Analysis Overview
SHA256
42fb691ff2822651fc1de2eb10c176320d2a97c76d824e600ba4c5df4d415a2a
Threat Level: Known bad
The file 2024-10-19_07540665a1eb01b36d37811081e86979_virlock was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Modifies visibility of file extensions in Explorer
Renames multiple (60) files with added filename extension
Renames multiple (74) files with added filename extension
Deletes itself
Loads dropped DLL
Reads user/profile data of web browsers
Checks computer location settings
Executes dropped EXE
Adds Run key to start application
Drops file in System32 directory
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Modifies registry key
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-10-19 21:42
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-19 21:42
Reported
2024-10-19 21:44
Platform
win7-20240903-en
Max time kernel
150s
Max time network
120s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (60) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\LyAAsgEM\fskMgUsw.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\LyAAsgEM\fskMgUsw.exe | N/A |
| N/A | N/A | C:\ProgramData\RKcskcUM\WwEAksUw.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\fskMgUsw.exe = "C:\\Users\\Admin\\LyAAsgEM\\fskMgUsw.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\WwEAksUw.exe = "C:\\ProgramData\\RKcskcUM\\WwEAksUw.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Windows\CurrentVersion\Run\fskMgUsw.exe = "C:\\Users\\Admin\\LyAAsgEM\\fskMgUsw.exe" | C:\Users\Admin\LyAAsgEM\fskMgUsw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\WwEAksUw.exe = "C:\\ProgramData\\RKcskcUM\\WwEAksUw.exe" | C:\ProgramData\RKcskcUM\WwEAksUw.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\LyAAsgEM\fskMgUsw.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe"
C:\Users\Admin\LyAAsgEM\fskMgUsw.exe
"C:\Users\Admin\LyAAsgEM\fskMgUsw.exe"
C:\ProgramData\RKcskcUM\WwEAksUw.exe
"C:\ProgramData\RKcskcUM\WwEAksUw.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ACwQUYMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lGcYcIEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NAsAIQcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NEYMcAwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zeoMMsQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LqsgMAQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iUMUQMso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qkAAYkoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eSMgUQAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oyIkssUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MWscQYYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RgEMgowU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BikMwMoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TQIQcYwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FWMAwUIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aAEoQIQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EukockkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CYMkMIoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SCAkAskw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LCoYQsQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TwcgsIUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RaIgUcAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HywUoooI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jqYkoQwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cksMAwYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IIkMQAkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aGYwsYEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YmIUIgEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pQMEYMAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZqMkgIgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JuAAkkAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DcYQskco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KIcAMEcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OukUYcoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\amIAEAcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GUoswsso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MasgAksg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VqoowwAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\REssEkkw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pOsAgEMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eWsckUYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UsMUogMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KgAEIEYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\woMYIsYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GcUkQYwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dGcUwwsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RGUsIsow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\peMEAMkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oMoUUkQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KcwQoMos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\Yukowgcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AIoMMoIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qkocMAIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HWEsscsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pQIgYIIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1255792555-15056911831647925687-610333821-20826438246037966703412302651752395956"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dmsEQIIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XOYwkoMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\umYoAcME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AoQcoAkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KkAYscIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1774298286-323794148678702669-8340939331176269601186214126-1871917581-1014067553"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cQQwwQYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SmIkMQwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TGAAcgcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "119358663711847634251525602761718026853-18467628713099668021291348449-1718584358"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LuQMUYEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zEMwocsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dSUYEAMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YCAUkwos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-185273788-1746813846-774726604805899968-1685681423169347366150623907516560539"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-181779551618322130961977970153-771759765228084156-3768318-1306864440-155378352"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GoUYQYco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OUkcEQwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FwsYEUkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hSwsYEEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nuQUYYIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jAAMcUIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EoYcswUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yAAkwooc