d993cf972c25385fe8a850829f839a1298bf1fb2a5dda3801c5cc |
C:\Users\Admin\AppData\Local\Temp\AYos.exe
| MD5 | 29c521b523c705473acadb0a373789c0 |
| SHA1 | c065b71d4c45602dff032cf7ad2805ab26687ddf |
| SHA256 | 1e4a9dea4f4eda82251f400d85745480f11c340dc3b6f00dffcb7bd953390ee5 |
| SHA512 | 66bb1450dbc82e9793dcb46ea48bab88ff65522030226cc8d5628a97069d95a8c5ea992db56657687a3b20d50e1fd31b6c6ed75fc1ed75dc22c141475a507f0a |
C:\Users\Admin\AppData\Local\Temp\gEYK.exe
| MD5 | 3f53c05da4d145cdb8ebfda907a21207 |
| SHA1 | b9dc246d569ae16a9938c3a33f22d8eca6a95de6 |
| SHA256 | 1199d101eef9ed2f7bd22a5c9a23777c3edbe239ca01dd76c73a29f0ba962d95 |
| SHA512 | fcd49a388f4a9336d4e6bfd65eac594b06e7eb337ce3f07c46588a72756063ba2832ef3b586739b5d9f58e0dac125b5c9619578336a686a0384ebc24c07c181e |
C:\Users\Admin\AppData\Local\Temp\QQoQckoc.bat
| MD5 | ad220bce338f620dec91526555a1e358 |
| SHA1 | 2fa9b30e24ee8a789f0af066e232fc6848dfc17d |
| SHA256 | 8a0374aee7f646ee7e907537687b7216a12f5c41b27d82fc1fb38022d0b1ad92 |
| SHA512 | 49fa29abd188a769a0d9ff3465c93e05619849db48c0e0eda3b43d4a4e37545b87f0984b843742086283b8de2e93b7a3090313f4a79ceb889be1246198077aa0 |
C:\Users\Admin\AppData\Local\Temp\AMsc.exe
| MD5 | 1ee40520c6fc777df0f88eb964f72d50 |
| SHA1 | bef9ca21722f987bb1f22b5d2e4053969ea4f42a |
| SHA256 | ebe4a43e71ec7fab5e3309b90c3a92246cee80b868c6500f1fcc9221304eb9c1 |
| SHA512 | 8afc35ac1733e2f57e1e3120fd9285af0b5f400ab57ae8ab100954ea9362ddaed628675a29430e8b2ebb678e77335f5342de7288c67c671ee1fbab6ec7afcc30 |
C:\Users\Admin\AppData\Local\Temp\oMcU.exe
| MD5 | 1614d0aaa7a65dd164905e46a9a5c5c2 |
| SHA1 | 0d70087118a71c982c987bfab423c997d08c9998 |
| SHA256 | ac02a088cdce119b1c1467455f2f8f6cb29da81476cd905e6ab402b265b4748c |
| SHA512 | 82fbef4c3f77ac610327c106543996b80d6016c629a7f83786d611e89b417feed8df50360527235c5a7f7cd52554c1de2981d2b7cadf12e6891003501d23b832 |
C:\Users\Admin\AppData\Local\Temp\CIUy.exe
| MD5 | 903e4044de820933e8474de397e58433 |
| SHA1 | 6d952a3d55df576114e817dbbbca2403b98492f5 |
| SHA256 | 139cbcee5d9620996067cba51e28bd156d173a5a66c52ce7dbf4319b39030b8d |
| SHA512 | 53761676dec099a2cd79fc732c9119edede9d31c7e2a5c2ff57291e6986b5694338e19877ea0b7db13bd4ee7dd79434d3316e399ff7f37de24d0a805c516354e |
C:\Users\Admin\AppData\Local\Temp\KwMa.exe
| MD5 | 2347952152235ce5c0c45eed6ac831e1 |
| SHA1 | f4387644d8fa8dc32f5e2cb19566220a392a7931 |
| SHA256 | 4e0e2c1f6303c0e177b38b8129f3ddc07147df688fbe76a031035f0f1c489fc6 |
| SHA512 | 3e36ecb3609c202ab606e492a0e5ef4a1b2995c9f6f8846073ae850c87c36e09bc167e62d4b2e43c35f9aaf0a982546a9746983116ce43e6a301e756e3eb588a |
C:\Users\Admin\AppData\Local\Temp\GggoMIME.bat
| MD5 | 22f3a9d0bea48ae0b17d78ea64d15ced |
| SHA1 | 6808bf3d6304cf0b5c25ce540e2430a0ff0d80af |
| SHA256 | b39fdc7d8b17be89646a8d986fa3e064effbbcd06b251c9f4c3368be4b2a406f |
| SHA512 | e8fc261c379c412f2284c4422a4135ff8b013dfa257db4de2dcc86ead891b3c908c6fcc7c1e1421ffb22657cc9720c6bb1315fc777869fe790db2725c8859476 |
C:\Users\Admin\AppData\Local\Temp\QIQC.exe
| MD5 | 3d539b4b76f93a02dffec023e93bdfbc |
| SHA1 | 881ec6674c5b659105d69932b138f3b33e6f57bc |
| SHA256 | 2889c265e0ccaf422405fbc0d04da487d0dcd3f03a1a269c9d858bf9e614c5e9 |
| SHA512 | 1e99dfb41492445fd942d4a5203f1e88b54eec6a3b0e1759ee1eced51766a2d196bcea0c70404a9d4a507d354899a8cfea9ec4a5cafcfd24f586c4a9d311abc5 |
C:\Users\Admin\AppData\Local\Temp\IEsY.exe
| MD5 | 4ec16087c7c6076da844b8587af36125 |
| SHA1 | 4b5c94cf137271b0b0aa7d2c56797dd4eb76525b |
| SHA256 | b20c6d63d68f4e9035ae1578898269ca105878ed40691727578e08698a4e61bf |
| SHA512 | a8624326196782f75e77092c035bb088e538cae538c860f8255d3983b539f96a62eb7b57c8a58c6a976e56b56bf9f1344453d1e05798ddddd5caf8636c5f7432 |
C:\Users\Admin\AppData\Local\Temp\GaoAkEYA.bat
| MD5 | b33d3a0c1497439e2015b6c4103c4dc0 |
| SHA1 | a972fee514519e9de23caf40b379159737b78e91 |
| SHA256 | 3a6cb422acd17dce5b430158bee91fad91b3b495dc91b8393aee1f694b314ba7 |
| SHA512 | c2c862442af164b58654be3bb3aec92262318c9db780db01d5024c0931545681c07ac2384c66f229f6b89ee82f3b6ec2c6ada23b156ae1cfae0ec96cfbd982fe |
C:\Users\Admin\AppData\Local\Temp\CIII.exe
| MD5 | d1c39f3f8c6444f68859c534cc6b9102 |
| SHA1 | 363e3c470faaa39b70dcd0f64af11d31faea8f0e |
| SHA256 | bddd4743b0a93e662d50ffaf5f58b720d40ab2175e90c5e805f3e3b4af9000d0 |
| SHA512 | d9c43aa4cd54d0ef8ea53a34ee6aaf067d80b26cacbbec2439abb97c6bca7a47b71b7a7bb65255f8f627e8ba7ab6a111bb2e283716b0c7138ba6f9ba6c3772c1 |
C:\Users\Admin\AppData\Local\Temp\mUQo.exe
| MD5 | 3ee91a1ffcd698ee689f0eff6609b823 |
| SHA1 | 5a29a573803fcafcdaf4dad376447628ace747d1 |
| SHA256 | 99ce8d855f4f1f52d0987c6002860f8545f14df79c48b2be9a6fb84e419833bf |
| SHA512 | 85d10dff15b93ac09846ac71200f70322a76c87ed0be2c7e161bbf174ed351e2d9da56fb984cf264e0f1ef0144adb3f209c1950b68c9b5f3fb6a71980c5834fb |
C:\Users\Admin\AppData\Local\Temp\OAkK.exe
| MD5 | 51263aa5b8c99c2df662ec56fe006498 |
| SHA1 | f434fe0b094cc230d65e2fb48064d75d6ac4b23f |
| SHA256 | 56f60deba5620f7e827171f2561e0fa0e68d75634e6a9f1e224aeb30a0ce81a8 |
| SHA512 | 8484fd2981bda949e0859fee04d2ffee91c4ee2cfe85fd8eb3386d89d632446b6ad278858c9a73cb5716095d2494b80e3fd3f931a711b967e81ab344628935ba |
C:\Users\Admin\AppData\Local\Temp\oIMu.exe
| MD5 | e2c72ea02bbc5ea35d827b0e9968dde8 |
| SHA1 | cb702c4f8044b615c4c8e4861ddcfd64ec0a667b |
| SHA256 | 368af6828cd7a26148a2e60f8fac534ab2406a060459feb3a283e3cdfcf13645 |
| SHA512 | 1ddd3b37746bee9f14ab781995c53c2b86d08cdf4ee5590df55e454a471af7f459503dc2e033702f26867c7543a481d9e2a7e385dad063b970120b9ba0cc4da4 |
C:\Users\Admin\AppData\Local\Temp\BSMoIEAs.bat
| MD5 | 7ccbbc224487ced23df6846ed531b230 |
| SHA1 | bd4df6a832092199ab2ba4d37c83d75c38705240 |
| SHA256 | e5bd8c4ba4cf6e346dd129dc23ead357c5916de8d3198d87154d1e6b5204eafc |
| SHA512 | b6bbd052e577a05bae5fa4f76ab1b96d7ac9bf45ddfa362da0bc13923660d75c481dce27c59f6b65d3448aecd7951f5b749bb66c70dcb342239cd3da007e51ae |
C:\Users\Admin\AppData\Local\Temp\Ekgi.exe
| MD5 | c5b1d07d77c0d749fb7eee4d87acb66f |
| SHA1 | c378818f4d080c502b081522d85ed4b6d52745af |
| SHA256 | cf8b337d62a54909cf6514e2b7e6371c71052b385c25b22ea7cdd52fa30c166a |
| SHA512 | 43a3eb3561a047071e8adb80a2f51d7044e4301e77305230d9d29c5ab47ea5f6c2046e91ba319a0acbb94b48e27f587bd678cf2e8c9c0bef1d09dca9713515b9 |
C:\Users\Admin\AppData\Local\Temp\KEEE.exe
| MD5 | 6bd4087bb4e021beab2df929659474c4 |
| SHA1 | f93524d0f78774d167749f55fa8bb433c26ff1b4 |
| SHA256 | cc347a1824287cc55628b683935df6bbc9ace4318e146986dfa0e8e8602a36c1 |
| SHA512 | 849154ec2be208e82f24d559c2037528161fbfd31776ab2ab97d663a390001ada8f50077f6e3c26f2a31b912600b9bca074124752c05281f3b845a42151175e5 |
C:\Users\Admin\AppData\Local\Temp\SIEw.exe
| MD5 | 73b15117a8fc173036478651efe745ba |
| SHA1 | 69dcd9812f520b20751e93aa7ef5d7581964817e |
| SHA256 | 4dbd03cb207eeb540a3bfbb44a98927069291b5c08e1bff445380f20c77e9c79 |
| SHA512 | 33bbcee73b4e5276e70c838cc52482079e7776c6a1b55f92e3c847fa26c2fe93ae49db3b5f1f3b65f41c87610ddd99bd1a14cf070faaef6d25877e47755169ae |
C:\Users\Admin\AppData\Local\Temp\PGsEgsYQ.bat
| MD5 | 500ace26e88599e4a9463e6ccfa37ef2 |
| SHA1 | 13ee75ebab436912752b8838f24cd29b93689340 |
| SHA256 | c34c6829720655e9e7a048964a7b810540d68a734a6127418a3467d285ea9e39 |
| SHA512 | 28b77b0e0eab4dde568e8f97482505e2be412d1f73b2356c86c2db8d694429d78038d41601c03f3616b2232b3630516f1a193e15b6aaa7688b109239427574f3 |
C:\Users\Admin\AppData\Local\Temp\isUK.exe
| MD5 | ee87ec100984c7c9c27863bd7240eade |
| SHA1 | 002d2036c964ebe2900a73d6eac2890d236e37a7 |
| SHA256 | 39f163e2c3fb18f9deb71a6d25307de62de853c04085a424baa6d23b7d2450ed |
| SHA512 | 640d50d173bb798ae4ea2573bcf56a8de5d88834e4dd41062b54eb5d24653670e92de8d78e3e3ce5fe870248649fecce810ea35ba5d6316179b69c6b27638b6c |
C:\Users\Admin\AppData\Local\Temp\wAos.exe
| MD5 | 4d356381a77b2b20328a2802982d2cb0 |
| SHA1 | 3223f2d007e946787473891ba502ba8fbc7041d2 |
| SHA256 | f83bdbdd2a2f1e6f8b3fbb512af05f8a7a7fff93ee275772e54256e9558c0dc5 |
| SHA512 | 2e63e95208f85b2084efe0552c2a1baa9d9a66e14cf11703e93944dd7935ab9d3c7d8b3db213c8463c10b5674329893566eab86550f17c1460b0fc4df63ccf33 |
C:\Users\Admin\AppData\Local\Temp\XqkckUwk.bat
| MD5 | 21d4a95e0d4b2cc574ce5d285dda6f17 |
| SHA1 | 4d98d23bad716125eab71aa5990089e963075dd0 |
| SHA256 | f9edf7b93636f24039d21dbf1d5954038e2977a6994499701b22f154ba15e0e7 |
| SHA512 | 600d830f1207e5f8653ed394160f3d1aef8ae2f8651590eb5379ef263b751ea7c0dcdc3a56f6a5b368e39c81e8c6012fb9a371963322e8de1edb2942c213cd6f |
C:\Users\Admin\AppData\Local\Temp\ecEO.exe
| MD5 | aa130433c1fb8146f02d16d4aaad3557 |
| SHA1 | c3e498bd586a6a42ea524b6463e018794427b462 |
| SHA256 | c3166993054122e6607ca5fa4952554fc64f5767910e857ef5e36589b5cb8fe3 |
| SHA512 | d953c70a078ea96526e8cc23ba38615c6acccd0d7da0ab41b489ce0818f3fcb43c9ef2cbceeceb89304c11aa007a8801f5962e6194953063435ba450410330d2 |
C:\Users\Admin\AppData\Local\Temp\gIcG.exe
| MD5 | f4be699e492031d187d6a9894b88cefd |
| SHA1 | a0fd86176c5af8bb98653303df3b6e36fc724601 |
| SHA256 | 6de01709590d6b881b61baa1f43eb4b439b6ce5b1ee97f259e39b6ab127cecd0 |
| SHA512 | e4c77631f100bc2fc470e1cce9ef3e0c9e10bc88bdf311bff81cc4c8de2cb7405579b08d41c10c7a95ba18497ce0b769583ad04014176c35a6e8f6cbfa30edb7 |
C:\Users\Admin\AppData\Local\Temp\EAEO.exe
| MD5 | cb05017ebde3bb20b3bb40d22c427da4 |
| SHA1 | 55c284a7a678991b6daefe5cbebaafd5a41ac76f |
| SHA256 | 335be4bc130c5a6ee97d818bfd9d11879a28c9f0a734a6ff965ab1cc172121a6 |
| SHA512 | fd89f93f603b192c29f4b62940eaad7b208243dccdb474c36ad817b765b5f1be3a9042fd4c0ce9e82b653683c9c8f5a8b8c49d19e34032d08d97892b69241b65 |
C:\Users\Admin\AppData\Local\Temp\sMIs.exe
| MD5 | 04c972c3e3d7cba1f55347a5da4161c5 |
| SHA1 | 62ed929a664da7dfdc8351e686cbe21e2b85c063 |
| SHA256 | 6acca4bf057546a1cfa07a243d3c6bea5584b54f691f1f7291ed7f5b947ea054 |
| SHA512 | 6fdf7f8b52e56713c5663a935949b942f43af2a53033ba6012da4ee5d2226f8d231b673254fa0dff0b66bf0a50c88c7aec92c11e2cd2eda5ead183c3d1fb7212 |
C:\Users\Admin\AppData\Local\Temp\lyAgYsIk.bat
| MD5 | 51c3b20cea4e192c67fc1dc2cb13fe89 |
| SHA1 | 1a79941b7115d50706ac966d2b97a09de474cf5c |
| SHA256 | 9a3f43311a106816d368095db760356b33a5f915a2c4cbefb33425022618f21e |
| SHA512 | 10239e357156c20453f10f2a6da8c569765309c921dd56290f9c504e47b1064749bebef72e3070ec606f964cecef55bc9446be6ef3423755b0331084baa81bc9 |
C:\Users\Admin\AppData\Local\Temp\qMkw.exe
| MD5 | 21720686503a98f6b3e4bd86177a7b04 |
| SHA1 | f0bf89a1c8d470446584bd14f0074e71b365d518 |
| SHA256 | c74fe2e2a710e8b3e9392a6a5aefa9e99286756f571b6f599559ce1a7b7e9e12 |
| SHA512 | 24ba619c7c8bfa6b0c0b1c4f665bde9a83293c1f62ee62ca6aa9e6d4ad096482d2b418ebb5e98a4a9dc991c0567c8bafc6e328459eced3251a306d22db5e9bcd |
C:\Users\Admin\AppData\Local\Temp\MkcK.exe
| MD5 | 959cfa7bb4b6e2686f64b4e3ada0bfc6 |