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "13660585781290790414-1403960033-1499756060-1332904945-484528484-2113831606-1024527764"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\keYsEscc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uMYIYIog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\siMIAcAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PwMEQwUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PwoYUsUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "413518202390532871-841146741-15290833141649374242-68055339388716474-1455804768"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PkIIsYwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FQkccsoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EeEgMYEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WqAgEIEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "9828457251020558643-43019175-1619995075-514467169-762778539-573599007-639875663"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QiIAoEsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mYcsEAYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-831859042092555593-1967768850165220844717630137255782100531494486206-1610712032"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IcMIEowU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1466763054-961720035-584400750-18375983192019962143-1224401526-223687372-1682349899"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QkEIcIws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "5620601142778125951318252852199196878768716423214483669851403944201800787664"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JuwkMQkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-20203393701317464109-301922261-881544803270763361050080478-1805640202861934007"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jSIsskAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "953818630267632885-14969642731055260856-20960116581020092850-496012253851767675"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lugIMsMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DMcoQEMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "577032585-204929933021306897514098058851454237846-1672687814-131598414637196399"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OYMUUMIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GIEoocUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1832264360-1052506733190314213-1069026238331151180445142883-2025379088484054198"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\msQkIswQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1735235776-238175762-1659096085-265262534-810299313837470664-379469706-1903055674"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1052370409-1604316796-3955798001831758865-435864182379227751383495914685126617"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WEcUEYYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-125539329-142489136012582387632143855650307722473-18245300291902440812-295131121"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "221465578-439052944139405272512607330041043569554264516659-5455920021554705283"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XyUMkgok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-4756427485186637021202887660-1873398210539805804988846065-1720378035-189311613"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PkwQgAIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-147011473014101126049292428410088089296761779321433393757-1251901133280427269"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-739766631-16905442092123514954-316374698-1514260866-14473349956160891251169347767"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "282936834-20814306451152470940-153217560015813117634813701551912087662-473336358"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HCMYIUwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "129728645114286129942023727054-632163426-62941853313069181402042502739212915604"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YQIoIsko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eqkMMkkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2051124343699645683363955411422819393-944746324482404123-671874079-1301770619"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "430430801-2215864091212851136-1982001937-17302115871379133576-1578306376-1251028644"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oGccUcIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-257986256909118879619833789-981957554578974477-1170420544114065216646888374"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "878946275212058401816356843161873196440-820239873158509774014963947071739429732"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QIIAcEoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1353032051-1905520266-1882756006-1924514117-1375038371518053246-1196204998741206916"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "7620530921220324601596184204-1823006989-728953419-7753860171925438077-436125475"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jeQwkYwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-9011940271273443918848656117-18140922251933100253-720831285-6015521981294801684"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "508561230-1417474061155244029813175531411553141127-20511726845327655401473920012"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-156571181012120485071627230122-373256179-15972328317268192421579778971824603228"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pUoYkgoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-148666921918913361311674985662-288006736-77202426228188341694395520636575645"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-514492055459252983-8073192155288378256998585631010658235-136170237-1900997786"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zocgwIcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-7120472771444255265587846688129362158021336285426298300713645030751200269799"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2825763001687522172-289146271903830129-491326094-11128149651312633621435678386"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jaMckIog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "877144106232079670-560268759-777900861-1398128456200410607717089872381063411445"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UGcIkYEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mWcUAgEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "48134526-2092682653-265880004414882925145879677115662493271064296942-654070258"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1126672672221702995-4734927201303456857-2121265372442284214-1719930061-1225550736"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aUIwwEYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cWYMocAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RyUIoMEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1679437197-2036250878950354787124738594-1341315291309540437326369689-912293532"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.169.14:80 | google.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 172.217.169.14:80 | google.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/2684-0-0x0000000000400000-0x000000000043F000-memory.dmp
\Users\Admin\LyAAsgEM\fskMgUsw.exe
| MD5 | 40dd2af05692705c23b487b3f2f06823 |
| SHA1 | 6a24459035e73a6059147cde74c69fafd14b7590 |
| SHA256 | f949e2ea2770c9a4b7ebca3b36a84ee8a8a2f184735070a418f939c6a02f34a9 |
| SHA512 | 9da40381857464ae1574eb00dd4c9d0b122fddcae07e76776c6ed360d7f0bf96fac9b1766b5ad70b70ef879084c59767bceeb251e284546024b870a41e29a979 |
memory/2684-4-0x00000000004A0000-0x00000000004D0000-memory.dmp
memory/2580-29-0x0000000000400000-0x000000000042E000-memory.dmp
C:\ProgramData\RKcskcUM\WwEAksUw.exe
| MD5 | 37a9bc937da607503832351da0299a5c |
| SHA1 | aff5c5c27d468fb9e49d7f6830bf6f0bdca276ba |
| SHA256 | cc514704b9f6fb2a7ee561f2f4114fd9e46f07b6840b96533507f0520480a449 |
| SHA512 | 57b8040f8208fd9067af986679fd8f52e23bbee3e34a9bdff96cc30642855511ca1e4d271e5f02790cca8c31a9acd2e6447468f449644741af52f455049977c8 |
C:\Users\Admin\AppData\Local\Temp\sqcQswkY.bat
| MD5 | c6743cbee2da30a3c3d7d4c9986fc121 |
| SHA1 | 18a31020f2bfa4530ce74f2b1179b97c8fecf74f |
| SHA256 | 857bd647a40d2451bad0e2f76e69edd5ba6cc24866ba7e3daf39905b73761661 |
| SHA512 | ab34d8f78df3b34871be6d20d4744b819c44693b207dcdbd975e5e509179c80392ada5d677d50fb24930e0d4d9172dcd4e7d2444a2b23931fd59976e07ebc46b |
memory/2684-20-0x00000000004A0000-0x00000000004CE000-memory.dmp
memory/2792-19-0x0000000000400000-0x0000000000430000-memory.dmp
memory/2740-33-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1012-32-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1012-31-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2684-43-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ACwQUYMQ.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
| MD5 | 477256402c581beed8f9aef56cebfb0a |
| SHA1 | af541187d2a0baaeb1329c6234c6007c5ef322f4 |
| SHA256 | fec9aafbd19c3dacbec0b2b1168d0720bdbc510b53919b628de736d15971139b |
| SHA512 | c2d14818d3a7fe9e15627baf34527fe76213e5d515e6995a81349dfae262ee57af96850eb6c61f486870474b853237a35d85cb295b84eb9b62ba80595cbe5a85 |
C:\Users\Admin\AppData\Local\Temp\iQsQcYYw.bat
| MD5 | 49a793955427719c81d475c4c0f9d047 |
| SHA1 | 8f31fb0bbbd2b6108323d3dd575c60f1d82940ac |
| SHA256 | 726a6063cc017cddf84daa0ce8a23e71ad6ea30511fba7100f163059367e7b32 |
| SHA512 | 235d11f0c4c5225b50542bba0e7b91e2d825772dc4f1605ebc422968673fb1e501b0e8ff9710388b6ee3ae24d069747005295893c79de8535fffb618a5b353ab |
memory/2152-57-0x0000000000160000-0x000000000019F000-memory.dmp
memory/2152-58-0x0000000000160000-0x000000000019F000-memory.dmp
memory/2164-59-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2740-68-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PUsUsQgA.bat
| MD5 | bd1ad072239c30ed18ab2e9b8c90b1de |
| SHA1 | 77649a398eeb7c863f995305943150aa90a67e2b |
| SHA256 | 5f65ecb1ad2f44da7ba835dbb998469838ca3f4a2a57e8e0e3e6a23955076194 |
| SHA512 | eded8a2bf05a7031a643a6282146ad3e8dd9c169930549d4ff9f209e534ed841b31cda2ab41e51ebd31e5b97b1935f5d11f3785030aceeabdb2d2177f0e02988 |
memory/2072-82-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1572-81-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2164-91-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\liMoUcoQ.bat
| MD5 | e0fb8b256c37813903ebce737191defd |
| SHA1 | 2e3467bbc8a3f2d89f9ca2e6b8a3a31e39f25258 |
| SHA256 | 7dacea503a5c6fdc5f2422cdd7beb30f3961ec6b2470d7959677b6b56a3d90d3 |
| SHA512 | 9f53cc2a1de588abfbdf53ee4a9d3637a18f027714d5df54fddff87309f0a0a0741e7a4e83e55f3ba08463f3442f920890b2ddf7c3ff4f1122d6232da88bd0f9 |
memory/2036-106-0x0000000000400000-0x000000000043F000-memory.dmp
memory/672-105-0x00000000003B0000-0x00000000003EF000-memory.dmp
memory/672-104-0x00000000003B0000-0x00000000003EF000-memory.dmp
memory/2072-115-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zUskkgcU.bat
| MD5 | da529d0fc8424f06394d3603d4867548 |
| SHA1 | 676c95a5ff9f04ec260d3c04e08629ec2a2ba233 |
| SHA256 | b627cffc14c4ea8296cd9ecf33d927613b1f70b4d298e24ea6bc9f57887c9eee |
| SHA512 | ceb8924bda7e92ee3cc450d004429ad6bac9e247497ca845bc7615617c7985944c2d25be1c1015b84e2c3031e28b3ec57c89dd81938faf8030ea2e1d4fd85146 |
memory/764-128-0x0000000000120000-0x000000000015F000-memory.dmp
memory/2036-139-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1644-130-0x0000000000400000-0x000000000043F000-memory.dmp
memory/764-129-0x0000000000120000-0x000000000015F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fesoQAQw.bat
| MD5 | 4db5d885ec1c9bc3db153a8002653203 |
| SHA1 | 0d81c24748a5f23b15bdd87786bca2cc06961d38 |
| SHA256 | 5b0c62ca98d80ee53367e3082cf5f0222e3c8c4aed36e0c1f4a0615ad26e86d4 |
| SHA512 | e6a5e655bb9c4105ff70364a3fb6b52092b717bd03dc6939a5ac8d1322b932afa8a786d7c530574625b234753de41dff9c153c9328466a3297d7dd445d4fc75a |
memory/376-155-0x0000000000120000-0x000000000015F000-memory.dmp
memory/2388-164-0x0000000000400000-0x000000000043F000-memory.dmp
memory/376-156-0x0000000000120000-0x000000000015F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\eQUUQwok.bat
| MD5 | 282a2e3a2ff6989dae6fb2addd7c252f |
| SHA1 | fd171ff98346e7513a64456722cef2cb4137c4de |
| SHA256 | 2d043bb3144354c80f77c34a8dfcf95ffac1860a17ba47225abb6d2ba4797332 |
| SHA512 | 396ba0c2fc0ccdfb6f8c9ee4586c7b255eae503d13703109142357664cb3002e64f02bb362250626e5d861d5a38ee44ba753ddbddf3c767559ac1fd318f318ed |
memory/1560-177-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1560-178-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1716-179-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2388-188-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\yiEAQYAE.bat
| MD5 | 88925de6f7503a0a607d5c1d6de2e196 |
| SHA1 | 4d126c9545e83409fa5eba35d0f97fcb0c785b6d |
| SHA256 | 32c7ffec0a985e4be5aaade0c381d999b55d7e885a7bd412a4ef78fde82b44f5 |
| SHA512 | 7c9c247c28609a9aecc364aec3a95351498e345c42d4516ba2a72039bfeea772b5eac222eab5be7835a21b74f91acb959746a1bd7119bfbd2ceb6afd9c432fd2 |
memory/2816-201-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1716-210-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WOYwsMwY.bat
| MD5 | 414eebcba3bf2e38fe70728606d19b14 |
| SHA1 | 79c4ddb5bffdbbc939f6bf321346fafbfd3209a2 |
| SHA256 | cea15bfd3d7dbaac304f53636fc4bafdad8a894d99847ef7c125ca7d599a19e5 |
| SHA512 | 23b2208202fd4ba50b1b046214795582444a66bc5189943ce30e004ba07c7932d823cc7e955360f4cb8391b9fa9897fd7ba25f4953c6ae60a67d508f5707e803 |
memory/2268-223-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2816-232-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IyowoEMY.bat
| MD5 | 782ce565d69f796bb585a044c58b7ce6 |
| SHA1 | 5bcccdf1af157ab87ac657309e1f605b7859cfe1 |
| SHA256 | fbc1a0d3c2d4c5132030d632070dfbca0d68ced560420226a6ae0f75e42cd3fe |
| SHA512 | 4ec9e1cc713e17f2d7c56f90ae3df6a053050d09e040172ff38d4fcca17f0c958fdb814f6a910ec0a5b35bf8f61f2bc7388e2b9afd5ecd91e4ad1a8c4b4ce7cd |
memory/552-245-0x0000000000400000-0x000000000043F000-memory.dmp
memory/552-246-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2268-255-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\oCkkIYAA.bat
| MD5 | ca54e36f0e1584940bbea66019ea4044 |
| SHA1 | f61e326827617fa053b0cde270210e7a5ebd321b |
| SHA256 | 9707ee2ee28017cc76aaa489ed303b1fff950f502cc60d38094c98299ac1b8d5 |