| SHA1 | c4a8368e92ef6ee743090dde15c077a4461d56a2 |
| SHA256 | f80ee988fb5008a16d9644bb0aaa58df36bab11d82a8d9348e4572edbe71dfbf |
| SHA512 | 90d8188466843c54c4442d4c51601053dd0aa0855660f04ef8381812866f447358ba1807ac8c9d378cb6af7f6a99bc66aa85f151c600b6171b565ee0f9f13adc |
C:\Users\Admin\AppData\Local\Temp\mAMS.exe
| MD5 | 38f1ce4c4b31738b26f77818457c14fe |
| SHA1 | bea04b6ca740a302e8da2882b55707d0f76da731 |
| SHA256 | 7b2cae753cc08eaf6e6d00b3f5b9f0815d0f357a226693a0530ad787c3782c8f |
| SHA512 | 8fd9b7fbcbf2f8e9e424d9cc921c032ca94d61e0cfb1f70ef66eee1d94decc524ba923e27bf401ff5254e522fed8fee429c9cd830a77ce9f7a76e5ec3546ab6c |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp.exe
| MD5 | 8ced999421d6d7380e6c95071551c529 |
| SHA1 | 1d3cf065ed782c37f66d7af04051dcb4181800f3 |
| SHA256 | b3825ebb01b21dd4396b0f94a9e0d8f6f5ded3a0e210c7feb4660f3f2a84dc02 |
| SHA512 | 12605d8df27f6af8e8f013ad9a75bb3c51c07b154e3eb6720ef3d580fab81c7a15755f7a75b422a283582d64eead127599d0983e1a38f19f4e5a3bb6cd75acb1 |
C:\Users\Admin\AppData\Local\Temp\PsgIUYso.bat
| MD5 | 78a96c1da8e6f8e49fd99232066b36f1 |
| SHA1 | 830b908c56763f7ec2f27f2cce3cd1b4717a6e66 |
| SHA256 | dff8dd9e2c6fb50bad611c600b046bc77dd0306530c3e39b22cc49a27548b93b |
| SHA512 | b22ba3d0b32f178ea9b97440c1b020b39e0b73ad3bd01ffbe6e75ceadd3175ac0fa6b81aecc147607f5f5ba1d56a1d1c3fb839461bf625c651915b05e7f8ed2c |
C:\Users\Admin\AppData\Local\Temp\cOMwUAEw.bat
| MD5 | 09aed638dcf61da5507eba56d8d713b5 |
| SHA1 | 7b4bbbc0277b618c850a649eb715c47aaf00cef3 |
| SHA256 | fd874aefc38371999f0efe32c56d7a5336315c5f99807ca39c1ea9a90e79c8bf |
| SHA512 | 6401083bb5a85c3bbdfbceab6ee82d95c63539b1b1c800a13d2247270f172bf8be97b4012410262427ed4a485c6c256347271c32fc1ee23c5eab5d1df6258c46 |
C:\Users\Admin\AppData\Local\Temp\KMUC.exe
| MD5 | 771d01bc20a6473965f0a691aed09bd3 |
| SHA1 | 1c7f2d7c0650790f671bb5ad10177e9cd347f1ae |
| SHA256 | aac05ee3fb21cbf0d2b67a543b0c562d4f5fb2cdac1cf2073b5e4ba1d3da804c |
| SHA512 | 700e36a9ebc2ca49268bf372aad7fcfe8998d58f131401db3ad2992bcf1235c03d1528dcc37432d72d965f13c42747d850025df87ebe8c17b461182bb383ba7b |
C:\Users\Admin\AppData\Local\Temp\SMok.exe
| MD5 | 71ee518c140eaa2cc8cf1ad0f2144672 |
| SHA1 | 972d75c7b0fcc52d6539c8dd8f35b94156893902 |
| SHA256 | 68b5fca17ef0ab7ba50fa12e1175e6b15cdb04101a160c7ed8e35a5a52089c90 |
| SHA512 | 845e0edce170203eb0a9b1959e172c67785ddbaa7089f78829735517b0362255f0ded63104a9516226f2903c812180686ad4d79a6fb0b355ab70696272bc2f62 |
C:\Users\Admin\AppData\Local\Temp\WAQIUQwk.bat
| MD5 | b97602eb03abd3f5920ea80ec9af85a7 |
| SHA1 | 145c689b820c14c0b2f877efc849e5ed14b736f8 |
| SHA256 | b479023de55f64c00a083fb108d3e5e26d0f98ee752196e13f17188494eadc1f |
| SHA512 | b13e0ab39b96b35de06d0cc7c687b704067264c0cd163d23a0ef6649d0ab486c252df5bb36575b48d8030e083f448820c0673b030225b1f5dbf087fff890d3cc |
C:\Users\Admin\AppData\Local\Temp\WEMm.exe
| MD5 | 9f66ffdda53aa8c5d7e69990c00c8ea0 |
| SHA1 | d112b0dfa976eeb70834a7100b59035caa9f8be7 |
| SHA256 | 37156939cc368b1f4efd86ed747ffd119a3209a92552e6f78a4a4b79a7d3d59e |
| SHA512 | 7b84b6ceff63b3f591368f5711345112fbf8a3d44688d9a7093c700ecc298c9bafc02648522d6265ad848259031fc5436bfc84c57bd76d937218419f0299de4a |
C:\Users\Admin\AppData\Local\Temp\eoUQswgk.bat
| MD5 | 2a5cb862f3528199d5c5dbea43d92392 |
| SHA1 | 294cf4510d372bc5cff79f826bc9ddbb70082351 |
| SHA256 | 13221de8b32f02b94cb2bbc9a22688fe2d6fc8d7975c3caa26c8441f314d96ec |
| SHA512 | 940e678eaaf5c28129740292ea6576fd7f8e62ce43bffd534bf476cc7be9961945c7241e15af415abd42731e61c3e593aefb58415c87bebd11e80eff41a960ca |
C:\Users\Admin\AppData\Local\Temp\YQUE.exe
| MD5 | c9eaaa87d075c8707f46bf590a0324e1 |
| SHA1 | 011c1fb026436caa45abfbde50ff3d9d5e9e5a96 |
| SHA256 | 8ed62effa839cd109f594a7d010c9b35c990c58b244bae8dcd037af27d2a8108 |
| SHA512 | 18d84eeaa1a2740e1bd1c540e4616729ee085e1969c3348d98fd1db31acc26d0f013b089267b06a84d2f2ca132e89d999f24feb0ba9c0ba08fb813367a2c2d7b |
C:\Users\Admin\AppData\Local\Temp\EMAe.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\AppData\Local\Temp\qAkO.exe
| MD5 | edfd2eff0968b1e59525b5b9fb4fff38 |
| SHA1 | adb060287d94779b61ed3cf4b8fbfbc07c83ea09 |
| SHA256 | 116b4f6f752e7e3c30b0670f448bb83aaa786e3b50ef0bd343f2a342d43e8d39 |
| SHA512 | 56686423b9f46b8d7b3a6e541b077445a5b2b3deee2f14f671177f7babdccb17695e2182233488105f811760ad0d69de0a6cdda33dc07a9496d8c8c5934fbf88 |
C:\Users\Admin\AppData\Local\Temp\sqYowQUk.bat
| MD5 | 613ea6f621b1fb908338d3a1503aea75 |
| SHA1 | 1b5c26fd81a8c17aeab1b40dae675720a4abde02 |
| SHA256 | ff0804c35899a7133d072be07d8e6e5b79d05537d993572df376f9d61e695fe9 |
| SHA512 | ff24860d40b1b0a697a641c1552f1e40ab396ea1c0c53c55aea854096fafc056a26e0403935758cb5616801f2eeffe7f6b1e84d8c16c967390d8803e6968908c |
C:\Users\Admin\AppData\Local\Temp\cQYk.exe
| MD5 | f70ebb547aeb1c059dc04e492c320099 |
| SHA1 | 78dce688e5f122cecdc7060cb9cc057b11bcccd4 |
| SHA256 | 02cf20cf96003d627c548a952bb7655bf4cae9de63e7e62e973f3d6795a62775 |
| SHA512 | e5723b6e203849e5a9ed9736770caa316ec196ef6163583393ae51bd0e171e4d978c2d9c98da1f3a86de63c7cdcbf9b015c718def3ba553421c12f56d1dc7e6b |
C:\Users\Admin\AppData\Local\Temp\koIC.exe
| MD5 | 07e56744de2457e3aa63919a3848579d |
| SHA1 | 697ccd5e7a44132f72a18eb5b5f0bdafaa4fa682 |
| SHA256 | 6e5d1a2ce74a54ab699903634141929769e50b61c5b19c95e8e9c01113a3698c |
| SHA512 | d8d8aab69018af5e0f90da09e74868ed79019cfc6c7d9cfdda543b4803a2cf3e7091d54cdf66a74b573f43d8ef3e7fe87fb398138299ca72cb3262ff8a061368 |
C:\Users\Admin\AppData\Local\Temp\SYgk.exe
| MD5 | 0afa25b5b31eb371f28e5093b46e1c68 |
| SHA1 | 66a7219c050aa95c2a8cd76b96059f57563836da |
| SHA256 | ffeea3d6a0e7d849b2fa2c78673763bbb3d5a1a10d7446d5792dfdc6a6c606f6 |
| SHA512 | 44b9c309d2b8613fc325604339a74978ef57f38d80117bc3bedcec3113109599484a2d462a219df015733fe093b385351fc63787a8a000462e1f79ff1ee3394c |
C:\Users\Admin\AppData\Local\Temp\yoMM.exe
| MD5 | dbb9114159dddd43b9e44a5d9d3f3b07 |
| SHA1 | 884f4d0bab4bb8e07e48c2b4832c6c1295158c4c |
| SHA256 | 0aac6c4be968c7a1ec52ccdb096c5274b1e2de19be2c9f4109385926546db0d2 |
| SHA512 | a35a05820ee256b195e53be775be0cd397c03daefe025dc0b48bf56f32649c989650ff9ab72126e03e0099f9b3598f5223afb4e51b0327eea3034d3e0e8f5d4c |
C:\Users\Admin\AppData\Local\Temp\AMsS.exe
| MD5 | a6a9a6613a256f1322eec1dbf2dc2b8f |
| SHA1 | 430a6ff8ef33a3299d2c28a42f60c87abb2020a7 |
| SHA256 | 8a86d4e6979974106a6cf17f5a01c04576bf404ae1ce603e3ed659dca53709c5 |
| SHA512 | 75e74e215dbfb80ddac77bddffdd24f6c30eee2a983984aecabcaa8d945319b084cc60bcc328019a0cb9e36d9fdaf9200c0117ad2292a2980a72f03020997704 |
C:\Users\Admin\AppData\Local\Temp\fmoUkIEw.bat
| MD5 | d3ceaa71b94be731dcaf174aa714c635 |
| SHA1 | 2104b2d8880b5500f01d990ef2c3f68775706252 |
| SHA256 | 9749f38a634241de6d5c484193db9dbda404d9a900eb4a2fe16f1ece0ebfb85d |
| SHA512 | d39cb6ce109e3d893191dd6744b8fc10a329ceb09f39fce14ba93d58354c30f9cfc40ce3c9d2e669660a3a8669ce705314e7da07742d48b7f9e48a23cdb0f34e |
C:\Users\Admin\AppData\Local\Temp\XEkYYUMQ.bat
| MD5 | 7d66afbc7c7c5bfd03c35dac88ea641d |
| SHA1 | 37259c8bd5663a89f0f9c95bbae78d55f92d69d3 |
| SHA256 | 7eb23a4d0ad01fc68fd20fd125c67216db21af4600067bccd9fc17778418085d |
| SHA512 | 9356ef78f64311eb10024cafe1f8e2fabecbf1496b40049786c8b85e170fa27484da8d44f0c754b90b6c9c13c54de7107bad1551c92402d3b8e4c13328e35e49 |
C:\Users\Admin\AppData\Local\Temp\haUMkwsk.bat
| MD5 | bbf75777b58845507df4bd737199a0d8 |
| SHA1 | ca4614619aff19503c978152219a9f3b828b0558 |
| SHA256 | 913e140027eece430f08b869073d68ae5e591bf444042bb912d6c15d0a5c8207 |
| SHA512 | 975cfe81073c5924daa033eb515ed96e0c9729e1ad5b64edbaed440d298742a5746744b3ec102a236c74c37e2b2c61a3cc3db361166db9b448d0e8a7ad1a25ea |
C:\Users\Admin\AppData\Local\Temp\lQwYAwog.bat
| MD5 | 166b1b547e63ddf6ef7052ff700895c2 |
| SHA1 | 3c1a98bc57c010a45d4c9466203f242448b36567 |
| SHA256 | 7cab7b351b2e7648d179fa68b90ecaecd4f581e346bb228e1776c689ccb47445 |
| SHA512 | cd1b848d2547a3a225346923d429b6c0b2e2620861ada676b696ade0acc0277e6faecaf093952ecc624a2b9b9b33ae647e2a9c21135c2472c33a655066b5dd9c |
C:\Users\Admin\AppData\Local\Temp\cEoMwcAI.bat
| MD5 | 2ea10d3eca11578ed9417ed3ef486432 |
| SHA1 | 93e95cfca6b4a131aab2f7c6f56eaa23ab096134 |
| SHA256 | 8a31ff10f3042533bf63de3a495a84752bb0f21250ae2deb7b14bc966436538d |
| SHA512 | 3dac121286d2be734cc9005755661ecdf6df12fad3057cf9ea219ecfec02891ddf3c7e0b5c0275983db0d49262cc9fc1cbfad94bbad106a65c3b8bd82e40b249 |
C:\Users\Admin\AppData\Local\Temp\siwUUkQQ.bat
| MD5 | f09b17a783f487de9280fd6c8c3c0def |
| SHA1 | d46da699d0d4eb7ea0ab5be3bcd46bbe555b0600 |
| SHA256 | b41fc0a19408a54ae054d2bc4d202505c99232b390c4bc7cc0120a57a6a9668d |
| SHA512 | 620d2b8cf24cf37721878220bf0559c4e8327073222a4c9146c0d8e1293efc3e2527a0ebe58a0451e2634da5132acaa9fd241e37c1b7783fa9fe0bd1f020a865 |
C:\Users\Admin\AppData\Local\Temp\SyYgoYkk.bat
| MD5 | ef4fcc6923fb71e771443d1fd72b9d4a |
| SHA1 | e41b5c3b94a636ae9fc39ca00ef9a9ec92b4e43d |
| SHA256 | 065e1937ff852c78f7b5c601f96e61a83be4bec4fbf398b7ed795e8720f8278f |
| SHA512 | 71b1ff58582f493151e768b06b8f13f3e8800b702ee3974b5e7066f57af2c2db6d2a36799f3eb9628ba81ddaa72f20dc26f123eda5bb0ecbf5a4199766c84bfd |
C:\Users\Admin\AppData\Local\Temp\WkwMcYIk.bat
| MD5 | bf5308710a30ca50171b4eb1d066e6d8 |
| SHA1 | d11f9afdbef0d003b06dc813f83ad93dd6d788fa |
| SHA256 | 2d58b14dd5c3655b143b2409a4c5c49582304fb7f52f280a49a04e3d5b5d6a98 |
| SHA512 | 75ffb5d4c321d369c414f1ee579ed2832bfa24d3e81aea13be826689ee20660c8085e8b40027e33a13b27215d938f5f70717292017cab313757ec964f0a76802 |
C:\Users\Admin\AppData\Local\Temp\jYAwMQIg.bat
| MD5 | 9314ddb5e5b323dc598fb4f285145115 |
| SHA1 | 0b323105d5a41c2d1f9a7d76e47ca6b9d70e599f |
| SHA256 | 1cd5ab01965fce9eb19382e24328f88f54420baeb9ae81a57f73db16b92cf48d |
| SHA512 | 49df9bceefdef4c33473514a677d1135259f44865eaef0491f4b2e24abc2f2df20db3e1f63ee28b5415b0b410424ea598d4d2551a63f704b8365c28815e575f3 |
C:\Users\Admin\AppData\Local\Temp\tcEAwEcA.bat
| MD5 | b449ca17bd1ec0838212369912fa4d3f |
| SHA1 | f41c764a4c52bcbb8ce6c3a3c6739f185d60f9c7 |
| SHA256 | ca2d3e2c7be3ab8816fd1627f8782c6159484345009eca30f6b7371eb4f47dc1 |
| SHA512 | ec57ce739ffaef5604a82015158dcda809c38a18e001a7e679a9cc72e671517fdda9ec7db4ed832ed7a061de0b9449b8baa63f77159ede54a7d04dba90f52369 |
C:\Users\Admin\AppData\Local\Temp\dmkgAYwU.bat
| MD5 | da7944da5716c96a2f8b6c048475f5fa |
| SHA1 | dc5cdd1e727b4b274ecb2d0fcb1755c771f344af |
| SHA256 | 192c9bfc5ded0038984a5b840ce0784053145057d330203928c27096c9766986 |
| SHA512 | f0bdcfa954da3bb97f3e466ba8f3baa2275da1d93f8fdaa86b283d5af9e31e9ac2de6cfb2d4c0d890c045260ff432774652c191d49b867f8daa63789ae984f9e |
C:\Users\Admin\AppData\Local\Temp\fOIIUckU.bat