| SHA512 | 87ab4a86ffb3b0ae2014bcc1a2665a2350727ff188db5c9301ab7dc2e2dcd9242a0b5b09904605810b288b5ce761123b81c1cc5fb0a2ffa26cbffd987b418b11 |
memory/1596-278-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\reoAUUkQ.bat
| MD5 | 138b5dce4d9ee09e8d37028cd4457231 |
| SHA1 | b8645235c58a84fd779cd072cb25501457b51cd5 |
| SHA256 | cd43fcd39b7e157d0624276c24a4ef9462199130958d4b1eb033a3258b1b2093 |
| SHA512 | f2c8ebaaa6c2061c5b0a0f3c5b253fe9264de3dc6c8e18db92c2f6a48266deb0c20b0add4cc08957aa3c09fda37ea566e6e741838fdba2bc8aefd5c92fb4d5ee |
memory/3044-291-0x0000000000160000-0x000000000019F000-memory.dmp
memory/2688-292-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2356-301-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\xWYUQIoM.bat
| MD5 | 0a8d7bfa0ff6e76ea1d79839d00746be |
| SHA1 | d6faef21aef4d1993fddab6d0d0e3e5b30e1bfff |
| SHA256 | 627ab3b9fa54220bcee42094a7c0c642f918da9e8ad547f8111a99968c9f422e |
| SHA512 | ea6785b875ab2b193828f5ccbce61ff120020392f27ef746e6ed3625c56dbe8f8dd9a378bddcd72b85cf37f5c60673e72cbe9b95fe79050c8bd1015db38a8ec8 |
memory/2004-314-0x0000000000160000-0x000000000019F000-memory.dmp
memory/1852-316-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2004-315-0x0000000000160000-0x000000000019F000-memory.dmp
memory/2688-325-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\piAMAcIE.bat
| MD5 | 8bb69e29f53b799593ebe64c4431c349 |
| SHA1 | e5b9d9cded421285afa4563ef6daa0ddf620fec0 |
| SHA256 | b2b5731ee4397e20dd75cc931c4a5faa4e897deb2b3302b7af7a8761efbd244e |
| SHA512 | 200a369ab98feeb5f231436e845446262b79f70bff4d9a700a5d1eea03df87d3f52a127d8c539444aa9533a868cd8839f8027251b2063cfbbb662bc4e44ca414 |
memory/2164-339-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2064-338-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1852-348-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\DowYwYEc.bat
| MD5 | e2ddfdee9e6270a3aacbee37d623e146 |
| SHA1 | 7edb029305e98d81b3116ded156d5946383e2847 |
| SHA256 | 3e0a50a75cc48269101e37027f3fbcf0e571b0592cd9d7cd0048ea638b98721d |
| SHA512 | 5a145b586d680ce500f5de7e75222cec656f789a2a25ed6c19bb9e9000d10b22183937fe1be29f0c5f0a72780f86c38ba0c31c04512868ba2e64893e08914be4 |
memory/2164-371-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GWIgAcoc.bat
| MD5 | d57836d27591cb52178125f4cdf04e57 |
| SHA1 | bd6f4bd11a9161ef1628e0fa228c6b80502f9996 |
| SHA256 | 83ea190550972164ccabd8f6e07538e1c9249be63c6b2bbab0a423e1839a948e |
| SHA512 | 45f5d6062c07c1d6600980f13ff3b746567b9ccea1422647c42c93967a1cf80ecbbcc09d514586c9053d8f2daceb49c131cdef2dfeac3be7b82a5330f2c04292 |
memory/2976-386-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1616-385-0x00000000001F0000-0x000000000022F000-memory.dmp
memory/1616-384-0x00000000001F0000-0x000000000022F000-memory.dmp
memory/2412-395-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\mIoMUAMA.bat
| MD5 | 5437a388e1cfb0acff92bfebc1aa4b4b |
| SHA1 | e486f2db169dd586af719854101a5d11199d0ce9 |
| SHA256 | b9605f98bd8e79fff3d98b5ed794cbf639cc3856cf5587d664ac919e765357f0 |
| SHA512 | 519ce8afd57fcc196910cbcbea70531e743fa2f093a135f33837b14772a65f5e356bccd3778a5b9c20305f1e44ec1e2dfe89163ec036f6520036e718c71ca138 |
memory/1900-408-0x00000000022D0000-0x000000000230F000-memory.dmp
memory/1640-409-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2976-418-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uSgAwwEM.bat
| MD5 | 18ee110803f5525bc1f5d39b036cd891 |
| SHA1 | 8ea9fce94aefde3699728d070731eb92f1b00be9 |
| SHA256 | fa0634ee93f06ce5f9de27758fea403e476782acd1e5431003dc94befc71a4be |
| SHA512 | 9c4571ef8d79b67725e4d347e32c05581975d54d611c1c0fe554bb3c4a688cee8d24ee480606a303ef5d20c7aedf654968df45551d6311563ae81088fee94ea3 |
memory/2404-433-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2388-432-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2388-431-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1640-442-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qKcEQEws.bat
| MD5 | ce10dfe3441d9beec496005e482d52c9 |
| SHA1 | b3793cb5fb314bb426e7fc45a75ef94aee17afdb |
| SHA256 | dd24734240d411a60a45ae8579a984949d15b2831afda28c4e63d1357a274fa7 |
| SHA512 | d28429f59b3ebe07d2785b297eb6ff2931b6107371d0f4b4959f46afdb8871a95a81ae8e5fc37ade46cf7f80a8edf49ff80e790859f890a4ff04d4ee731a388d |
memory/2544-456-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2544-457-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2952-458-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2404-468-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\SUEQYYsA.bat
| MD5 | 8abf7e0f01ec3151f618f94b93ae412a |
| SHA1 | 3c374865196e9be7fccb63c873bb04bbd258b389 |
| SHA256 | 870bdecb00a82c4499a0f9a3db624621405b42d5da8a9b1fc93be3e785bb4aa8 |
| SHA512 | ef06a1e291af3e9bf6d8484476ad1a58f6f74713ada02f5214730d07caa3e8332c978b4af81723c4c37c9c3fec309a141cc6d0939279c86150b48c76de86720b |
memory/2352-483-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1048-482-0x00000000005B0000-0x00000000005EF000-memory.dmp
memory/1048-481-0x00000000005B0000-0x00000000005EF000-memory.dmp
memory/2952-492-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fSEgAIAA.bat
| MD5 | ac6bdb7c0f404b100ebbcb187c81ac50 |
| SHA1 | d9de210b2fe2c77610af8f0776152d9b2151f343 |
| SHA256 | 16450545c55bfef81e23b660db5a5d610342d5fe08d2ce7163eebf969464a33c |
| SHA512 | 81120d42e2ffad77cd825db8f456c9d58b1904b5b7924fe7df8fa9e2a1789212b28b24dcf16049012a81dc6946c324388f084a7900dd75a972ebe5e6dd2bdadb |
memory/2140-503-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2352-512-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\NKMwAMwU.bat
| MD5 | 386c43ab82358c08beed846f3e29eb88 |
| SHA1 | 68a8b3ec13ca250d8fe47caa884474f0cffca8af |
| SHA256 | dc0b0ec509aa08d57a09b491d18cf2d409a8a4b2db6f63ac0a222d46a9fda307 |
| SHA512 | b3ec8ce3cd875bbc21d9dc6a3fe9a051deb6b6a3b11bce76cf31846a68e53a6f67268e1149be6bbdbed5a9ee52d8b3c0cca95cf3408ad22032feb02dee037e2a |
memory/2384-522-0x0000000000160000-0x000000000019F000-memory.dmp
memory/2140-531-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zqgskwUA.bat
| MD5 | c84bad552fd14e26ae7ece552b5dd5bc |
| SHA1 | 983f5aa25ad0b3e6787b882e8e3065d2ed5a7dc7 |
| SHA256 | f16378ad6e8f29fbfd838a4a0470e84014bc355d4e0472fe21e5876ce65f022e |
| SHA512 | 70929a5b14a5f7132aaa8f237bba3e56fde6fe56e0f16cb3a536cf6efcc62c345326aaa48f441538528a2e6848b839b1349ae0b35f280efba2e1f097e6e0a72b |
memory/3020-542-0x0000000000280000-0x00000000002BF000-memory.dmp
memory/3020-543-0x0000000000280000-0x00000000002BF000-memory.dmp
memory/2536-544-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1704-555-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\JYsMEUkg.bat
| MD5 | da5ca63e8200f0dcd4b272d38d056b82 |
| SHA1 | 15ce9394140239466d33ac88579ae503c0a44257 |
| SHA256 | 18e9526ba6a48af3810b9f5dd58c2623e3bd4b5f6fa4744713e8165a104a4958 |
| SHA512 | c63901ca8d1bd8c734662caee7f8131e0a7e392d9c8850b9cb687fe372e2e3fe644e355b0b6ceec87e421c430685988f87f46d6bcef32d8e16d93a8c93c1142b |
memory/836-566-0x0000000000180000-0x00000000001BF000-memory.dmp
memory/1768-568-0x0000000000400000-0x000000000043F000-memory.dmp
memory/836-567-0x0000000000180000-0x00000000001BF000-memory.dmp
memory/2536-577-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OkgcUUUk.bat
| MD5 | 869adc0749c05c58d87860e29855a9da |
| SHA1 | ae830f34271b55271acbb159163a1c6e1eb81451 |
| SHA256 | f0cb44c40954dbd9a35bc294d42ee893c43e9d8acd3ab46e802ccd47918eae31 |
| SHA512 | 07c4a61f82dc565c46fbe3babb2c511c090318a76894a220484bfba6547f2e39622ae86076b0048b697187b32322bbd47c60285332d3627d32f01fd76679718f |
memory/1768-598-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2104-589-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1628-588-0x0000000000270000-0x00000000002AF000-memory.dmp
memory/1628-587-0x0000000000270000-0x00000000002AF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cmYUQckA.bat
| MD5 | ab32b97d0d8a0677a6966656f67eae64 |
| SHA1 | ddab3409036625cc305cd78519872f57b3925c25 |
| SHA256 | f6cbc6f139ab834c1614c66f7c6464b11ad1f233d4265977a677b67346a071da |
| SHA512 | 6e1d6e5267a8d79cced8b1858473eb4ac5d9e65d0d2ae4df5e019ee9ed1067e1b5d227ada2b433c563276d3e511f53314cd3dd5160031f8e61392aea2c315712 |
memory/1720-609-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1504-608-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2104-618-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qOksUMEY.bat
| MD5 | 1e42e9c9f3d9df8604d8096aaeea84f0 |
| SHA1 | 0b927973e78b8cc4f52c127c0e078586afc9d429 |
| SHA256 | ba6c827ddc1ef17af8db7c4ab2ba5f71cd87a40b1a8a93e82dcd400d8e4f072b |
| SHA512 | 9499f1641170710f1432ffd55d0555261392ef8558c5ce339ef2d86b217c4a75184fd72dd71d8e7480787c8787e9cdf81c9eea9d197bebc25e07f09f453f76d6 |
memory/1860-630-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1964-629-0x0000000000160000-0x000000000019F000-memory.dmp
memory/1964-628-0x0000000000160000-0x000000000019F000-memory.dmp
memory/1720-640-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EaIkAYww.bat
| MD5 | 1368fe18b768d4f105773214d382f8b8 |
| SHA1 | 3fcc6963b5e63dbe7c09ac47bbb26c2b695f2347 |
| SHA256 | b39cd562285d7bcfc3a08225875e0e3c0740bed29d00fc73a5382b12ce72a1af |
| SHA512 | 05942ce6bb16b647fdf1b9c73444db1e3e4638f1a9fa17cf220d90b6e5d2af2d045f87e71acdf49b0513502cffed4729dcae977c4e5fc0ea843579619d15d5e7 |
memory/2720-652-0x0000000000400000-0x000000000043F000-memory.dmp
memory/868-651-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1860-661-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fUMIcIcM.bat
| MD5 | 9a744598fb45223c43dbf2743eb12bca |
| SHA1 | 5511e9bf8975ad1cb488f6deee37fc5f268e699b |
| SHA256 | 5102bb977b3a996238dae83b3a0224be457da5fbc1ce8550ada930bac4d158c0 |
| SHA512 | da0b179e4e33f46eb569373e640281a43b5ce7e8f689c59397b59836844032ad963c376d65ec16cbb468b2929b1cc8b457b6d444d67d2f53773782fbb93d72eb |
memory/1640-671-0x0000000000190000-0x00000000001CF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\pGgAAYMc.bat
| MD5 | 00dba682923ff667d9d558e2e4ecf4a2 |
| SHA1 | 13738f956c3da39b7a598979689ab22fc3ad7add |
| SHA256 | 9fdbcff1a838274b0d2b3b2e3855fa0a52292bf3d93afbc667ed3599c17158c4 |
| SHA512 | c20f4231fbdf7a3d5bb7a6d0f25722a2e4b46cd6f55f9d8ac75f18c753105fd727b38733d13ca40ead57e61337fdb64f5f93a76c16f4e6fd13485cd2605bfa10 |
C:\Users\Admin\AppData\Local\Temp\rGMoIgUI.bat
| MD5 | bd26aa39c23cfbfc0a02af000327b4d1 |
| SHA1 | 3670d358b4c19cd9b334717054adf5a64c5778fe |
| SHA256 | d16e5df65675c30c09383ce31bd64c0cb5a867e261ebef40242dfe32858ad715 |
| SHA512 | d8dcc153f34304afa625b080e762899ab659d262a7161550a30981f9e52a6dbca467a5b8c73daa8eb4ed92eb7694bf14af2f28bcf53bd6bfcd3fb319c1e25d91 |
C:\Users\Admin\AppData\Local\Temp\uogC.exe
| MD5 | e1236985f762cbdff27396861fd1f7f7 |
| SHA1 | 2afb146dda65ee34ef77b0efd2f4b77777472496 |
| SHA256 | e90aadc0f800be839efcc1202d10b0fe4f4b261cbeef848539ce01dd000813a3 |
| SHA512 | 6314428c0566824f51d1ee921a82646a1274c22e72e6d30a895cff07b0d227199f0de2bfefdf5fbabe4de21b29d903c3e83fc0b630214e70075cfa476d366c33 |
C:\Users\Admin\AppData\Local\Temp\ZQAcksUM.bat
| MD5 | 51bb671570312113edefd74ad084092c |
| SHA1 | d56a5d4da46969205965f8ed4d99a94cb77ad9b8 |
| SHA256 | 50a5610fe1cc50ac60b01f3dee789bc855ec59fe0c942898bf45db1c82082a06 |
| SHA512 | 7b27f78fac6212defa407e24b4619444c7fec3dec1418b1b3070cfd50df0a5dd2bad0b65f1b650faaa44afe4d2c2147076dcefe8d940f248c9ba1f7606651de7 |
C:\Users\Admin\AppData\Local\Temp\QUcYggsQ.bat
| MD5 | be2e70e260f8abdc23044fa79fe9568d |
| SHA1 | 872eb2df92db266671323aa207b85ce8dfe8fb0b |
| SHA256 | 58fb967a49a84ffd0e4d52431a7dd8a851d11cd5c5a409e57770c995a8353b75 |
| SHA512 | e1a5dc1c52832aad0e92cc72bdd2b0bae12dd4daa277316573ee6421f5a3382e69b36203efba05ee3fae0d61d07bc52907a994efaf6fed9b69108cf4cf828d8e |
C:\Users\Admin\AppData\Local\Temp\yoUUQwcU.bat
| MD5 | 189ca6a6a4c3df4a187327ff3ff2b832 |
| SHA1 | aa957ea4344c6a19e98c4df1d6bbe165c8f74ce2 |
| SHA256 | ea8de026b083cabad59f79ed2481e169e3cbfb4877cb8e93c4d6af5ec8c0c583 |
| SHA512 | d193f5ee5e466fb32c866de9d50bafb6e722e3709ca3516c537f1f1b7795e0855c6f9d0cb7a826ea1208ab4a097054c50a0fb6818dac80b7f1f0904ea27e4be8 |
C:\Users\Admin\AppData\Local\Temp\OMMQUckc.bat
| MD5 | 5d08bf12aa6ca3f9a6ba9567d3a9f83a |
| SHA1 | db352eca62c56b8ed8b5c8930cb9420cfe499e46 |
| SHA256 | c74b905ed7d0873bdf63af4cd22abc79c736a70a0a0f7d8e2dd016a4f4cce97c |
| SHA512 | 0837fd906ddc465d8afef99aa57d86ef0f205d7b1ae73e97f06c0c709eca882d02ab80adbc5c8300e28b94e0352c67e76bd1c6253a4a46200133e6e31bef6a42 |
C:\Users\Admin\AppData\Local\Temp\MoooMYwY.bat
| MD5 | cc56ba2788a1421027ecfd7ebb58be3c |
| SHA1 | a5cee9c1b03d5a3d80022958167ba8ef8363bdf0 |
| SHA256 | 832bddd6bbd11a0f04205acef13daade01eac8c2d13c5c83525f2d366cf86c50 |
| SHA512 | 1ba4bf76eb3807cbffdda49436c559a3436bf0998e38c1c81811561d806557edc819fe64b44f49ec4778c89a605a4d7c1fc6c9e5bd8315ddd724c4e7d553e154 |
C:\Users\Admin\AppData\Local\Temp\yKQEAkEQ.bat
| MD5 | ff5f4eea3b6ab4eb1afcce22b8eb43f0 |
| SHA1 | 0f5f82d1b98e7baf59e6f09a1f52609dfa13cb9f |
| SHA256 | 134ecbd55127a16d598e299408a8a138d231558cb9b52060716a03fe44d9db8a |
| SHA512 | 3cbb75bac8a7f5513fb3eb34e4b45331354596db77350b0d1ac3322cddd74330febf1c0750c66ad15d9c7096ec37173c8698d00050d674a5482cb2f2456ee182 |
C:\Users\Admin\AppData\Local\Temp\HaYsYoQk.bat
| MD5 | 06a4df47d13a8176812d9e34cc514d96 |
| SHA1 | 1f2eee47e2ba6ff3e0b70fe4e70e09ce08883733 |
| SHA256 | e4b18db123b63dfc2c1d98027e47015d775e8ee29641dbe19859b7d00667d35b |
| SHA512 | 8ab5a907edf7020556c6f3326efb9c9e3e5599dd2044eae59d44022797b95d52a762ccf79257334377d296a9ce3e8d4c8ec2c3a1ef3473b9e3279403271f8554 |
C:\Users\Admin\AppData\Local\Temp\LKwsEMYM.bat
| MD5 | a495dfd30f1bf1c74142b8447c90d0c1 |
| SHA1 | 518fde376f04d01fe018c4a53201334ede82f419 |
| SHA256 | 60d9f5befa3d234841615cd99604999bfa6682dc435ad3a7b07daba849fc1aa6 |
| SHA512 | 4a3f6067e8f425e7d8dd7b24dc9b7fd46974d003b404e1a810758741c783f4d8f866f027632c2b3911dbc2fc2a97834e0d934ac1c6f490d3556c2a9843d29e77 |
C:\Users\Admin\AppData\Local\Temp\zwsUIgkU.bat
| MD5 | 13a94a75485df5d6a2d42611d4c02672 |
| SHA1 | 6be7f72ffe730a58214f002e4cd566f54cd08266 |
| SHA256 | cdb68bb64d17cb70e87f4b7160b3a98134a662908229c86c9c3b13a7eab7820d |
| SHA512 | 43f4f5a1c2790f6f7c079ad427d2c570f03932cf9e1488027a70a6e4bdf794ea41ed277dd664dbfcabbfacbfff582ac718bfddcd6692f0e552ac9fdf7b160288 |
C:\Users\Admin\AppData\Local\Temp\wUIcoMMY.bat
| MD5 | 947011ed02280c1f43a2d70c9959b82a |
| SHA1 | 2ccdacce7c680c08f3df87ccfafc115a9647a740 |