| MD5 | 1742b85e5103152ea143d975be6350e1 |
| SHA1 | d27e7036da71ff2622374bb9341d2024c348baca |
| SHA256 | 38cc50f4e7789f93e8279ff30da6aad668546a82094ba0cc6877f84f32efc524 |
| SHA512 | 8b3acaf20a99a8dd6607208bf2d6379ef0784c03378830a696e68e11c272f2647892bee017f7bed1b4c754520e5afa930bd698c96bf2f01da8b49c5896f00f3f |
C:\Users\Admin\AppData\Local\Temp\keQIssAU.bat
| MD5 | 0c7048449c50f6a63a888c78622b3177 |
| SHA1 | e4c4180e073af4fec5de58cdbc2af488997bb685 |
| SHA256 | 28cd1a08bc1a302af15fb5d4da4cc5816bf60061e734b45c7dc37ddb342344f9 |
| SHA512 | 953698e7d40dbaae1801cd858f04aba9e648fb7543277a4740483a15a12ff1f42af5a188adbd171114146fe42922d3550afb7ff2239a9695b4c4d55e700a002c |
C:\Users\Admin\AppData\Local\Temp\mGQcgwsg.bat
| MD5 | 5ab4228b5557ba53bfa45bb6cb416311 |
| SHA1 | 6bc9d5021d9a9f3b5670870cd79c3681b18b5b49 |
| SHA256 | dfc4a396dfeef721719163eef183f42916890fbc2651cf60a8efb42e6f6a3878 |
| SHA512 | 889a767a263690a363e90f780ee955652d4e0f8adebde1b5b035fca7e053f9caea3ed81aefc2c685e5336da9d5e9f38759c9b6095d708d6128333056afde8ac7 |
C:\Users\Admin\AppData\Local\Temp\oCkMoIMI.bat
| MD5 | 7d6d5af3f0f1b363c007c396ad5aa70b |
| SHA1 | 9855d381221794b6507400ef49f80932ce80f941 |
| SHA256 | c047ae2478a78fdabb0cb9c617f143339b23f96892ebd7fab6c8fc89f5b76451 |
| SHA512 | 12fe5842916efabd5069f117088307a24fae86708aa35f4be6e0dd1fe9d19ea42d1e967272cec6b05190d790c70596d9fcac9f767df8cf84dea26e768b326d20 |
C:\Users\Admin\AppData\Local\Temp\IGoIUMkM.bat
| MD5 | de4511698ed23b25eaeabd846f7d0333 |
| SHA1 | 55db4cbf59be00243aefc6ee71f98198802fd697 |
| SHA256 | 255f7033762926f85ecf5a6c8a4cccfe9f01efa9366962fcd165fb19e2acc42d |
| SHA512 | e5b299ac2f22ae609b7ad502c6ccf379f0b993c14a4bbce063afb2056adcebe76bbd7f926db291c82b5ce022efc32eaf7c92eb89d31d644ab9c79a1ff9ed7a74 |
C:\Users\Admin\AppData\Local\Temp\xawIogso.bat
| MD5 | c6ba59364879589d9ab345dbfb8471a1 |
| SHA1 | 216b6204fd8c2dc757ce8910cb52dd609507c22b |
| SHA256 | 8e8af8282d951a164cbd65c8d9479f5a7de4c7222ba2beea741541265adf3d2e |
| SHA512 | bbb9028a8a8c13cc77dfccc30be407a6712cb5f4e908b21d9dcf3170199c4b0ce95f6e30730ff514a6e390a8297fcca70e7ac77d912cea5ae8653fc108a5ef0d |
C:\Users\Admin\AppData\Local\Temp\XsMMkwsM.bat
| MD5 | 952ed53ce9940cda068b2774724169e1 |
| SHA1 | a589df5a53e394f824e1c2fa5588ede73e3143d9 |
| SHA256 | c45e2ecfb6938fa82518b32c9192c6e5f812f182b1fcf706f477e3f4cc1ed6c6 |
| SHA512 | b61c126cdbde5507a363c47215371cbee9e21c87b1c445158d79a613d61a93f08849a131abdad2b47c7d1566ca8848d8c93bfa1d6777fb363745b030c419906e |
C:\Users\Admin\AppData\Local\Temp\LIMAogcQ.bat
| MD5 | 20fd3010265d24e092af17ca69201a2e |
| SHA1 | 36648eee0f064510df921030f52a8becfe7b313e |
| SHA256 | d6c21b948958417ca98b682a573eb8aa1084b292d32f760f253ef53da13e5589 |
| SHA512 | bb7cdfa755bffb93a77c59921abea1663ceeec349cf4327e9b67e9260232b85ebe67545538fa80255eac03aae7b48f99bd64ac8386698e1eccd69c2138849ab2 |
C:\Users\Admin\AppData\Local\Temp\JcwoAMss.bat
| MD5 | f55c4c6c92f75199a6db062979ee5c96 |
| SHA1 | 72deeb46122ee189e5946881e9ec4c1b72e74faa |
| SHA256 | 6591a778afd36323831f458a42ef9ad508c60699e1b6134b74864a4708f44e4c |
| SHA512 | 563ef8e04597e471ee9562c71456ce85011dcf9d10a643f0046d8a8d8efa8b3e01c55bf7d14442f3566d31735059f50e9712318713c4645bec99c8dfc7acb9e9 |
C:\Users\Admin\AppData\Local\Temp\eAMgwYYw.bat
| MD5 | cfae6e4ef964b5d837b6de4023c4f9e0 |
| SHA1 | 9e60304e9de41e18caac833c83c2317ae5404acf |
| SHA256 | f183cbc9aadd67bf5e523161e8c1a60c07ba2ff00356fae5ea3461ff9d0f349a |
| SHA512 | f09c3700e4d937d3765dc401e83216a2b4e8b7a18a62afd841869b5352fa8632ab9eebefed61920bc98a1d99c8a677d47633593ca5673035790813caee1bc3fe |
C:\Users\Admin\AppData\Local\Temp\AokQYAQQ.bat
| MD5 | 83ce2ebd09fbb0d43b9da7acc14cf2d1 |
| SHA1 | 0d6454d6ebefb304340deb53e7fc28a6c8fdafed |
| SHA256 | 8bba406ce42728e1ef14207e7afd9509dd8e07dbe4bd8c2eb5397821b2bf8dc4 |
| SHA512 | d13eaf0c475c7e7b020ebcab76a0d281fd27bda378b42f8ba34f1b660cdd143835f73cea3547094883606fcc38146049b1c0a22930efa2786694bbe58025bdb9 |
C:\Users\Admin\AppData\Local\Temp\eSEUwEwg.bat
| MD5 | a87f40883ebc9c0aebc41692d26b309f |
| SHA1 | 4f01695770017e3d02e0b6f13d337469cca5e003 |
| SHA256 | 74137ea1e1795c5b7411ce558886fc7ba9fc76030ec2c58a4bb761f48b64f05a |
| SHA512 | 82c13ae77f477005c916cd66c120cce2271b8d22bf4ad028668c7c12ae7c7335f6fc0b53af0221e0b415f914addca0610a28c707113b9e842bad4d7432fd51ef |
C:\Users\Admin\AppData\Local\Temp\YysIgYoM.bat
| MD5 | 4b8f109ad771aabc170508a552c7abf0 |
| SHA1 | 8379498504a0dc9dea040564c8b43cceec3bf89b |
| SHA256 | a4b94edf9ada7a44922247ad8a4ab70e4d6eb9e0c78e23053d72f0079dec4f8f |
| SHA512 | 9c601e62f60f2b58835700223adfb87cb3ec1e093365067d3c1c6b1e53cecd85bc3a1a85625197f84a90878a8ae84877fed856599ded76953c96e3b772a69d44 |
C:\Users\Admin\AppData\Local\Temp\WQgEUsAs.bat
| MD5 | 1d117e82aba1c7db9a83a6f123f9931a |
| SHA1 | 38773b4a7ed95d83c22f094b8971142b11297087 |
| SHA256 | a1de84a72ec488c4158e4ca4492d29dd84225afd26ecd73ada7ffa170c7b8abf |
| SHA512 | 6df2a39de58065dc68f55f42567aa312f123ab1270dc643b208a3bbcaa4455a2e74ba08f138a4a601a858ab9a98f1730de368efb8562135c41456b25d669be85 |
C:\Users\Admin\AppData\Local\Temp\xkEIAEAg.bat
| MD5 | 5f91147a3fd7eefe99370f0a6f903b1d |
| SHA1 | 6b50f7b72bac69cce26dc18b58338e80889d71b2 |
| SHA256 | f0d0538f88e7ce9f3dc28c68c77f63a16e2594ae77aa4568593b2b1b9535b903 |
| SHA512 | 51b3de93c7e8f343e710b9956d9903edbbf6f44af0223698748a56a3ba0196956e9f3abc9d4098d1b270f72846a3d23dff13fec3e4a0c214aab497ce3b1f9dee |
C:\Users\Admin\AppData\Local\Temp\vkwQAkww.bat
| MD5 | 912d58fcde5ca25b2124ef7e378f201f |
| SHA1 | 518f37299c908325d4edf34dfa38531436461468 |
| SHA256 | 479421ec75417c3feb64526a88d8b6625de4d9433d150916e72f039c925edda0 |
| SHA512 | e21e08773271a5dcaebcede7603690592fbdd12e69489eb66407657376ea5614a9d7f9bd54496e3839f3f3f2074614df2a681bef411a04b57fc7397b79824b5b |
C:\Users\Admin\AppData\Local\Temp\FWQMwkkg.bat
| MD5 | 399756c58a265260db178e3768347634 |
| SHA1 | f119534f6a16f16363741cbfd86fa876016b3429 |
| SHA256 | 3d2e06bc63accdfc5e64f3a4c352b833965ef3e5d6b8ef482861fa2292e37764 |
| SHA512 | f5df569d3cbad46a9e55184081f257e670ab2aee78599e6aacf97d04d5c9c078a80fa1781e736824ab9e31d58cd326e1e0bf08e54d3bb3c3e0cd0917e6070fed |
C:\Users\Admin\AppData\Local\Temp\xisQkoAs.bat
| MD5 | d353c3098e15f49c93d0a010a8f3c8c1 |
| SHA1 | 3347ecbfa5d0b5210677728999d13e1ee6e76828 |
| SHA256 | 04d9f1adc5ee1a526274022668b258a0d1b605b2f15886008b89ad0c98698c9c |
| SHA512 | c076d4922f52520ad5848960d255cc085d0941f1f471273a88c79ffc588569b0b16f58b1bdd55e83536981737c341293809024f1ce4cf7d3dd7f6cbd37afceb8 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-18 02:55
Reported
2024-10-18 02:58
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (81) files with added filename extension
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation | C:\ProgramData\MIAgEkwU\GeYMccsM.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\dokcgYQU\CmkosAYM.exe | N/A |
| N/A | N/A | C:\ProgramData\MIAgEkwU\GeYMccsM.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CmkosAYM.exe = "C:\\Users\\Admin\\dokcgYQU\\CmkosAYM.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\GeYMccsM.exe = "C:\\ProgramData\\MIAgEkwU\\GeYMccsM.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\GeYMccsM.exe = "C:\\ProgramData\\MIAgEkwU\\GeYMccsM.exe" | C:\ProgramData\MIAgEkwU\GeYMccsM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CmkosAYM.exe = "C:\\Users\\Admin\\dokcgYQU\\CmkosAYM.exe" | C:\Users\Admin\dokcgYQU\CmkosAYM.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\ProgramData\MIAgEkwU\GeYMccsM.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\shell32.dll.exe | C:\ProgramData\MIAgEkwU\GeYMccsM.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\MIAgEkwU\GeYMccsM.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe"
C:\Users\Admin\dokcgYQU\CmkosAYM.exe
"C:\Users\Admin\dokcgYQU\CmkosAYM.exe"
C:\ProgramData\MIAgEkwU\GeYMccsM.exe
"C:\ProgramData\MIAgEkwU\GeYMccsM.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\luQcsYIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sgEoAUsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mIMoYowY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yugQUsAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qwUIYogA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vmEksAQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pagYwMQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XwIQAUgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HmMsgUQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ackEQEMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MoEIUscw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IQIsgMko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kQYoIcgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bUwYkEkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zcEAwscw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jQwYskQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vccgIsoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AqQUwEYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OwQwocMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ImAcwIgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TYwAUwck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vmoMgUco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zMsgAIYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pCQYEcQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OaIocckI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KAsokAkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EKgEkokI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jIwoooww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RKUAEUgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dyEgEocE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rmgkYYEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sAcoMsoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sMAwYYUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mwkwcEMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lEIYIwcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FUcoAQsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DiQQwAUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sQssUsQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AoooUAYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AEgIwAkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eykIIUwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xwwEIUkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xUocsQAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jsMYMQgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cQQMEEgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CCAUQckA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WKkYEMUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YmoUYIAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HwsAQIcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VSMMEAIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PkUgIQsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HEkwsYIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mmQwQIsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aYAUkIYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kmocoQwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yKIEEIEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jkUEcMoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xCkEAgIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lUUoYEAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gegIIAQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KAoIUMwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EuIQEwMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kUMoccgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FUQgwkkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lyQgEUwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JOsowUEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YOQUIIwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kwQQgEEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GqUosIsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GKAwIIQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JcQswskc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bKAAswks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RWogsooE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kEgoMgQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\amkIIwMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AgQAwAoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YgMEkowQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tGcIMMss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JAkEQIkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FUUEAgYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yqsQcIUE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iSYocgQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cSEEEwco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VOIEwMwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rGYIgEEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PWgkwYAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PwUksscY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EGocUQIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mUUQUwQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EkYIUIcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DIAwAQgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rygkkMUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LcQscwEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LGUEMMQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IqYYYEIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WeYsAMME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uaYwcEoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eSgssQoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FwcMMIwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XAccQsMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VUkwIwsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lqwgYwkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eEgUIQQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CWEAIsQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cawcQEAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BooMkAAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VmAMsgYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rykYkMkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LGUIYEMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WuMsYwAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aiUUooMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AAccAsUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kcEwwAgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fMQskQEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JcMgUwcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pQocAQsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AOgAsMYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\siokkwMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kgIQwUsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TmEoYkoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zGMoscUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PWIooYok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SUkAEgYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mIkYwgUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AckMUowU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CsQUIoYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZmQMYoIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RmgMMoQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JeQYccAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MGIkEUcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kUosoAgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CqsoYoEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wSIIgswo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\faAQskMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PawIAEIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\joQYYgUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PakMcwMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xGAIgAMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kSsgMkgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.169.78:80 | google.com | tcp |
| GB | 172.217.169.78:80 | google.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 4.73.50.20.in-addr.arpa | udp |
Files
memory/4656-0-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\dokcgYQU\CmkosAYM.exe
| MD5 | 5bb5f051ddfba6a3dd6b0fc1c339180b |
| SHA1 | 316bcf7a005c736f2981572b80e4a7ffe1098a2f |
| SHA256 | 9c5a142c0a4d20bdda1f78e43560fa7615858b1a5b3b48c3f14161b27d28dbde |
| SHA512 | 0c878eaf6f3386194055ab0b2ef19843c3b715a2f0c6893ded0f7847547d21a5d7de9d814d0ff6126a8d735a4a4cde0b542f188961ed344acfa113a6da5f9e05 |
memory/1088-7-0x0000000000400000-0x0000000000432000-memory.dmp
C:\ProgramData\MIAgEkwU\GeYMccsM.exe
| MD5 | 180f6edcb7d207bf5ae50a8b508d8afe |
| SHA1 | 6d6d71a8d4ad4f276d0f7efc896de17cff7a0fd4 |
| SHA256 | 3f8cd034e5595c4ec1e4b70816e2bc262e267d94f7afedef3d01582deaccccf8 |
| SHA512 | ac30a132b3993714a24827301073aad458526d441204b23868dbddb86d4f2fa7399019dd875ae3cf732b3890c5bdca4e233540e63bab19d5ef0dad6b288a59fd |
memory/2632-15-0x0000000000400000-0x0000000000432000-memory.dmp
memory/4656-19-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4880-20-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\luQcsYIU.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\2024-10-18_84af33fba0ff37b9bb00f062370754b0_virlock
| MD5 | 3d404187efd7b9fb9810d112bd8cc368 |
| SHA1 | 4c18184896e46369b2af6de3d84c25f44d3f051e |
| SHA256 | 410fd53c9634965c2b56efbf7a774d79014c98a2cd1d767adc51636e97428c5d |
| SHA512 | 5c1ab1a5309e0d2ea3f08e0e01d1291cf964de682c06812061d46d7bf8db454d36532c58fa511873564db9cfa9d215a63e752d57acb5038581b3b9a55dd27390 |
memory/4880-33-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4828-44-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4264-55-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2216-66-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2784-79-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3868-90-0x0000000000400000-0x000000000043F000-memory.dmp
memory/5040-101-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2100-109-0x0000000000400000-0x000000000043F000-memory.dmp
memory/220-113-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2100-126-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4192-137-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1160-148-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2920-149-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2920-162-0x0000000000400000-0x000000000043F000-memory.dmp
memory/372-173-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4760-184-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3644-195-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3052-208-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2252-219-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4072-220-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4072-231-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3928-232-0x0000000000400000-0x000000000043F000-memory.dmp
C:\ProgramData\MIAgEkwU\GeYMccsM.inf
| MD5 | 0075286ce4f7b7b8e9a97e6181659ee9 |
| SHA1 | 7af6af7d81a13a9bcd92e03af541a830a915249e |
| SHA256 | 634a72bd8396ade4e57ccba10060250eaa7d2616d74a761f97f810a1da64bf37 |
| SHA512 | 583b8b949dea13f38763094541c5bcea92f672fbfddf99508128e647156e7bc526bf2860538bcac9b4d415f2fe1d07a260775c55d636c63fe192ef168ff9ab62 |
memory/3928-245-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3836-256-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1628-264-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2108-272-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3612-282-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4824-290-0x0000000000400000-0x000000000043F000-memory.dmp
memory/820-298-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1988-307-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2236-306-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2236-317-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1580-325-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4172-333-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3472-334-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3472-344-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2336-352-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4868-360-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3652-370-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1856-378-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4964-380-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4964-387-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3636-395-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3448-405-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4516-413-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4468-421-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3572-431-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2216-439-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4048-440-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4048-448-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1008-457-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3576-456-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1008-467-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1072-475-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4804-480-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4480-484-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4804-492-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4672-502-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4612-503-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4612-511-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2296-519-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4808-529-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4400-537-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4824-545-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3720-553-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2164-563-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1680-571-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2712-579-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4828-587-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3472-598-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4948-594-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4948-606-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4416-614-0x0000000000400000-0x000000000043F000-memory.dmp
memory/208-624-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2920-632-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3572-640-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4880-648-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4044-658-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1920-666-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3532-674-0x0000000000400000-0x000000000043F000-memory.dmp
memory/8-675-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3532-685-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1524-693-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3716-701-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2884-709-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WgkS.exe
| MD5 | 78294a8102a2929086e239f733f16ea8 |
| SHA1 | 5930e410bd90378d4aa23ddd494c3b12978479aa |
| SHA256 | ea6100c8b8896cb8dcde860df792e5eaef23019b460304dd70f278b1398eecba |
| SHA512 | 628b19c2fd6e3cbf4500121b125b4c566c45c1efd71719b8e81ed67cbd8de6ce71601b1b76b176c6d4543f2b381f2872362ff441952f8f39e2acc1b6aaed25aa |
memory/3484-734-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KgYe.exe
| MD5 | 86fe5367c7bf9f59ade611253219c01e |
| SHA1 | c3ce6820d4703276a3cc7105428aae9cc1ccc9a3 |
| SHA256 | 6f3cc7916064242dbb8ff7229e3f1b753c71fa9416a43fc292439c6da5474a83 |
| SHA512 | 394aa2b61e8249ef30b2100da8a53ab25a551ad968e8ce2887c3b285091d54662713be695a78d561542e9753d06793400b8f5b0f6360344ce8f78a11e4306e61 |
memory/3468-756-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\SooI.exe
| MD5 | 5a366cdf8166abaebd0ed4a81bfe5b3a |
| SHA1 | 322dac363af482d60acaaec7d41607a990254780 |
| SHA256 | bd08c8bfca0d4dc2e60b444de01580ff9fda4e2fd7be87c66cc41cfc8b4655a0 |
| SHA512 | 42a82235f45a6cec6fbaca09b3805978d2ea7fdaca62dbff9cc484cdf71442d79a8982bafb81650f4687219575538f66c40df98d97473a19948ffbc73052bb4b |
C:\Users\Admin\AppData\Local\Temp\GcYS.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\Users\Admin\AppData\Local\Temp\CAsM.exe
| MD5 | b0916e754d7a956b66219f84e770c64c |
| SHA1 | 2ecc4495e2dbd57d0a4447367c3f85045dc17419 |
| SHA256 | 0b6b47548829cdb5a410e4bd6de7fce4343dd1e6efc59e41b207f3ebaa66283d |
| SHA512 | 2c8c1534d4897f0fbefb2a7aacac17d04ec3777867544db643e0356d75ea4d3585fbe4d07f4e28f743200d4b2e0646d4f5d7aff4096a95833b3bd0ddf8665426 |
C:\Users\Admin\AppData\Local\Temp\KIMG.exe
| MD5 | 238e28f538e6055ce25c2c3ac473be2c |
| SHA1 | 5a5054741b7d7f716a754fd1d006aeae50e880a0 |
| SHA256 | 7028b6a1b3e95dbdbdad4b3d1167dd2b9fe4b2e0eaf87153828ea7a3ca78bf03 |
| SHA512 | 2fd9db38798669a85700fc859c5adc6b7914b6e3e7eb925072275e507485a6ee02a7a561c50d917abd230d51f32f3b677e275411d755c55d5979641b4f3974a0 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exe
| MD5 | c3682b84d15a0bdd6338227a263eb6bf |
| SHA1 | 6238064a47ed7072986763781d700ae285bd7a69 |
| SHA256 | d30d4785dd9f204dfa9d9b5f477c1d2d5fb42b2c363b9e8c4ffa6fe59dcc0e31 |
| SHA512 | 1e3d37751388db996c84ca6bba3534ca868d39839bd8c888ea8fc267cc5012026be391b55b96c8aad9eaadbb52646a74b7675a8a46c47660aa6d4cb2d5a15395 |
C:\Users\Admin\AppData\Local\Temp\yooM.exe
| MD5 | 910cd3ab5975e34ec48eeeeae223b585 |
| SHA1 | e7ca5518ff57d5dd5c380c9377d85b5ffc5bef8d |
| SHA256 | c567fc9a9ebefc5c949ec5b1fe804aa85fee73e6ae9df7370f735283f7e1a9a0 |
| SHA512 | b70201ac8fc3d37fadb7652ba242673b4068b85d47a9b4c82ec3c37e02e872ca5a9bc91593dbf7ce4e4bad923a54e9773ec9970f83f298009c27d264a8d790c2 |
memory/3932-834-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1008-833-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gQQo.exe
| MD5 | 720622b6dcff838ca83be0c38c49f127 |
| SHA1 | 1f4e410425995cffdf395b57351f9b7ce9757fc4 |
| SHA256 | 3def39dcb1833a65820603364314e4a964b64a7e5b3def5bc6f6b126e9191e8f |
| SHA512 | f57fcd96262c4d9f18431b12aa968d251e32c0c03fee18664dd70129124ebdc1860782e23c10cdb544aa2153a9e50503a79af6d5896aad49d9d994236c0840cf |
C:\Users\Admin\AppData\Local\Temp\WgcQ.exe
| MD5 | 0aaa83d625d637c09b070f1b3b6662b9 |
| SHA1 | a08854a7fb77b1f8b66a73da893404e3d35fb581 |
| SHA256 | 6c276ec8628df488c1f4ceaace865475e974178b73216017d7e0b2a77c79a723 |
| SHA512 | f3020b372777e5712d657ca1109bc39c56ed224ac8695b748154399bd294f687bb5f4b52e2c319e05b487608d5f084ba258bd9bf7b16c7909e8c633b058cec77 |
C:\Users\Admin\AppData\Local\Temp\kEMG.exe
| MD5 | a2ec8cba19f43396dd5af196c531a341 |
| SHA1 | bec86df4fc36d4c1cfcd0668b8f87136e69392de |
| SHA256 | a34f51cbcb888a1c757aacd1557f10458f3da994103d092370bd42d9a6005986 |
| SHA512 | 89a6cf07f6ba510fbf8b1def7d7aa689a15b6ed750e7970dc10664cc0c9b50d9de61a27ee559a5e7b1f12083b6f558b5be7085ae14188c6015730676e26d4aea |
memory/1008-886-0x0000000000400000-0x000000000043F000-memory.dmp
C:\ProgramData\Microsoft\User Account Pictures\user.bmp.exe
| MD5 | 3b4b92bf98567aa4998ebe333a6c3721 |
| SHA1 | 9db0f789b707689188ca76f47dfc6e3924d6affb |
| SHA256 | cf5bac739921159ee847020917ad251a1bea52579439562f31e5c004131797be |
| SHA512 | 85377c592529c9c6def6738ec7ab9e7e95c036699fa52e57823b56d1a3d61c356e3180cec56aee70875a29720098cce790b645670072e20dcf28b28b5039b025 |
C:\Users\Admin\AppData\Local\Temp\kcQC.exe
| MD5 | 2db989c2caabddb022f2a5d56ba06f15 |
| SHA1 | 73ed33f137ce814c68e55358423ff21f82c8613f |
| SHA256 | 234ffdff77997bd202c1cb7039c7863bde05d3ec08c0d7de8e56fb856dd4e155 |
| SHA512 | 93cb139d42b1538467cf0c8d1b2bbab3d28c77bdc7080c6d081663c33d12d144d508aa34205ae4d1bc1c82cb5510068ab3a69a3c63116609bb989988aaf1c317 |
memory/4100-922-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\wQYo.exe
| MD5 | ebc544f29defbb8e71064a32ba489ea0 |
| SHA1 | 6963c7fd751a6b02f459e7af096fe327e09b48a3 |
| SHA256 | 6178c6c195d65961090b16d32f4a284b06288ebd802836317db62d398477eae4 |
| SHA512 | 239fbc924e11e3e5afbbd6ab5685cc67d5a9746ab7b86edad0f630391149eda6d2ac3dfc97240ab1cb35d234bb3e3250850b68a475ba01a56d74b1456b8ae885 |
C:\Users\Admin\AppData\Local\Temp\SQsU.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\yskC.exe
| MD5 | 1425d2db056ec0bf4f31902b7861f5f6 |
| SHA1 | 297f62f0454d2550a62914ddd9ca576f2497f890 |
| SHA256 | 3b1e1f4d9165839c3f6a77c4af52c92e9618970125b2ea62a75763c5ba5d7b56 |
| SHA512 | de3f6cfed689f031fa7064c156f13ac4699840b75bf8209b18b58b92058bdcb93e25c35d19b7ec1d599c89777642f0e551e65328ebb5273435dbe4eab0323bf9 |
C:\Users\Admin\AppData\Local\Temp\KckG.exe
| MD5 | 1f4046a28aa5e8449d1e79337a78292f |
| SHA1 | c29249eaa422dfd1d3f3b720a53510538ef1281f |
| SHA256 | 346ef13bf257ef1538a2c8e8b32e9037f7d67e817daca567aaa5d6cf7e3aae8b |
| SHA512 | dbdcab7a855bc74eaf5117292612160d77a0af516b426e97ff4fe41556a1cf4025fbf5bcf4f12c8cd361044e734fc6a60192d3eac6d646a209d222bfa7bef9c7 |
C:\Users\Admin\AppData\Local\Temp\qgMy.exe
| MD5 | cd454297ea2244726944e31bcc672a97 |
| SHA1 | 86b853aac121bf14e738b29c71e15a3e3412d36d |
| SHA256 | 1248c1f58cf8f9a479f34dfbaa2d887a22602d58116f1bc92c400feaae3593da |
| SHA512 | b0e0ece08afd21f242a9b26227c80d3201b8ea6b20787f2309d4fb9531714723f33bfef2fdd8a7dcdb95d75d5088a5ac27f337fb9041ecc01eb89c0319859a18 |
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
| MD5 | 40513dbccc61fbe242b6280845991dc3 |
| SHA1 | 3d14e2df2a58937a837ba8832faf4d3a11f35c4f |
| SHA256 | 7eac089189dcae8601e997dd63c675b657196a643b36fe4a97f4f4db03232c28 |
| SHA512 | e92a44b5190c3d721772c8f101f4f2a8919e939884f8d0dfdbd6737223e80fcfd787d5abca35e188e9380d4d9e5245fbe149e0508ae1457f0a2a3ff55b6eb458 |
C:\Users\Admin\AppData\Local\Temp\ywow.exe
| MD5 | d8a105a03252357d9978eb228ccdff27 |
| SHA1 | 3bdc0e9e6f8b4591fbc9c92c0c60bc57f8010b29 |
| SHA256 | 722f3a2085f88ce3df641ec33b0334fec157c34b01e6db89c408a12f08b276f8 |
| SHA512 | 666c55d559ee0d92b7be3a288db2c1a35130026a6f5f5cbaa4a3a43de10a25f6d5a5bb7c129c09097719864517122e425e8d8a9d7cbcfa745ba1653694fd590b |
C:\Users\Admin\AppData\Local\Temp\qYcg.exe
| MD5 | 5246698aad43d1494dc8a0816009d1a0 |
| SHA1 | c6d2f7a09ff85ebef3b797b40cbe3b8e45fc344b |
| SHA256 | 6fe83634f5bcc1bf9d83f0e7dc4519b2fe7fbbd127eadc7e6235ccb3820c125e |
| SHA512 | 0629917644fcaee93e8582af623b230b3434c4c582907dcd94d0f085db51a45cbbb7e678d64483fe1d2bb4aff2f1d50f04db488ff5de7156ed26fce9c93c6e1e |
C:\Users\Admin\AppData\Local\Temp\OcQa.exe
| MD5 | c35e193f58d922ffd763d346e5fb3367 |
| SHA1 | 04b9f9035c2647ce0401bfc9113579bd811bfe09 |
| SHA256 | b9f5b8effb56c95cff2501f3893bb63657de752c3a91773d3b3f0925ae4e9cf0 |
| SHA512 | cf836f1f64609ce2c8ede4f9e226db6633daebb6fe9fa64db038f211cd8bf1eb8534edd74ef280768afe8df145c726478641bffa3ae94c90efd762d99af86f94 |
C:\Users\Admin\AppData\Local\Temp\ewUO.exe
| MD5 | 4fb0f2163ec62a5443c0479b5ae17426 |
| SHA1 | efd13ad36bdbe8b02a3cdf0553b61193c8ed56f8 |
| SHA256 | ca2f8789cbbbe07cc0f840bd010a953f9f8d485967eebb9afaddbc609b5d933c |
| SHA512 | 054e42c003ebce47bef27f4f1f70e1e44d094863917893fd20469d5cf98a5a82abc9f121cb2c61dec8342c5270a5608584585bbecd642761993d479e1cb36ec0 |
C:\Users\Admin\AppData\Local\Temp\KQAS.exe
| MD5 | 07d5b650e5b04600f8c938bd441bf625 |
| SHA1 | 352f67ade878e89d75802d5d785aa03e33945fec |