| SHA256 | 7b87da9c91db2783b95f05058e04dfaa4523f0acc4e4d0173307a342cdd4181f |
| SHA512 | a497ca4f064591ac1b62cfed8ab8168188f69c30a6533f6f854e8698375165b53d57287edf34c96503a1946690b7f577a507e9ae3820d0f9d792b5668041b4d7 |
C:\Users\Admin\AppData\Local\Temp\qcEEYIgQ.bat
| MD5 | 467417ff3789180a77a52918435379d7 |
| SHA1 | ac85ee48a6640da209e02d26793e4faa9f0a76d1 |
| SHA256 | d2dd4b3b7af47ee33c4a50f60dfd6e70559c2a57ed8bb28e6c088a303425143c |
| SHA512 | 9998642b2661ab8c8d68c5d82a824b5732ceabf136687e1df759d13ffdefca03954faa946ed90ab2bb3fb5fd6879228b129235e18ed8580298f199cc68d9b7b3 |
C:\Users\Admin\AppData\Local\Temp\OWcQYokc.bat
| MD5 | e523c7787a73ee5ebc179c74ace1ec4f |
| SHA1 | b0e0dbec1be2d90e93d85b965d422d57fb873eae |
| SHA256 | 00fc1ff3750de4ec14ff76b298511f361cd64fec99ece3956afe20e96da13a33 |
| SHA512 | 9ba7acc0268162a9d6fbb70429fe05a755101ce57ed9cf6c34488914e37b43b4f6da57d8fe24c0beaa7b6030a03a650a4a3bc6be9e1ab1656a218efd4c311c47 |
C:\Users\Admin\AppData\Local\Temp\oucQQkwY.bat
| MD5 | 0af0fd9986d78648c80fbd96fe2e4286 |
| SHA1 | 8685d53a15eac8ef3ca1349b208f2a3568c88333 |
| SHA256 | c9903fae99bfb7c6e78850fd462ddf9bdaf7e97f381bd95cbcad7f3b56cf77e8 |
| SHA512 | 10c3561cf29ab1138a64491a5b149f574242b7a8e3c992786b0cb829e6df33b04f4718f5648e023d06386bedd831f3024085aff1ea9372a5db48d3f3673615c8 |
C:\Users\Admin\AppData\Local\Temp\aaskoQoM.bat
| MD5 | 0dfe34e580db15bd4942c443f843776c |
| SHA1 | 755e56e3acf367969648ea88812d1ec74dcf334f |
| SHA256 | 3190dc6e2cd251a9da9f21b627fea2f8ed70514880609868df5f78b3a34457bf |
| SHA512 | 8c8bb23f4cf714bb3939d5f492f3a1d273588e706ed7c4060adab904d02013a33b2d46a17b248ba95a33f6e3779e84089478539a739d4e248170527044e1c155 |
memory/2332-1024-0x0000000077700000-0x00000000777FA000-memory.dmp
memory/2332-1023-0x00000000775E0000-0x00000000776FF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PQYowcEs.bat
| MD5 | 6f21e6b8b2a9de4a719b5e1b38f11b9a |
| SHA1 | 3affcd4794a26a4a98b06712019c0ce0ef6ff6ef |
| SHA256 | b34642aae9e024ff3916d1281c6aee26abd68fbd133a3180872e10fd60809fea |
| SHA512 | 30c658c8826d564f6d744b8ae6ca08e4171dc6e58158c07eae1d795d022affee41c98618930f5c369b4c06768800df182365e8e9f27221d1a6b28dc5eb7d9df1 |
C:\Users\Admin\AppData\Local\Temp\bQYkosgI.bat
| MD5 | 3f982cf5cc4318eb56d7ea712a08398a |
| SHA1 | 3a2984d2a017099d5b149922d07b01190d26445a |
| SHA256 | 3a8fdcf41ce16072986291b3973118839b9cf5d92350c7dacb4dd1b291f83485 |
| SHA512 | c3a041f68fcd81c0ecbaff02c9927cf9191e9dd1c7b192c4d87cc7677dc966ca98f839503084a8cafe8e783241b54bba90222850d7f88442e84e265f5340bf76 |
C:\Users\Admin\AppData\Local\Temp\JmYkMcIo.bat
| MD5 | cf5d046dcbf55b03d44bb0764d374c47 |
| SHA1 | 4d7e00b4602b1e0c06448e0ef3e95dadd1dd3749 |
| SHA256 | adbe287f213b13c7c4fa7c7f3d48fd123027d3cfdc3194696a6d0fbdaaedfa75 |
| SHA512 | 1b7235581767d6a4342eb6416aace1291c3ee54391e245111de73e67799d1a1c8473453b6a2bd8dd84ea5fbaabb6e0b0b441088dba2d579860bf8c4d534f7bff |
C:\Users\Admin\AppData\Local\Temp\fUUgAsQc.bat
| MD5 | ef75da27af0a1de5a5cdd4598b50263a |
| SHA1 | ac6a4da9a627e276311cc9b1273a3356b763b2d2 |
| SHA256 | f9fc5c43fe4162d1bdff7c5e4d84c1f86339480ab52bba2a475b9f5661075f98 |
| SHA512 | d607a6fe158638c8c9ed105c2740d8c5f527a16b0e20d0381bd8e789ced5c28c2a6ebbff5daa77eba5330d8443dd0e0d42c0c142f5c4862f9ea0cf8f7b6dd9d7 |
C:\Users\Admin\AppData\Local\Temp\qqkEsIQk.bat
| MD5 | 171c3515097c0d5fab1c1c2840fbac70 |
| SHA1 | 83c9ba2548dfa96fb5f3d2d485d35c61c044d977 |
| SHA256 | a76ceea180c29f175055a078738ce180d981acf4089dd6318d3c725cdacf9719 |
| SHA512 | b580c99ace71fd38de51e653d5b6cd2d784cf42caa9c963e89c7094caba2200bdd892fb0984013684cf71df8b59805c0e6867b455a3e52b4cbd83a222d1d475c |
C:\Users\Admin\AppData\Local\Temp\GiYEgAEw.bat
| MD5 | 737ca3e054b9b0e974899a896fe7c66c |
| SHA1 | e66a93ee04171f0c771d972343d247a63cde6ff0 |
| SHA256 | bd93d4d14b9e0bdd499b256be61e225f5168e53e9705a177c7ad5f21c20943c2 |
| SHA512 | 69558df33c73551062c1b660233cb401637cd4c4c2a246f94fef78aaa3b3b0b92f12d163eba72672aa7b5bccbd9c577c8be1343f2b833f872deac771ddcb9893 |
C:\Users\Admin\AppData\Local\Temp\YqMQIMcI.bat
| MD5 | c85fa62ecb73f5b5418dd885778db29d |
| SHA1 | 344e6e57782ad5ef41bbfecadb824f17b226d18c |
| SHA256 | eb9cb9a033456b84b7a2c1773a44ac0750ca534c520f27cd5a809a8e02c77bf4 |
| SHA512 | fb8c4f8ea4eb8692c0a096883d1171a0a57808f3b04e121dca0b37b0dc5631bc264ed9f4d7bbf2384f9bf63fa1fbc3048170490a17562905e746e30a2171420b |
C:\Users\Admin\AppData\Local\Temp\qcIwocUU.bat
| MD5 | 0d666ef5f296b2ce9d013658b531afd7 |
| SHA1 | 8840b1a72fed7738a3b765cfe1d49ba7368b9649 |
| SHA256 | 344cb07a5020d08e00a9b047e991a6c416d93772ecb70c3fea8df912bc8a4aff |
| SHA512 | 2a37d0120b415ef8b7fdffa00d15cefac9e1c1f820452d13a3bbcf16ff70e2dd23772a043f280996b8ffe9e7d02aa7d3e3ead1a58168d2770bdaf14d73a49c34 |
C:\Users\Admin\AppData\Local\Temp\AssI.exe
| MD5 | 57d0f3868db4ac0d1d73a15c6bfd7444 |
| SHA1 | 681ac015dcf3edbd65f0d698dad70e975fda1577 |
| SHA256 | 75a774d626be1277fbef6aed45317b789c46603d10ebb60d1fd971bfc5672672 |
| SHA512 | d9563945e3b4132e6f12e5c9ce00a15040446e7a434d90fa17b64aca414426007733db18a3a5d0eb352f5d3a69f6a6e42cc3ffe16fc739e52f21faff80d4c952 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.exe
| MD5 | 7a54d6d972155bf0438b2a0cd4306fd6 |
| SHA1 | 1e93289c527b86aeea549a59e778a134a61e47b7 |
| SHA256 | 8dc395004cc911774ab596ecba63cefd24628614c631a43e450918806a9672be |
| SHA512 | f0fac22758a7ab4d2875bb512d20c37facb750604a15eb070a8fbb2232d19a82244e4a97aa2341859098ff17469aefae317d98f96fbebdcd6ef7d552f7d3305e |
C:\Users\Admin\AppData\Local\Temp\uYcO.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
C:\Users\Admin\AppData\Local\Temp\KIQK.exe
| MD5 | e0cb059b6aa7ffeb7977345804ab7c37 |
| SHA1 | eb01c9abb9ba3fd8df3c8034b20e6c4e5afec266 |
| SHA256 | 484ef09946a7f9d28b00f41bfc1da04beb85b6006ba29b767cea1fa687e6c297 |
| SHA512 | ec8c991d2755893a0e147ac38f22bc7dd386cf8f132dbf9d7ff9ce86290dfea637d81b8567e9fa339b8d1ae70794dd7d16a975540a7589f216bf06b381443f72 |
C:\Users\Admin\AppData\Local\Temp\EcEe.exe
| MD5 | b6136ef43b51025c72f6634b99d0b3f6 |
| SHA1 | 35c00ba41ff2f1263fc9cf9f489763c2c3d2fc41 |
| SHA256 | d6aab35fe4ab70f1b171ab03f6d9c029d1beb3067073c3ac80ad3c041d81d96c |
| SHA512 | e939a5ed2b7fa497c41ad50e3b6eebec3c906672ca36866b1854745d47ea0562ea05167521900e01f452d5d394755cd7376f563ce283b89b7fa9812eab0f96e5 |
C:\Users\Admin\AppData\Local\Temp\WEYw.exe
| MD5 | 6716e85b7ea1a7383a43ea530582ed07 |
| SHA1 | 504fa80689e0734567c497f6f2d72c4b066399f7 |
| SHA256 | 43a307fa52c222e1934e7abf6dec7ed940a3dd1cbc12a567cf57fbd1ac0a7968 |
| SHA512 | c9f9c6299d6a9a892bbe1fb7a40216adce4615ec42886a7bdf32c6d8e007a4aad895b678d53760473d4941868d0e840be268bc60e1041e32a9ad3438f5705e36 |
C:\Users\Admin\AppData\Local\Temp\qeIYQwEk.bat
| MD5 | e8969bd4e543b2482279e8ec3371b6c8 |
| SHA1 | b877ede973434760de08dc46ba77c91e02d6a41d |
| SHA256 | 2dd14b98a32d206e9c00dd344a07e9ac18b62b33764fb8c3733bba50c4bb25f2 |
| SHA512 | 17dcca1eeed89f0cb61a2e317f1023fb7c9f69627d15b24982bfc7703b0ca79b5ed68eae0ea50f9a02cddf91cef31da655497612164c8349bb718ca274949570 |
C:\Users\Admin\AppData\Local\Temp\kcwM.exe
| MD5 | fad23175c3070e861052cad6eb8a2de1 |
| SHA1 | 01f243f5497a090f560c66c238d9fab1f81ed099 |
| SHA256 | 65000597229df8920ac3174e511adaedb81406262675780ca938fad31592e4e7 |