| SHA256 | c2b42959303cc4f5c872237687c4a28f5e3eb0e4f000b71be898a5fa0b3fc13c |
| SHA512 | c5a355be9fa14bb7bb65258845556417043262ff3bb4205a87bd8f31e957aed1a2d77b1e252b2729472a3af3a9e8c69a35325d3591c58f84d965719798f7febf |
C:\Users\Admin\AppData\Local\Temp\qoMq.exe
| MD5 | 4ba6c4e123496b9f061fe8730c9bcdf3 |
| SHA1 | 90d02c26de518f7b698e55b6aff34b80230c3389 |
| SHA256 | a7c7bf8cb75ddad6e62f4891748712a8f9b09e7860ba1506fd6bfdf354c4281d |
| SHA512 | 0dff4c5a57343e581b46d93b36c6953201dbe62b737bca100f5a0ec3201a853613b475ec482580f24910fd7f7c88379c3371f6caa0852cbfac634dec702814b0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\icon_128.png.exe
| MD5 | 11a07d129ae63b31207b9a99a2dd067d |
| SHA1 | c60799ec72f5c22710acd49806fd88b4cb7ffb9e |
| SHA256 | 740bb5a52dd8da6a8853380e954b2b9f370fce65ff1eac8e1a20254c94e3244a |
| SHA512 | 65d32cb471aba4c63b075ef2abcfd002d304b76e846aa76f0a96cadab01630f01a3a99da422df514780618aac86825307c54b6c9d17d975808daa458a83e75df |
C:\Users\Admin\AppData\Local\Temp\wIoE.exe
| MD5 | 816c020dcc2b949ddf3be14c06f5d4c7 |
| SHA1 | e962d4896721716c333cfa8ac5550bbbec6c45d2 |
| SHA256 | e552ecf25a44ba6443aa9f60dd9054d5c3fc26d1add100e36fda4c942c9e91ce |
| SHA512 | d898eb68caeeb612b6aa10b66ff18403c5bdba841d86a51ace3c0dd4b5b42abefd0efc5f750a4515d85800f6b7e158f54f7576faa3a8de1075095bdae1e39125 |
C:\Users\Admin\AppData\Local\Temp\GYUu.exe
| MD5 | 5eaf9d23b1ee6e4379fb4f3a8278340d |
| SHA1 | 8c1191badd70a07dec045aa3ffe1bbaf5fd09da8 |
| SHA256 | 9c3eadf40dd8c965b4ea291a9bf434efbb5f0fa6a0f4712eb96b61dea30726ac |
| SHA512 | 29cf260a9097e924ffbf0838c59502a228ea0d52a7eb62fbf7269e6f8b3e802cb5d96a9a2e46db97071dd01c62eac2a98a3816d858d6c5cec919c065528a39b3 |
C:\Users\Admin\AppData\Local\Temp\Csow.exe
| MD5 | 934110e6490a42881f5c6a119a083f4c |
| SHA1 | 60083115f2301a69358a5e88f0a61509b4a8a533 |
| SHA256 | 8e2c36d489bb38154d0224c734fbcf1c8e211bdd4499dbc9e3105640d35098bd |
| SHA512 | 13e83019a88ce1f83b3b3ff1d43409cd3d371088904d7f7378ba9bd28efefee6e65957ddbf47fd7e3d7f0f27b3da3bf651ac2d9057adeabc4a4d27d4b6257600 |
C:\Users\Admin\AppData\Local\Temp\AkoC.exe
| MD5 | 6231684a5ff343f1653a8ce553643f11 |
| SHA1 | 314fc135bf710f04f2570940c0f4bff8cd4daa59 |
| SHA256 | e7664988f071d0e8e0d2bdada4bb3c17985d94fa745b41447ce8feb1c3d1ed34 |
| SHA512 | b54c3cf05937a4cfffbef935aebc5e0f7033933b0d7dfed6ddb640963331c7b0a0800f3b81feab5a055fe8371da11ffdfba7ad1a7e4dbdfac4490735497ca4a6 |
C:\Users\Admin\AppData\Local\Temp\AQUq.exe
| MD5 | 27db778067b53bff2d0e2bbf13791c46 |
| SHA1 | 3eeb1de87364dcff6770b55f480c2d24eda85585 |
| SHA256 | 924628fc07504bca52f2527f22cd291959921f88bfdb03df615922edd0098625 |
| SHA512 | 8cebb833735b475a305c267a461b6ee5497338462dfb3c8ac8119b756af5c562c95b00175436a55f92b3bf660aed40f6c44e3a53f47a3652add9d1dccca4d7ba |
C:\Users\Admin\AppData\Local\Temp\SUAY.exe
| MD5 | baf71461bc9c32af7b315890d87cdd09 |
| SHA1 | 31f8e8be453b82b89245e2f0283a647b8db5099f |
| SHA256 | 6daa7ce217fb92c0916aa22702e679bc920e5862bb41e73ecf88148ff1cb868e |
| SHA512 | 084d621b17ebac06125c4ffa50ae05f6a731944acb58d68c08cc9e31b83949ab8b23232d54254fefd97eaace8368a975d0c88c54f83846b139d074b275dc69d9 |
C:\Users\Admin\AppData\Local\Temp\akoI.exe
| MD5 | bec4c34a3a17f9e6a5d7f81a7620ed76 |
| SHA1 | 84e612063b7fee776c5831969952352ac37880fd |
| SHA256 | 760796933343fac4da06d4aeb7ae5c3d11be13a531a1dc14ac16dc40c5ebb08d |
| SHA512 | 8f8cfc34d46c76bfb2e641249f3278ee3d23b80e99c0d516835b9faa3e15bea5bbfcad77f49205797548dd3fa0bfe495699d2f0f87a829e576ffc71bebdc6ad5 |
C:\Users\Admin\AppData\Local\Temp\uwoA.exe
| MD5 | 534e2a62d7f23c38c496dfad7ca4d7cf |
| SHA1 | 5adb3231dfc372739de557a39cbbb52df50b4096 |
| SHA256 | a8800d3c22f1d4fe3d919593e8392195d3155a2654974b0520fe4497c4f512ae |
| SHA512 | 5e728f837a22e81db810174abde65fd2726e3fc095120e4ad6c6a488263d0b59ce4744542ebf23274aaa662dfe739b04a8c78e123a4325ae7b5e87b9c1b6aa99 |
C:\Users\Admin\AppData\Local\Temp\mQIG.exe
| MD5 | 99e1ffc113f4a541d826f0fdfc1c5117 |
| SHA1 | a92513dc7d77509da982cabebd91cd7575fa7af0 |
| SHA256 | 22c3e75150f4010a473e02be8475612af22b5c63ce29d226e8ef07d76fd93395 |
| SHA512 | 16f1e9c22d20bc2f209704c07c4caba9bec2460f15a275cfcc454e51c887d25e37086e7738bf395c485b1576224959b1cad5167839dbdd8908f82b315a91fea3 |
C:\Users\Admin\AppData\Local\Temp\YkcM.exe
| MD5 | 52efce47b0167698b00561f6b729187e |
| SHA1 | 023f0e3b516349c39c3e5f11236014f0daa4cf40 |
| SHA256 | 7a0965e63d4663a294bdc3456b2cb66d5792f1abd07d303b57cdb57ebc12f949 |
| SHA512 | e0a555c952888ac1651d23c7d9897997a337afa48ea6f7d7ebe5931f619d72ca45991326f62bc1e9fbdcddcf1cd196c0863c8042d169ec64a99dbbd99d8bd2de |
C:\Users\Admin\AppData\Local\Temp\CoIG.exe
| MD5 | 0f80f3ebc1a657d6768b115bbe29c039 |
| SHA1 | 996aa4045768b0aa673c3fa3e915fdbd3b75f565 |
| SHA256 | 60c1e4d0170ddb68ccbfd5256251a4deec485ea80f30c1b52558de3ebfd6deb9 |
| SHA512 | 50a304f49fa68cf9181e435d17117da53555014b7708b7075582e0e322448af298c21f32ff328515e392504d17d1956b59f21f9bd21b0f13138483c7de558b03 |
C:\Users\Admin\AppData\Local\Temp\WEMQ.exe
| MD5 | 6c15660aea312ce9c1452b9a7d2281e2 |
| SHA1 | 1110fb65a0b382c26464c43b91341b7e2ff8deae |
| SHA256 | dcb4b19def14a323d73e016d9b43a21df7f92a2a29904cf41f2639b99432882b |
| SHA512 | 6f3f0e172bffe6ccd53c24cc253bc76517d07840d6739d3ed1573687e173654d72dc7da30a564ee9bafc734a01ac1c8f8036531b342a4b6c13d89268473fab37 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\96.png.exe
| MD5 | c651d243e03cbf9b848336d7d23a3680 |
| SHA1 | 06f2377302158cf591ae1f287934dad0583e56da |
| SHA256 | b97783e9e667081cfc4a792913b6b6f87769fb6f86ff95ea6aef5a5ffb5c1295 |
| SHA512 | c5e96499e87376850e929050f91ad4b6ed7a9eff433db29eefe9a1ae70c539aa78fb80579c626251a160d196f11217e837762229a01001bceb2f6e908e93bf6c |
C:\Users\Admin\AppData\Local\Temp\Ocow.exe
| MD5 | 2df0e4f457ad941356e9152d55589155 |
| SHA1 | 0d40ca3ed6fb1678e97b2f66166d2d644a34d7fd |
| SHA256 | 9b66359369428a35fa2a3387c0ce79a3cf7f1cd6bea9dcdae14c12c67772e5d9 |
| SHA512 | 1e9c47bbbdad6423bdff3cdfa53760227c18ca008fbd3751ea899ed495894fa5de928e83ac595989ff69b86739f24f96ae4786f2c5c83848304b2b12eeedc7cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\256.png.exe
| MD5 | 396e52f08975a1cc2cf3f9afe3c68111 |
| SHA1 | a08fc25077a265e1852228ef73c7e1a9c4f22e0d |
| SHA256 | 20f4df24147fd68ead8b367942eaa0a1bf0b35c694b6caa4a09a0f404a22a645 |
| SHA512 | cc989d0250e0e20e8e8e36ebab2a0c332fcbf774d0f27c4bafaed30d69e5d29e812faee4cfec27944e5d7c5d18cd6fe57ba913ecbc7cbb7368d7cb4115e67a25 |
C:\Users\Admin\AppData\Local\Temp\gIgy.exe
| MD5 | 98c9ab96aabcf70329db463b66f1a9e2 |
| SHA1 | ea8b858002fc54203cac61655e91b1cce90d608c |
| SHA256 | f843faf144afd458037975816d9e006cf447799d79763144c5a507b6c49ba1e9 |
| SHA512 | ba955f4cca1ec3f2c2128422255912315423fd266653cab874dc57ed59201b73e58fc07895e2597764f9b27bee9dfcfb7432b7a49a9ed2c5ea7ff5a6f43d781b |
C:\Users\Admin\AppData\Local\Temp\KYYW.exe
| MD5 | 22c37e52613bd7cf257c1e9709e1ba7e |
| SHA1 | a6fc24876ff3d8458b6bdcdf43f492f686d5c850 |
| SHA256 | 3fa9443a1f3acc71fad7cae8e8aa000b33d962365a00c8f975a6cb8b2febbb80 |
| SHA512 | ca1cf9283fadef466a5c5a7f487d957832f92fe3646f69cdaa0bf81b06c252761bde5a142c2f93d72fdf14e6d49294045cc3e41b3db7dd7d1d1e51e54e86bdfc |
C:\Users\Admin\AppData\Local\Temp\EgYk.exe
| MD5 | 9b153143cfcc84f932587d192802e87e |
| SHA1 | ae486a98228697ebd05474ebd8160bfcf7535a42 |
| SHA256 | 686cfbceb6c1313a375c835015c589fd98c63101ea75639954c82580988b6d32 |
| SHA512 | b7d384e0c642425929a112e17398e3fd0bdd46138c49c75338f526685f8a7f90d1d527d4042f29c5fb1893a6ce78dd41d6ba3ab867b47c0c352a62cc01fb8725 |
C:\Users\Admin\AppData\Local\Temp\QMYE.exe
| MD5 | 04985676dafd137c5cfd9a0ee0579243 |
| SHA1 | eec35666fb5b59ec81092fe3e168fc3f6f0f17b6 |
| SHA256 | 89aef8784a84f1b7e3162bd029b8eae5714df8633ae47b52db052358ffb2d156 |
| SHA512 | 00b9709ae1e0f0c47d9aeb68017b814748f52d1e2ae8dc2844670e4f4d56f3b0790bc0f4d7a3f4dee16f08daf9954ebfb6f66eee7ca4c6a2a4f28061a2fa5dd0 |
C:\Users\Admin\AppData\Local\Temp\yMwK.exe
| MD5 | e6cdd61e72df55ba1f49cfb9163fbef0 |
| SHA1 | b759b5c27f1f0092a353df259b1674e15044c494 |
| SHA256 | 2bd0081662d1d787a1f1335a32c3a9848061b07a0cf3ec0075f98b80a3a0d4e9 |
| SHA512 | d7442c576a7eaa4db10ff2ff6ae9d3e517a58b6bbe9996e9af735d948a42221edccbc05190803ded09db518174ebc70d0d102a7026df05d778ad4cad62c23040 |
C:\Users\Admin\AppData\Local\Temp\kEQi.exe
| MD5 | 91fedca964679206483a55e42b1a1448 |
| SHA1 | 2678df6ce1170a9db4951e98fcf2794ea84191ee |
| SHA256 | 15d9a1db43c20819b85ff6b3b1bcad05e44abf9109b217b4c932650a09eeee10 |
| SHA512 | 6a283137423374507a6ae30e18064eeffd4056ea07596cfe9a3cc2183b4847048435c3e2c012d14dbb7deb78c1ecf4caa29319f3f2ba668e7174c218e1c92249 |
C:\Users\Admin\AppData\Local\Temp\kIgc.exe
| MD5 | e70a38189320259ef1753097a7a8c465 |
| SHA1 | 9385a89d801c7b440d022f75d95db7adab1762d3 |
| SHA256 | 83afa5d31169d82fd42b41e71e45d924aa195eee26939c6f63b3ad73600e1b92 |
| SHA512 | 315452d4d35c74e3c2754f30cd85db3c08b92f32ad474ef1bf6291b86f3157c5656c1969665fe57e9a519aba312a6ab789da86ce64666aa3d83f947f9f5f9219 |
C:\Users\Admin\AppData\Local\Temp\ScwG.exe
| MD5 | b9adefcfc521a80b4e0157ba670b488f |
| SHA1 | c3a5b53cb68f26f4243af41c916e1513627c9702 |
| SHA256 | 51228a8e4ad081b7cc5f7b2547e87f63f57c9b0bc1b4af6c69205b2115b9d5e0 |
| SHA512 | 0422b30d057622bdb1cfe579bab6d60c6a87227ce2eaa8076497c291f1dc187c046c8c073d5b714ff3da46debd419ae2fde6ca0dc34d70dcad4eabb25d8f1a45 |
C:\Users\Admin\AppData\Local\Temp\OYsW.exe
| MD5 | bef508dcbcbfee3c80105501f22cd26a |
| SHA1 | 56166c1801dd9175f661ee5498005d31db0666f4 |
| SHA256 | 44a7a750d7992e17b58bd242b802e439e99f89491e4e27dc026aa1c581fa3851 |
| SHA512 | 46e8ca85bf3b307e63c14d6752c9c156f80e90cc1e383f1a61b4195ef30b1a8b4278271c8bb81c3b2f6aea593210f4d96629f38ed9d7c00adaac5d9659ae9e94 |
C:\Users\Admin\AppData\Local\Temp\CoMq.exe
| MD5 | e3729787eec9c9d2c05c36f12316f4be |
| SHA1 | d15970929fd8d09500341721ff6d87550d91a000 |
| SHA256 | b1456c643c4b506265c44643eb83df7b88a44a7021e260cedb57c1bd366f1f0d |
| SHA512 | 60ef2449d07294c41b9bb3b399dc3e969ca4909d4da63b633f388dd81177a02f2bd66a75a3c24f4e0ab3d31cb0f7a400c7d9c7bc258d789d3a3f09527031be0f |
C:\Users\Admin\AppData\Local\Temp\SYEU.exe
| MD5 | 6ac1238bdc94990f9d016e8dcf9cc71a |
| SHA1 | 6a9e4b75c8a1381cd3c84aba95ddf3728ff19f19 |
| SHA256 | 4b38f5f49ac842d745dc123112e9b7df8a7a6e3dc33d3fcd9b89582117c6f505 |
| SHA512 | 34180173b0f2872cb69a58a069183a3d0592a0dd088e28acc3db573fab609a388e1fd5552f51a24c889d9f42f7d37b5ad9fd44aaabdf247147bf5f9dbd9cc8ca |
C:\Users\Admin\AppData\Local\Temp\sIcI.exe
| MD5 | c51458ddf8ea594a7ebe9d9650b584c2 |
| SHA1 | 86d6285065c34b035eebe7ea72d2ad72272ad5ec |
| SHA256 | 99e1cd32384a5b1cfdc58487b02d5a5c702754e3cc64363d5b4fb65a72fbb47b |