| SHA512 | 413c6e9d76027519a440440bf66955fe67acb09d36b5997e8c1f0ada318aba692f5d1396cfff437f4edc89b4d0dbe6f4e27febecd06aaf56919fd2f6f2a22a6f |
C:\Users\Admin\AppData\Local\Temp\UckM.exe
| MD5 | 7579723efaa8ff66f3b9c87633291153 |
| SHA1 | bb2ced40fb4339ed6cb9423a4690399c6a9fd5a4 |
| SHA256 | 6398a9aacaa3c46236e11b6a9024b52cb7ec17c8b4d785734d5f069c3aad415e |
| SHA512 | 86a35f3a584e5aa59b4550fcbfee473c96d3d85fe7fc9574dea080316b7b7232e841615a12b98c9cc546c8c790444d551bb02985d3dbe8a78bdebd6495d75527 |
C:\Users\Admin\AppData\Local\Temp\QIYi.exe
| MD5 | 802cbc88878684b2d5f0efb597ad097e |
| SHA1 | 7e70aae08ef48f4176b156f0dd5f1ff0c78f1e50 |
| SHA256 | 39416475d21f78029411444da760fe46a6f8581dfa7934cf12d2f39d8608058d |
| SHA512 | bdce702740c9174c5b4ddc4dd20cba7a0521d5223ff8566fcbb09bb7a68d25d549239b15689d5afee69c7a718f1fb5380b3de079742df3ecea39d36723baa813 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp.exe
| MD5 | 78400b80acff055f4a2529bcb1cb9b4b |
| SHA1 | d5095769b3de80997c1620018405e4bba6b7de97 |
| SHA256 | eb5a6addbc172e2af062ad02aa9186ba8a5a30beecb16e8b3269c2ff019e5eeb |
| SHA512 | 6c27ab69df44f36119fabc8f8ceb9bda48e1648e21636b999cc617e732d0c7a0c8c3c202722dc7861b4aaa1072a83c239bae04f627271872dffccbd4e04155af |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile13.bmp.exe
| MD5 | 454bafd498d4f29632ff6b5107d191ca |
| SHA1 | 55f8ae43bf55231fb8ffafa17a3bf0829e0accca |
| SHA256 | 06280b24cf203f85c52518f66b64771a2278a65c4d3a8f474127145c9e761ae7 |
| SHA512 | 0338f08f627a204e43ea0f69e9b149fcc2283187f15fbfcaf98a28e53bb03a5fa6f15e613880e4d50ccd9719f1a2a6fe04fa4292b5f5bf34aa706423666cd714 |
C:\Users\Admin\AppData\Local\Temp\dsEkMQgA.bat
| MD5 | cbd37ff8565e285f26692fd9ee4a9687 |
| SHA1 | 1ea9f976e51c6f01547233ccc3d52f31e9685c34 |
| SHA256 | 751878963462fc953c46148901e3667db4e17a43e546da7f5cd3d6a332976294 |
| SHA512 | 48ed85986f66d61b4c9a512954a8e17ec45c8b2d468e9c15b7a4b9b3ad45a79cc12c01e95fff2d7feaac5a6f0a20dde081699cd1e5de90211d458becd9e4b348 |
C:\Users\Admin\AppData\Local\Temp\Ssom.exe
| MD5 | 409cbefef355bd2004187653a3229907 |
| SHA1 | 237a786938e6602ffb81f3505567716022c31b5b |
| SHA256 | f830e263b808c7ccb882bcef1098e4b82b6e8402a87e7c5c072d20ade308e071 |
| SHA512 | 34b0e0097a942851f4741a864ad6ab47ca5e9653f13451637f373b4b7700662df6f86b642ea718e24b37f196d328053eb63261b6961a3654a10735b44d5e3df4 |
C:\Users\Admin\AppData\Local\Temp\SkMG.exe
| MD5 | 9b6e6a622a0bbab7d9cd3f7e3823015e |
| SHA1 | 6f3ef70a42e30190ab27fc78c29f864747c0ff94 |
| SHA256 | 3f6023f72871cd0385ce40bf79aafd1aec90448d11f64dab87ec3a2f78953dd3 |
| SHA512 | b2e05446662d1a6772cff4bad543c0d2cbd388f7debf59730dcbdfe6bdc9effbe0802f7d75ccfb5b7ebbf9f443bbd4ed735c4ff315f59ab6736d29a41fc43917 |
C:\Users\Admin\AppData\Local\Temp\MEEy.exe
| MD5 | 12aa0b26e21a02d6adf53c274edb3c62 |
| SHA1 | f0e10bf6001a289a6a08d2a8bae1a8414418165e |
| SHA256 | 84b05a36f4100b6eaf85c993c0abb73dbbb35cd30edc23fc0d7252a7d837fef3 |
| SHA512 | a8f32da59beb63b2177d97a73bf2b8d117557d3eb8544cdb10b70838e17299a95a8c0c328b01a534f921b86b50dda3995e617efaea85139d6ae2f22970c75ce9 |
C:\Users\Admin\AppData\Local\Temp\wsIm.exe
| MD5 | 16712563ec7d55e4e54ddc879dbd668b |
| SHA1 | 16620e8b885b31ecfdcab7ad1840b1c49352b363 |
| SHA256 | 729f447b12a77b925c97e573bd42e2b691623aac5c0d6b5a5f37b108fd180d0b |
| SHA512 | e6119c4c9cef13db06a067c25309558a539f2281f3d84aa51fc8862918d54850a8f50d615146cfdcf2df79d5b1b37e82248cfd9b996c0e42d84d8890bdedd4b5 |
C:\Users\Admin\AppData\Local\Temp\BcMwkMAs.bat
| MD5 | b2211f44e6cd11ab0dab03b2d96ed561 |
| SHA1 | f5fea68ca49af69d08fe842969459480c4201b01 |
| SHA256 | 0cc9f77f200b815afdd49e1799f9bc6a83200d02e376d2c26efddb2aad26d5f7 |
| SHA512 | 6076276b9eb6b2212bf7c5ce10057032cd30f9ac279bad96bd5a7827db3cb5602c2772699092ee05ac1201cb6b8b86df6819bc91c2e6eddd36b4a0354b95d424 |
C:\Users\Admin\AppData\Local\Temp\UsMI.exe
| MD5 | fda86874dbd87a390bea4da759a10412 |
| SHA1 | b6a5035c5fb0b6733474ac2789063dd2abaed803 |
| SHA256 | 288b865c87cd08b2a12c66a059174a0024eea2b75bd9265842b3f49cc5c309e7 |
| SHA512 | 9d66a98955870168cc108bace076422b3419914fa2f54e63dd548fb9dfe2cddd2e9f6b8ae3eca2190d2781b39328c5d27895e2ef247b3511c36dd5ae189316c7 |
C:\Users\Admin\AppData\Local\Temp\GogE.exe
| MD5 | a61a615664890f25444f0871726e0369 |
| SHA1 | 214bbd068862d37fe42c5d1bee5376580367b138 |
| SHA256 | 463c2ac24b05279820ba89844bffca89792b8b481f4996228d263adbce71cf25 |
| SHA512 | d12de3de7a482f53b62e90440b03886f491dbd732d72ab34998884831ce287356c9d77bb32bf60354f2a4f9929d8432eb29f3f5ebb7138a00796d25519e20bd3 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile21.bmp.exe
| MD5 | 69e3bf428011335456151253e3ed8e45 |
| SHA1 | a77d4c59816e2725628555b33835525d6bef4567 |
| SHA256 | 3dd553edbfda4981343bf41ee551cb39314e6d6f261e3c14e9e417e7cf531252 |
| SHA512 | ae253e6046d60c764ae2f4cbacbe314c527382f57e757d68be35845c42a08812b106ee181032afbe77e813618998d6b9e424905fbe4a4d86d2da296df91a4aa8 |
C:\Users\Admin\AppData\Local\Temp\eMQw.exe
| MD5 | 92f6eac09d3a44956829d4626eff9472 |
| SHA1 | 045b080ce2a96ac678634ee555b183d5989ede2a |
| SHA256 | f4a7f46c601f72e2b81ef7f20b6835b5ae8c77a4d1eaa4ed6ffd0c24e7cc0239 |
| SHA512 | 713a15104f782a71208083c16cd87d5dc7eabb5fc0ebe25674492b1045597bb209c413c794d580baead5f511a10fccf75f7c991815c52e9214193bc4773e2974 |
C:\Users\Admin\AppData\Local\Temp\UMQO.exe
| MD5 | 4abedb3ba2930f39adfa59de8c47f031 |
| SHA1 | 032c27efe2d9afe404f50a6ca8f572e1b3c203de |
| SHA256 | f5ddbb77d05a37f8c0e8c4f355ee62cb825d3dcf11ecf066764bb900b3b67d89 |
| SHA512 | 4f047e31171d802af425109015af3e2dbe0b32c1190d58db98a2ede1d10855d57f59e66e92338373b60450092201702d5069755aa349b76fdffcc1058fa6176d |
C:\Users\Admin\AppData\Local\Temp\eEsE.exe
| MD5 | 28460281e38ecc6ab657c5b850047585 |
| SHA1 | a474a158f5d151556bfb9911b267658b8e6328b7 |
| SHA256 | 1b98ceb5b287fa775563b58aaf75590ae0563bd5be6e43972e03bb5047b737d0 |
| SHA512 | b960db8a33f62eb00a73db6e3df371c6c19b113b78f4d42f0f8c264aef503ef22dfe73c48244f9cfe2788a636dd2cf4853cd613e250d9f16a8f4a89fdf2e467e |
C:\Users\Admin\AppData\Local\Temp\IooM.exe
| MD5 | c5825b7d3a16626999a2e0816c35ce2c |
| SHA1 | 831ed2a4472e4177a13166271f95320556b3f6b8 |
| SHA256 | 82ad1447daad6e6a43fc9732c4e89cad9c33288dd7f5da486ff9e173ac1a0524 |
| SHA512 | 3accae9c73097a56e93209813c2bbea497dd815dd52611d0f94ec67009ee0f1ca5c3a96252f7cfae777fe3c818bb27358858d8699bf473e180f22313cee102b0 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp.exe
| MD5 | 40369e4f7c673e4e7b86f280484c9c4c |
| SHA1 | 462d96db4062383ddc82c077efd926167c687152 |
| SHA256 | ceff4dc5b5c2a46769edaa8434055a004a45bc1b42a1819b02f83a2bc36fa47b |
| SHA512 | ef3a66728cf62d4c512497d46ceda0541fe86e7a3bd8c6e29394e61972ed57679a3fe0864434b7c021408c3dc6eeb220f0282af5ddf6ecf8794080929a781c83 |
C:\Users\Admin\AppData\Local\Temp\kwME.exe
| MD5 | aef10b4e85fa6f0ccb23d7fde33a27cf |
| SHA1 | 842fe54554a1b0829edfa0b61bc436a12d5588da |
| SHA256 | 3d5563af8160e5b567c95c5f3cb73b0a5465e0175e641dff12d1fb46e0fab868 |
| SHA512 | 9df6b797b96716cb97b5af666db718ff5d698fde97835b167c3f47a49a90c7caab1f762a366f904414778617c8fe95df398dfc6993291460512cab3b3a2eadb9 |
C:\Users\Admin\AppData\Local\Temp\FYQgwAEo.bat
| MD5 | 87922251bfd58c5494aa4694262a3802 |
| SHA1 | 89eb2600724a549647595d8b82b3f0cb0859634b |