| SHA512 | f7a2eba83ef840a431fdc97870e6f563631bf49ccf5d7924405a7b64c58b5a82093638ce78f7ca34567cf36e160b6be201e982d630342aa790b9d3b9c4b5fd05 |
C:\Users\Admin\AppData\Local\Temp\YIoG.exe
| MD5 | 7e5017d8fbe348aabe42bbe892ede117 |
| SHA1 | b36ae025282b9c50463077d8f26d2fd4a6311752 |
| SHA256 | c216c498f18d433d4aec2758c2c4aecabdc5901a56d6249ee4d580532b72c311 |
| SHA512 | d3e8ec5dff48a74db939857ed1fcbe9297994f58eb4ea6572654c6462ac0fd655ddfdcbf031f3fdd6194b470eb56a0a42b254b5cbc5ca3e547bfe820a447bcd9 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AppErrorBlue.png.exe
| MD5 | edd3e0f359bc8f377e1de49d6a9686d1 |
| SHA1 | 905c45f292fc6ec22bf379ff875eb7a7ce5a8bfc |
| SHA256 | 59fd8ed9baa05df50a9826dc32d8a3e122df5286784816394cc7db71dc74e312 |
| SHA512 | eb648f2db80186b2da7efbfb4dc182c037932be4bcfc2a97a5e122a50ec974b8649c8389d8cf5e45e275a4d3a9de78c64a207bb5579b5fbe131770535264e69b |
C:\Users\Admin\AppData\Local\Temp\kssK.exe
| MD5 | c5edb7f6f5e4c1b1d842803d2e84b7df |
| SHA1 | 979c8fd284a789323046dc4cd942a98e88757bf0 |
| SHA256 | 414d94a0447d768bb53fb6bd1b0b2e74cc8eb88a9565819f569439f91e6819cd |
| SHA512 | d281c9195f990d4d0a94cc3d2202840b826b7e461702f4b18d95878824124530d28bda00e11c5c7e7db4446a33e0129ed8c91e4e22d8839bb906982f20f41f77 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AppWhite.png.exe
| MD5 | ff379da5ad4f175fc0d2aaddd224996d |
| SHA1 | b636e669da7674e6e437121d01567626c039c50b |
| SHA256 | daf967a673fc8e30dd348d438db39f1f781027cce3ae5c735d006bcddf57cf48 |
| SHA512 | e90b3b5c10ee1edeb68fa0594679111e7a3678e90bfead5262db17ac7ff680c114e367cd8db23fb4e37d65d9c7335953d3dc7544015611d399f539bb646a95fc |
C:\Users\Admin\AppData\Local\Temp\qsom.exe
| MD5 | dbe9fc0d9090d7a20d07b1bdce0384d6 |
| SHA1 | 339763483395232ae0acae02075080d5b0fa5d6b |
| SHA256 | 698a1b23bc0a47702fdc1fd3585a36bd2512e5f1f0f1bc8962788ff1b2e791c8 |
| SHA512 | 455ba18f7667bc9ffdaeb56b5fbe3e12058c87e970c7cdf9bdca6642bb94802d2b73135b60e93f90f4721297eba4898cfad819f6b162c98fc9396fa5eee53f22 |
C:\Users\Admin\AppData\Local\Temp\okcc.exe
| MD5 | 9e056992c1afb28ddcb3a99ef15657cc |
| SHA1 | d1bb1023fea34422ce94ff2f6e86af822729d5ee |
| SHA256 | 1e55f6622e3aef363649563d72e08ac4bfddfe066ff834b2bf63abf27ebcf440 |
| SHA512 | fcc0818f7d4626929482fafd9f479f888945a0d241f1697d55ad457fc4d89ff4ee051a4eecf36b19c1751eb3bea830fc79e293b5f90c8822eb2bf08fab47fffe |
C:\Users\Admin\AppData\Local\Temp\wUEO.exe
| MD5 | a418821328025f3db36a17fd5e739ff3 |
| SHA1 | b4098220f277866ac98f06a2150694527600028d |
| SHA256 | d6157a690457a0286485b5962d6f9b97ded7007a077654910716f515d3f5fcd3 |
| SHA512 | 17a121d47d0da896be1b1826bcb3726164a6b4ac5ae6da0cf66eaf31c6f2060aed536b31e189f118bceaae377ed5067ff628f3b03e659dd2cf22f141ff148ce9 |
C:\Users\Admin\AppData\Local\Temp\YAQq.exe
| MD5 | 427daccc5e45aadeb9d238b8b0b17925 |
| SHA1 | ee0c59d325960d9e86ce056f1c8b849079e77c4a |
| SHA256 | f32b38e652c556a5b5080da29129f2f764f08e4fe29490b7a6df44118737d4fe |
| SHA512 | 5332f1871a5367325459a685a73ae0615af081fbb057bbf1220e05f6f6453e6cbe47e28d7ff0db9e527ec7a2024dd2b6e5e77e00cb68f18a60e09e653061e9bd |
C:\Users\Admin\AppData\Local\Temp\uAEi.exe
| MD5 | 53d5e84620ae6d97dff5fcd8ed3e0ea3 |
| SHA1 | b5eaa3dadadb71a8daeaeabfd3cbc0c1df14599b |
| SHA256 | e3efa4ad29ab69c88da22227b29568b27b5b1ed6dcfff8fc3dd2e26d9e14f971 |
| SHA512 | 9cd5b39373d57d39ef95792e939482b7e94754bb0ef3ed031f251e479840625fe604de2c89347975937d01a617d9a1575f3986b5a947f8c8424606d49555faa7 |
C:\Users\Admin\AppData\Local\Temp\acou.exe
| MD5 | ba33e42fface7b6e8c3a2c499d2b0927 |
| SHA1 | 342473d705dd97684dc9db807b928e336d590dc1 |
| SHA256 | f964fbc680769de40287b52d3e35e5878a5b222789bac67e7be5bb0677a19b3f |
| SHA512 | bb02bb49a5812a36058c5e416317948d5eb2fa8c96829acebbcac807347abc1ce128b9e4fbd84b9787149877c0c460432010dc44f715dad4ee3493ffdabe3761 |
C:\Users\Admin\AppData\Local\Temp\aIgI.exe
| MD5 | 69fbed05f2f6dda34ff7ccd8509da5ab |
| SHA1 | 1bcde08faec5645c889f9354af720f616db7bd1c |
| SHA256 | 193e10d2ac24c265839b623762589e1ac67a83bb3fc4a7490a97563eddae0903 |
| SHA512 | 9b21f6913d4d3f267e55221bced608103edbde7df3defb5974036810d014b6f699a088dc74e527523862bfd10c1db54e4be2a28ce770544650dd73b8d0bba322 |
C:\Users\Admin\AppData\Local\Temp\AYMs.exe
| MD5 | c5c364c09f9f938607926064ac1c04a7 |
| SHA1 | 90dabbc267c1b8f9ef76eeb4d2b9a9a811603ffb |
| SHA256 | 405b63f1cf4f0ddbfa565edf192b2c854644595e777d26b6cf56f10a9a14f228 |
| SHA512 | cc447cf9da490e99b02ce40a0c6995c50cb616a6f30138613276877fe2017997c6a4c2e2623e9f97356d6bf94c5b14b9c863ef8a6486e59b37f4728d6c605f74 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\OneDriveLogo.png.exe
| MD5 | 6065686829f964785b0ac78457815715 |
| SHA1 | 1bac2d82a4392acf259a7cda00515854f4cefe12 |
| SHA256 | fa786c59171e35730c567acb713318e675e09df287ba3b3c2cabdb981d15ed8c |
| SHA512 | 2de8428fc1ddff9f999b45afb5724ca0b1f7ed86973037ffcd20f782975c57dff32404727eadcffaf96dd201afddb3e79b6ffc86b538302f07127150389d4d88 |
C:\Users\Admin\AppData\Local\Temp\UUwm.exe
| MD5 | e4056d7901efbf2a207c825ac2067919 |
| SHA1 | 96e8729547d2dcb5ba36efeea57b41d13628f82b |
| SHA256 | f7076e3051249c1831e5c29ef8a717067f0f32ea2a114edc302741b3a616c175 |
| SHA512 | a5c428a649450336055379aeadf2f0832d669dd10cbd953512fba2fc3254165de6a6a9ab97a58ef8553fca0b071ce457ebef8712d157b23de01d7749ca5ae3cf |
C:\Users\Admin\AppData\Local\Temp\aEsW.exe
| MD5 | c5c6abef029891cd22ec2c29b8ed571b |
| SHA1 | 8b9a01661d1c3acc9ee2da87914a29ba2bc1ba2f |
| SHA256 | 8f0d55c72ce7b43897e107c7d8c7fb2ce97d44e3af1197a286c0c442cbe20d5a |
| SHA512 | 97da890571293ef00f763ec1d9d7ebf56ac44e4cdf82097ce7402a761f06e3efa0094500663edc01cb39ce0b63abd8c6869b5fe322ca4ff9f2d686d676c71863 |
C:\Users\Admin\AppData\Local\Temp\ukIk.exe
| MD5 | 1f563e21170dfbe5c9a2614b0ce64cdb |
| SHA1 | 4612948341de6256cd9408a423c2576718a0e7af |
| SHA256 | e50431e3e4ea0f774bac0f7a5d4ab0f7b8b72e06398b813e01d46761751d26d0 |
| SHA512 | a7991c4441fa4ac99ca1c066c64e7437452430fe8e9f3c82d7079fd14703ba428d86a5d1d2099e630a86b5b21b953da4c551dbfd75f4a2823826d413c4c21f76 |
C:\Users\Admin\AppData\Local\Temp\uMEE.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Temp\acQm.exe
| MD5 | c7231cf9e33145bad7dad06e47702ced |
| SHA1 | 387a65e3e5b5b62b87cff22b5ce22d8b8d4e3b0c |
| SHA256 | 8178c846e9d79464390b0220b4ddb5ad4d1cdf4b966000428a59de78efe80087 |
| SHA512 | c3da6932fed65fd955b59d5b0f79e7cf97d83bc2473d0ef41541c1727a73ed506dce1496fbf192d1b591ff2ef512e3d0a19b922cfc445520b1c407e6d02695a9 |
C:\Users\Admin\AppData\Local\Temp\QMcQ.exe
| MD5 | 989dd93ce66383b4e2ea5df575f89070 |
| SHA1 | 81a41affa6daea09b9cc48e500624a23ac5e4afe |
| SHA256 | bfeb79377bb0ad7bf904d4724a9560cccf148668ee24ee0bd206198096983a5a |
| SHA512 | 24358f3ba44ba27578b2332b21cad48d693b1ab0d3bbcf5e00cd8c534c1a233c3929d3d831efd832c59476902d0426389104af15e487626ff180b19a6dbf4cd7 |
C:\Users\Admin\AppData\Local\Temp\EMEm.exe
| MD5 | 4898038ebb091f360250cd70c93a09e9 |
| SHA1 | e75b1fc91eb632723e3b2be9d652fff27c666124 |
| SHA256 | 2c67febacbc80180fc0cb2239447156e0469bbf8fe2ef8cecfdb80af9ce53c04 |
| SHA512 | 2e6405dbb8767aa822f1f4f8ef873f32436a20aff97508f520cc5b41e50debc7a50a08c92eedc5823df6e87006985c16271985fa184cd7b415f0dd502d3472e8 |
C:\Users\Admin\AppData\Local\Temp\uUAk.exe
| MD5 | d2ecfdb86976c85e6e94ca4dc1b287da |
| SHA1 | cba4313a8603c97d54d2cf8f44b186c99308984d |
| SHA256 | 98c5a29332e7aa5fa1ffe667212a81df8d2db0295c6b9cdea1d9e0fdb07f12c8 |
| SHA512 | d732da0f0d53cb13e45918dae15f120c043c7bd0a46ef9dc482758aa2e42bfe26bd45584a34cb7bf419f63d5a81c3dde0540ecd22b1bfc2d90cb48b5dd15e4ee |
C:\Users\Admin\AppData\Local\Temp\YMow.exe
| MD5 | 8c3c96ae2e76eb49e6aa8212247947cb |
| SHA1 | 85abea128c6eabfe7a3e88ab0242537dde414130 |
| SHA256 | bb3fba3c478e88d1483245a59866839cbad4434b584802deaf53f5e225cb8cce |
| SHA512 | 3a051b777548561d3e36fc95d5275e761a69800d7e75c29338b8480a7d1ca9bda0e0a7255e94fce7dc48dccad82897e8725a13ebe8b8a4f2cd824143bc882f08 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-400.png.exe
| MD5 | f3b2826982d6b97d6e961622258ea9f0 |
| SHA1 | b7b8130dcb35f760156c0f6a6f342e99e41f7324 |
| SHA256 | 253350e65441637a760aa78416a8975f97631a20e530747101aa98e08e46c56a |
| SHA512 | d15806a2e6fb96cc79c5bf0f9db88022462e4c9f0d4a1ab4e9aeef1d087762baa2e2bb035a6ebadd00985acf6a622a28d23428ccad331aea1dd3de7375437df2 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-400.png.exe
| MD5 | 277311a2be48bd4a425ad5581a493e88 |
| SHA1 | 9e28080f4cb703d222a2dc7b1e7364b49826ceb7 |
| SHA256 | 2b4037e0bc4023a551d127db3852aaee375567836f32f32624205bc1aca7d356 |
| SHA512 | 547c7adcfaecf444db2c1a50b11d59552d364217186e9c89f32050c84b9d1e859184f33711e72a03e7c66e2097df8984a9b05c91b965686e16f9a5634b4b2309 |
C:\Users\Admin\AppData\Local\Temp\WAwS.exe
| MD5 | a8cebe845b7b754eff6e50dfabd94e4c |
| SHA1 | 96756872c436893129bf4460f736121681a52df5 |
| SHA256 | 15b1ed7e4d7ddfe9143207bb891c5ed1cc2d0e08803539eb4a2f0fdbcf9b7b12 |
| SHA512 | 504477c24de7ef06097d9ca8d38e1b1881ee8929e17fb761d5fe79d00e2d3ac946aee3ca4378100e10445481099f646856f71bf8e183ba0257a27502f69871c5 |
C:\Users\Admin\AppData\Local\Temp\UsQm.exe
| MD5 | db7b994add0c2772afa6131cec231dc5 |
| SHA1 | 37f00db6c6db2668839cf3ba070cd9e04a90b935 |
| SHA256 | f572a99481934c2e8c86c3b9628064acf74b2bed992508cb59eaf7a621164606 |
| SHA512 | 6bb0c222247e2e642479b6b6089111537960e4e2f319fdb012c46f6f794ebd28f62a26016325639a5178459b6eefdddd2f42c62eeb01edad44b8e8744d18d432 |
C:\Users\Admin\AppData\Local\Temp\yMYs.exe
| MD5 | b19821327b6a40e7ebdd720ca2d516ea |
| SHA1 | ff762e7cc71c564b9fe63c80caf251ea7ac7515d |
| SHA256 | 36bb6515078a75e3d62e2f7f12a0978183048819d1a446d8deb190030fc69260 |
| SHA512 | cc09dfb137fe447d2ca3e9d4ecdad515faf48a2dce0948af76d2db02aee3348d8a5b5a2e9b6bc1bc26d04c5e273dcada1ad35993f5d7b5efdb42ed0ec2e0cf60 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\26310719480\tinytile.png.exe
| MD5 | 0fbe3dc0abae86d6c1423cf098cd1a20 |
| SHA1 | cfd2b7401e159bbcb35cf9a54a01219550b852e5 |
| SHA256 | 61bf40c9653c74589e420f2c73397e5b73b9b4c125d87b75db80d3f553dbf464 |
| SHA512 | 5117c21ea119ec0b8b5bcbf99cfdb70ca1d64b199f7c9d32ab739f3db4b4fca3562b6db5bd3b7b35f3c7f08e452035263b2111fce4af0f49cc8cae8f5da956f9 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\38975140460\squaretile.png.exe
| MD5 | 6bf2c63d8c1b0dc8b9570af9ac9ae430 |
| SHA1 | 093232f792813533ce3ad56ba3ca94c29984ce0d |
| SHA256 | 7b8bf89f5c6f205d451050ecd9beb308261746fbacb287d65de86625424d2086 |
| SHA512 | 4451041913a1e002634fa6297d906c0bd5e5e18b7c1e3d187e1db259df0df5a3ee3a4803476738063d0c620216b6c4b60ac8e1f884ff96ca077604ca93e4a10d |
C:\Users\Admin\AppData\Local\Temp\MoYK.exe
| MD5 | 19a4592623b0afe9d01b6fbb119202ec |
| SHA1 | 9a85ce9330c2b3acd9dbb626dcf6e71e389c5606 |
| SHA256 | 4ee48b46f581ea9c59a96d84de012ac24f6240849ad7d4d69edde14a89112e5d |
| SHA512 | 03aeaf43e1f7e36b81dcc85ddd8ce42338c18b9b132141f9023332345198bd2fe742529b3d5250f1cef47a347665a83272ac1b8368ff93c66fbbb5bb1f4e5abf |
C:\Users\Admin\AppData\Local\Temp\csEE.exe
| MD5 | 4713970e809c4a0b121383e7dfe791b7 |
| SHA1 | e162a8e5f9bd59156d6c27edaba55de23245ad0d |
| SHA256 | be58ec25719ba3124b3bb8b4871d2298db5f165f43ce6932e83aa5973483574e |
| SHA512 | 2f6561b3f4b5b0dbc063ac23d4051e87534f0ad4d4757fd68b42c424abfc82820b1492f87b670b762211f7eafb3bf4c0ed46db927d6e88e084363b10088e7165 |
C:\Users\Admin\AppData\Local\Temp\MwUa.exe
| MD5 | 7ab87b27497038f964d15feab8635203 |
| SHA1 | fd23b74501ce18faf8a3ff9783ff86d2e90c59dd |
| SHA256 | 3bdf79310b42de1e3e1a5c116038c585a246288697b3535c571137e1b1888c5b |
| SHA512 | 0f931002bf32fb7fa656beb6987dc182697720ee607cf10576887dd0abb943ed89e313fe6f05875627228c5ed4aa875b5c7fbf01611e93981a31af497f742553 |
C:\Users\Admin\AppData\Local\Temp\SUYy.exe
| MD5 | 918afa8d2430215e121b91554d35764d |
| SHA1 | a691f12c31bff4842af45c55ff1e6748ad9880e8 |
| SHA256 | 76e07d85a958e268462e898403e81eb64901f05efe6063718dac8c5fad56511c |
| SHA512 | 3c73727719e5d7e1af03233732f89b3571d2af59d45e1e78899e6f065562c95e3c9e11f49da0a486845dc0a416b63fc756d4a9d06c23eb6951a031868a2d5579 |
C:\Users\Admin\AppData\Local\Temp\kMYk.exe
| MD5 | d6f95f887a5dadb5746b5688b822e627 |
| SHA1 | fb1b051410f1b9b9bde1b62131975d98053971e7 |
| SHA256 | 8693bccc4f3076c85cb649005ed213977e8beddc1fa13cce709b5a353a1d4678 |
| SHA512 | ae3df74689b1c949a7717b8404be15798324692c8ff0ae8038d3d47bff349e32e64c547852c5f31768aeca6e94eb93ce8d5000393afc2ea1731dd29df945018e |
C:\Users\Admin\AppData\Local\Temp\GMYM.exe
| MD5 | 4b7caa8e5d251708767f43ad65cf7722 |
| SHA1 | adf6f65e434db73ab4fff3a42d5564d68ede35c8 |
| SHA256 | ec335cd813c87118d84c12b1645ed9d73f4811b6d58702c12273b846b6d6ea60 |
| SHA512 | 701388b7db55e81182ebbf591ababd6ded3b898760f6238beceff87cec0a45a0f2540d803b1c55f312409a2df9c2bd805f01ada768c4e7bffe24412e7a31bd14 |
C:\Users\Admin\AppData\Local\Temp\OYYU.exe
| MD5 | a29a84ce9fd92775944826874799092b |
| SHA1 | cb59fc2fa262bd14a6fcab651745e18151316e1c |
| SHA256 | 4ad71006101c1569c0448083317fa3e5da53c2e292ce78ee48878df5bbc540c2 |
| SHA512 | b476a54b41a5a500b4ee5905e2630c5fabfc8d7994b273bf3e5e8e49867b1e225c2a07aa154b58cd46edec22d2a619b47898e945175d42d906f93ccd260a71f6 |
C:\Users\Admin\AppData\Local\Temp\YsMY.exe
| MD5 | ddc314760b11cfd86787ff27111de89c |
| SHA1 | 647ffe4f890808bd6ba0bac17b752609febd948a |
| SHA256 | a12711b0349a22e9af9ed06d339b30df6acd4dd69701298c2c3083fe2a95188e |
| SHA512 | d7bf2c7afbde7494f3d5d249b1e7ef8535ee07b5a0a859fe1eaa47ca9330918413c5c1a19537a6a37ef1eeea684416485e2f11a588ecf2d7abef92137b2e6d2d |
C:\Users\Admin\AppData\Local\Temp\wkUw.exe
| MD5 | fe977603b5d2ad9135823ec29e2da3a3 |
| SHA1 | 224265b3869466a0be2299a7db802de65c485f75 |
| SHA256 | 052034099c7eb163402fa563e1a97b1a0d58955aaf0a76020552b93c50a273e9 |
| SHA512 | 4dbd23f1ccb8657e1c88680ae1480b7cef04bff6054fd370342e1993157640b81f7aa47c94ba5da4ede1264f68491f009927faa4dc00544ef9c729d306befe38 |
C:\Users\Admin\AppData\Local\Temp\KoEg.exe
| MD5 | b349a2cc724a9317de50966f079cf698 |
| SHA1 | 829cd2956ae2048124321cd0efbfd1158d11878d |
| SHA256 | 7d7705712bad6ffa3fda3c2f1d5a241873bd8f03b705621e665e4af06da81031 |
| SHA512 | 26e418c2d0adc7e8829f8f70113e9728374e4199a059dee8ae5a450390a1fc5f2a9d7e25b41e313671df65d3dccfe701787c72a81187dae2ed2eef2ad9fc97da |
C:\Users\Admin\AppData\Local\Temp\AwIc.exe
| MD5 | 6475b5b7541a1e505ffd6c2c8072f334 |
| SHA1 | 9c6c00b78dd7b0c6c570fcdb2b742c6cede66786 |
| SHA256 | 54c7e7cfe269be70a5ddcd07bf36bfaba0f625059f9d8ea9e9352b305122e98c |
| SHA512 | bc3843c5e3b56cb260721f39bdd976f580156852788a70e9d29b882fd7699858520342ed52ad22558c6f2f5f72173aec98b02d6e905109022c68eb59e7d20313 |
C:\Users\Admin\AppData\Local\Temp\soku.exe
| MD5 | 5b1130cd6ab36ff3386f73d802dc2045 |
| SHA1 | 29b81146a4f5c091c6540971fa8f8132c5c478b7 |
| SHA256 | 47cb10cf37a408590f965b8d1735e63e7dfd2426a46361ada36df6953d935057 |
| SHA512 | d44b86d33f8862f999e02090a6c97ecee1cbfa360bfe16ae48f6b5a731e7780d653fa05c8f0570a6981397fc9559388003145f393f2f16c127ba9f09c9dccc08 |
C:\Users\Admin\AppData\Local\Temp\iowG.exe
| MD5 | ec5f844c079543f7c944accfaacc0bc1 |
| SHA1 | 6a6acc1f2a3e858dbec9f8f92762081346141253 |
| SHA256 | 330752524da5387c2f73e5ae013d08487bdeac544f0ef118a3033349e7705a10 |
| SHA512 | cf0867ad21f4bb64ce2f4dbd454b49b920c49cfde2e1043e1a5c345a695dfe8245e9b95134291c338e960051c5450145e488aab94436fa5db8658937b5c7730b |
C:\Users\Admin\Music\DebugProtect.jpg.exe
| MD5 | 079dc56fe0ec7c97849df0735de3fd85 |
| SHA1 | 5e192f30c0383d69ca3ebe9d79707d4138447a4d |
| SHA256 | c86a9e5c85a5d945bed16558f203a8fed4328b512fd0b8e60c78f7a734b6ad76 |
| SHA512 | 16aab3e25e695c82fcc6fa4433bfd60ca6ae31b5d87312ada345328efd44f49c90c493924ad6044759d923ebec9cdd73d1f194a44e7811ab079a5f18063cdc93 |
C:\Users\Admin\AppData\Local\Temp\QUoY.exe
| MD5 | 35b199fb030d31f7ae51bfab27e77952 |
| SHA1 | 32dcb69616a2849e22f375ed4ccce9ecef13f545 |
| SHA256 | 72713529090ecc794839e23c55fa1721a318d847dba81572fea202569157fe8f |
| SHA512 | 3e97957b7dd3d6926880789707c1a81c73c3a9e61b822a8fc21be9d9c977e883c739d98cc740121884f39c7736c17cf1ec993450385e6a1faa2f620d710d81e5 |
C:\Users\Admin\AppData\Local\Temp\ikkA.ico
| MD5 | 383646cca62e4fe9e6ab638e6dea9b9e |
| SHA1 | b91b3cbb9bcf486bb7dc28dc89301464659bb95b |
| SHA256 | 9a233711400b52fc399d16bb7e3937772c44d7841a24a685467e19dfa57769d5 |
| SHA512 | 03b41da2751fdefdf8eaced0bbb752b320ecbc5a6dbf69b9429f92031459390fe6d6dc4665eebe3ee36f9c448a4f582ac488571a21acc6bba82436d292f36ac5 |
C:\Users\Admin\AppData\Local\Temp\qwIe.exe
| MD5 | b164b8a8fe8f4f96b30159432f9f1238 |
| SHA1 | d27432797f0b7ef3537cde071b732cf0ac975f21 |
| SHA256 | b79fea48bcf9188b0d1ed0d24b7714c86e6b84854eecd15ac7ba5923b441f232 |
| SHA512 | d441122d4dcc3e3c747c6ab7fda6e75d9d8bb22ee461ac68c620ecd916bd6bab3dddde52c7cd16d02a85204f9ef3f6519bb5b24002b19ee33ad48e140228c70b |
C:\Users\Admin\AppData\Local\Temp\UQQm.exe
| MD5 | 905a896519c2ec51b235ecbb089b424d |
| SHA1 | 49f550532199414371bd4b7b36c71022bb1515c3 |
| SHA256 | 764bf0204b77128a596170e1a87e88aebf6b65339c3a90b6abf53fa818fc9d62 |
| SHA512 | e3d30c10f70c6a57416b24c282a13b87d7635f10ee34da7cad27cc71684421d8b62c1ad2d1ad0af0b6f2e56293aa9aa262b02495dad873a04f2e72da69fcaac0 |
C:\Users\Admin\AppData\Local\Temp\OwYa.exe
| MD5 | 414c10d209ae72dd7e87c2500c22d6f8 |
| SHA1 | 23f36c4121b61a19b1e844d82e89ff3c6405fa04 |
| SHA256 | 6f5a28bd71e576c58a66581d36cdad92b4e49783f4c695af20419e01d84dfcf9 |
| SHA512 | 5d391fdbf055762ca22d3483f40e7c12a26b4462808ec13ef1b218b76eb7b3b576f914a362a629c958c2be6c08e55d93d6dfce92266fec57df07d776bb6c0151 |
C:\Users\Admin\AppData\Local\Temp\mIoI.exe
| MD5 | c2ad5b4c8c3c89b05aa9e4e20c19a40f |
| SHA1 | dcbab1a8a3a8d826bd54e4aaf942f404afb04f1d |
| SHA256 | 6445e5e9852625aaab39c937755c314653fee6bee253bd1c8ca459347b222a5c |
| SHA512 | 43fac4689aecc090d03d18c520e618e178fd11879fff48506591ce0c3c61924251af270c6b16f84744aee91d913e5ffd9f9c20555ec9a1caf386ead53b3e2a84 |
C:\Users\Admin\AppData\Local\Temp\CsQG.exe
| MD5 | 320e0b7d07c09fd9b537b8838512c785 |
| SHA1 | f5b641237e5bcb59e097490af283fcb726ddd95b |
| SHA256 | 96b579887d27c5dc557424768afd42d6405cce4b1bc3947f4fdd8779f32fb122 |
| SHA512 | 6d72ecb5b0a25796475aaa06b038edfa897bdebfa45de5aaf8519382e24d3230401eb98660c8e33f779981bd4d954d4da542df8bafee120f21b3bfbcd137b99c |
C:\Users\Admin\AppData\Local\Temp\GsQY.exe
| MD5 | 39ebc805543b6651cba38827bfa7cc05 |
| SHA1 | 7bd6d2323f1bf3e270b8f88357a51d0a9e0416a6 |
| SHA256 | 7794f834e6eb478bf68d4102588e1a502072f354bed8dfda511aabdb73b76a1c |
| SHA512 | 45a6cc881de61f9a9f1b73954eb9a8a56c6cc0e96446b711ead85e08a46a8552b43318aeddafce3d5165a3b5658c271857b4d01de0b43d0af988d15be6067830 |
C:\Users\Admin\AppData\Local\Temp\CEIE.ico
| MD5 | ace522945d3d0ff3b6d96abef56e1427 |
| SHA1 | d71140c9657fd1b0d6e4ab8484b6cfe544616201 |
| SHA256 | daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd |
| SHA512 | 8e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e |
C:\Users\Admin\AppData\Local\Temp\Agku.exe
| MD5 | 6cb3da42c90edd1a72fefe14c102443f |
| SHA1 | 4f718bec941dd084f7e66da6ed5693e2d690ef93 |
| SHA256 | 4ce042c72cf6e37e8b64ca6c7f2ac8ce1744f4667656941c321850966c4a6e72 |
| SHA512 | ea85b950aa2bb8a3ba681196b8d28b8114e4c3a4474f44430700a4f45aaecb84779f092849d52d18bb28897d1534e6af6246bb7bbaff9901da59680ee346099c |
C:\Users\Admin\AppData\Local\Temp\UIgq.exe
| MD5 | 30348c68729a0b17ba747a91bcd6ce06 |
| SHA1 | f0db950e229592d44900f0723a4f50f6bb664318 |
| SHA256 | 362f06d222577247ff4d3eafc4b1783d9411d8e622b6d1c1bec26684753dad0e |
| SHA512 | bdb69f3a4e50b9de16cf424bfe07bcf6f5bd2684e94ab20130ad96ed779f13bb471602ec5d675947e74125fc4b1c8e739487b813db9f066e71919b904dd38f1f |
C:\Users\Admin\AppData\Local\Temp\igIg.exe
| MD5 | 8257cf64434718766577f910f35ca080 |
| SHA1 | 199b9c857fdcde156dd957d26c38aaa54f7cd7ea |
| SHA256 | 1c06230575b0b9fc302c9b0bbb514227426ee2653ea21249c47408106ecd12d0 |
| SHA512 | 2a0bb2efb6dad8b86b9a06f3457e59270cbdc13f2f33b049ff3b92198bd3b7e46b74918c932ae121c3bf48a7848b444ac8dd96b0b0b54197c8eb4e98140274f6 |
C:\Users\Admin\AppData\Local\Temp\mYoU.exe
| MD5 | ef77b87bcfce6f0dc52853e172fe7b4d |
| SHA1 | 0a843ddb7453f137a6d7164700e1b35e7067a6c5 |
| SHA256 | 441416590afb032869a986ecb9f7efdf9f0a7c73c1007ce44ae9ad6044c45aad |
| SHA512 | 082ace5e8c460da28dc205ddde097b96789b86c752cc5caf5317f7cf67e5497b56b524acbcf3bd7260029d3abe50a2b8bef40bbd63882ca476b27bc33b9f21ca |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe
| MD5 | 881c05aa6674a8b085e2d312308f667b |
| SHA1 | 3f5d3cecb569168d7a0dc3c8d501e8b60c5e69e8 |
| SHA256 | 1ff65c5ec69bcfa581795c3d3ec153ce0978367f57e01e68d656b6bfa34e4232 |
| SHA512 | ae8bf66daaaf40a63a3712a4b00c59a5c531e1ed425ecbbb492d7c7e04c53a9d99a24387f434dd5fe291c28df39ed55c5fdf5471efeafe08e65ab90e0dded694 |
C:\Users\Admin\AppData\Local\Temp\mwok.exe
| MD5 | 84712fc052fd52a3db3ccf26b9d2657e |
| SHA1 | f7c878c9a50475798f00b6ecd353bed6e9b3e101 |
| SHA256 | 786463ac12b1bdfb40fbfc2e67e6ea1364edca02b45b2de87586496262bc0fd9 |
| SHA512 | db0d1a1a454b96ca2799a157abb7e6497d25db261a56b92f3c63636be638b60e0c6895563b9622632909c00a115baac235d35b133e309e44a5d780f0f9ec5058 |
C:\Users\Admin\AppData\Local\Temp\owMI.exe
| MD5 | 35a40b24b1eed5cc19db8da98690d1f4 |
| SHA1 | 4e14c96a44e481bb88b88290a0459db6c9805322 |
| SHA256 | ff830ca954bfd461820fd8c9aa36d71aeda8a1cc2bead14f8b09673f2292ae7e |
| SHA512 | 2d92d93275b1c845653aea5e480452925fbc3988ee44a73f3271be10c7b23b5875020a5f7c6caf7567914dd23edd69409f658f866e688fb68b3abeb362fc2f3f |