| SHA256 | 95055f3d9b73cb220ab9f39084fbf1018d119be7e90566d509221066bb2dc1f0 |
| SHA512 | 56963a15fa5d1bb25bc63fc57f8f360e5e05150a3fa5a987810ad32f84359c6c4da7f14fa2aee9582abdcdb4935418c5cd16c804287efb1ec792cb3d71c6d506 |
C:\Users\Admin\AppData\Local\Temp\YoUa.exe
| MD5 | 564e869f32dc2d669ce4e1371c34f62f |
| SHA1 | 09d1336e130fe185045288711e9393567af9cf3f |
| SHA256 | de5e23abe8fd8e6945c0464c343c58a840132b3d1f263c2e9d9367b95944f1f9 |
| SHA512 | 449e3b8468a54f00a86af75b44957cbb67b25de149317a9e81183f7d61505ceba7e111cea1a8d53fa79b1151654403d532c4fabdcd5144de890a0232c716a7b4 |
C:\Users\Admin\AppData\Local\Temp\CggC.exe
| MD5 | c60d32cda5bb08baa6c60f367959b455 |
| SHA1 | e012f4cdd2a3db7c8acb5cebf8fc6c09d373977c |
| SHA256 | 565be704a48d2848dab818955a26fc3123942b9ebcc0e2f04e2f02281a680808 |
| SHA512 | b9b025c53ba08fed10c5e160b52d66246ad0e89702aceb917d8e8e7f0c7bbaeb6fe99b87f52a93a38b67799fee2a1dcde098b3e3fd3671de3fe928aef9dccae7 |
C:\Users\Admin\AppData\Local\Temp\kUYu.exe
| MD5 | cc0dec1d1cfb1019e763baaafe2dad41 |
| SHA1 | 6f5308b2dd8df41459c33973e596e7bc2e7ef7e6 |
| SHA256 | d92547e373e0f01101f617020f5901f57c821a55cd56b45c6e17b7e6cefb857c |
| SHA512 | 7a4334dcf8df2ba16aa20d3364fe5c76e2a725b0d8c92bc11a599e00e302c5e972fc4c46c2a0ef61f06e258bc10e5e2354d5451c4c0a8eec00fd1a9fe74da062 |
C:\Users\Admin\AppData\Local\Temp\wkom.exe
| MD5 | 7d6ab657d85ffbae1f6ca9e5615e6fa2 |
| SHA1 | 006d6902d34fddb2d91f09303ca82e99692a6926 |
| SHA256 | d3dc760b8ef0b739dd3f8348639ea963d0f41b5e4ed61f44069f2ee32c318d0c |
| SHA512 | 9d14904168662c50a42e3a1730a5177c6ef8ec805966b653497b6da1109cf042af7fb3cf92ef713389c11aadba56b22ee3746d2bb629945d7dec8dacf0e954c3 |
C:\Users\Admin\AppData\Local\Temp\baEoIoEY.bat
| MD5 | 10de8e5e9cfe9217ce270a2a12e86f05 |
| SHA1 | aa2e1d5be8952a5dfb283a81ed882c6f524472be |
| SHA256 | 38811b58076950b4203cb8553021a7cd5194de982c13f70508d58e742dc49a6b |
| SHA512 | 4ccd97337cb2f8b9f5695e7f914d983af5ee0a942939b4b347b16a0aaa0be39ca8caf2796f61b17f57a3fd6586ddaa6c1e2e69b7b524d6353ee2a2dae49b43ff |
C:\Users\Admin\AppData\Local\Temp\awwq.exe
| MD5 | d408f6adfce87ff3e484dbf19ccc6eb9 |
| SHA1 | ee6b16bea14cf6bb34d5cedfe52fcd6dd671012a |
| SHA256 | 048e1c6f9b52d4e9b17d52479c6a61c11fe61ae682f01343b0d55cfe7ad347b1 |
| SHA512 | 87d9526eb857ec68e5e42f772e2fd2e94be3b2427707161e6e816de63b15e4420a69da4a3ec4101e6baba71864b9500c671cc2b208ef0165e4c9d4cbe383a6e8 |
C:\Users\Admin\AppData\Local\Temp\scUi.exe
| MD5 | 4ca564e8f4598d80a0de61cd51409600 |
| SHA1 | 25cef32bc5b17039ed3e0c4ca3cea0c91adc4d81 |
| SHA256 | bb7463677e2cc511249d531784831dcf769021d6194672b25cc194b109edd369 |
| SHA512 | ed8d26f579fb3a2c7bd293e2c92bb28b80652eddc3b55bd75af9f7a221bca26617d05de1154b25d4c4daf7ec8d1d248e810ad20ad53b76d20a413b6b61550a07 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile36.bmp.exe
| MD5 | 779afd8786916ea5726b7bea7f75ca11 |
| SHA1 | a75130c9f132b5308b58c82be9411b186f57ec39 |
| SHA256 | 827bd3add69c98dd1f1e6e6714e3598621170ee215818d5d7f6a28b64737451f |
| SHA512 | 07a9d8111868f5a795cbc65ba49d134ce65cb404bf00273effcab39067d23de1f243a8f2bcc9bd98a6abe19b9855e20dba8347f5c8407659e6d6e1a5a3ad0dc3 |
C:\Users\Admin\AppData\Local\Temp\YWYwIQQI.bat
| MD5 | 824e327dc81ee2110447a7480b4c1d1d |
| SHA1 | c84ec01a09070916268bfc99f4c0b10c97b60c02 |
| SHA256 | 59013c17fb0d54dbb7ba6639154a43e57ce82cf3d0134f37e5558e50c8ed1dc6 |
| SHA512 | 676583c629063bb81503f95f462d0f4d21cb4bc558cddc20415cded70f109d53b2fc3e09918239ddb9cb347b89db8295588bee3fb372103b83a1b9b7143674a8 |
C:\Users\Admin\AppData\Local\Temp\ggoQ.exe
| MD5 | 83a77b35acf6fc4dbe1209d6ac249c24 |
| SHA1 | 013775b58b8e62d0643ac248a89d33b5dc5a9c51 |
| SHA256 | 87df8d35925020cf1ac428680d944438c3248cbc8eeec2a88843ef2fb2a4d1b5 |
| SHA512 | 0ea15a1a316a6d8e0f73512ca88fb7081636464b29a8f3b5fe16670b895f4bdee122ddfbdfb64642486f6029c53fe70f07e0e63a6363e57c3379acb95ebc22c6 |
C:\Users\Admin\AppData\Local\Temp\CwMi.exe
| MD5 | c0f54128e4cc1e478a4c961110307a3d |
| SHA1 | 0c0d4b0cf52555821beee48c2c8cf4e5dce6af81 |
| SHA256 | 211016eb2d2538c3a423236f09f6c8f5b70250ad470b8ba1f7697834a8064739 |
| SHA512 | ce9701b66563a311043e3b6ff8ed2e5759429fc69868229de1823db1214863da033f3d4c315a6bd4d2ad86c0990b7ec40ef2afc4e99e398814a43b0a41c5a447 |
C:\Users\Admin\AppData\Local\Temp\oUQk.exe
| MD5 | 5033a81343323951642e873cda93404a |
| SHA1 | 00a0c8b3f196a69031bcfe886e5e25edfe1ff387 |
| SHA256 | 3b8df61583b9e6d9d02da640979f4d0565e936c5fdba048e6c28a28ade511ff3 |
| SHA512 | 5d9ceda8f7ace5b65dbe903be0194a764e8aee18adafb64cb3a5216c9a75c1e74d1f737ab9602eb5c673dd49434e3e4f2f0df0299f9fbb207566a38e17338b1b |
C:\Users\Admin\AppData\Local\Temp\wIwK.exe
| MD5 | 2504addb3681dfe84740d00c25534210 |
| SHA1 | 54ee6cbe0eb2696204997eb1a7a95aeafc53f229 |
| SHA256 | 0c7a10773e0d4d197a60a17c7d209f14c39a7addbaaf8c215443724f4f8e050f |
| SHA512 | f38314b06fa887e7bcd1c1831f63bd5ee56f911211e18ca873d2bd7b87e592069bec4d029e37c043b475500071625ecf1139fb4ee6fb06ee4e7e7c168f2a38a2 |
C:\Users\Admin\AppData\Local\Temp\QMwK.exe
| MD5 | 8ca6ac87205f2467f679f69ee276f7b6 |
| SHA1 | 8e75a66d281fd2ebd2e1668a3365f8725c267be3 |
| SHA256 | 7d6e12614b85c297e7e223e7e68199a67bd114de3dddb5641f1d65095347a878 |
| SHA512 | dde8ffc500bf75d5161df9f9391b28ccd33838b795fbfb0045f381cbf1fd6fc9e5510e5554a7dcbb2aa1180c95ee9187b45062930bb13c5d7878925a2657295c |
C:\Users\Admin\AppData\Local\Temp\EMkMQIck.bat
| MD5 | 9ed855af11d17e5d413149d11d3568b1 |
| SHA1 | 350060cb4ca19cecb9935b0ed1d8563862e2af5f |
| SHA256 | c205f8fab299f15ffcfd4ec7eded56cf2a2327124a4315b6e8d433c09cf3f645 |
| SHA512 | a96971d2c7b1e9e79a0367288963e690aaeadce570b57eb274a33373a8f0d17ec2a6106f6b3a4ca3582e8e276aae2e0bf044110308de8eede39a95d658de4f11 |
C:\Users\Admin\AppData\Local\Temp\Qkou.exe
| MD5 | 553dbfc50e921de207ead6cc18944611 |
| SHA1 | 177667d14f3f5602b93b343e6cd7fab508284762 |
| SHA256 | 69f6ffe915fde671a3f094baf05e00774d9e28682ca2002f518ccee96b7eecdf |
| SHA512 | bd093b08197c009e17e5cd6b97053f13534b497b01a7805138ed0f5651e2675d1e6eef406cd1034e5d7f67ae4cdce782a263734b7caf75e8d66cbb6db8b8deaf |
C:\Users\Admin\AppData\Local\Temp\GQQa.exe
| MD5 | 47c51058a8879e2b4a8dbe1acadecba9 |
| SHA1 | 3597303c7beeabdf9b7b7bd2b9b0815aa6f73d8a |
| SHA256 | e5698072603f9e9480edc0dd0dd2fc2b9dbf690d4cef44929977168e03643a00 |
| SHA512 | 43cc767276df9b2fd40a8c30b9f3dda6ff3060411a01e0ab0b5a243c25dc7ec0685a7c719732dc62a41854979d8c20a84b5b2cb545c71991b3fc1d2f93172ebb |
C:\Users\Admin\AppData\Local\Temp\IwEy.exe
| MD5 | c3c3e9f97b941daf5633c19c995e77a2 |
| SHA1 | e1b6ee1ce56dc3ce02693347e8bb96bf8b863008 |
| SHA256 | 28f71aadf33e73e7598a5eba90f98c007e770b492a1276b5dbf188f656eafe26 |
| SHA512 | 50212bc474ee0ef0a276c64b7e8a3b725f27a47549296626699328b5b491686fdf6e6d7e24b975074ff27cd117ebed264ee398a5ebacbf706c81d2723c8ca198 |
C:\Users\Admin\AppData\Local\Temp\AQoA.exe
| MD5 | f1f18d2cb9de089c2423865326c9a68f |
| SHA1 | 3e09afffcb1e4ed91e3883077f5340ee0ed12c9e |
| SHA256 | f3b054c98bd9594a347be2c7a01548dc353538059b6f28000192ef957abbc18e |
| SHA512 | d204a4e095aed16418a016fe207b2448bccc4eb404cfa80d46c9f7b3033c7ddee40cca4c0806f5aac99807cfb3a8e327e97ca1d23df188d948cfe54638b994cf |
C:\Users\Admin\AppData\Local\Temp\KckW.exe
| MD5 | 006f7e8724aba89d6e6a3175db521c48 |
| SHA1 | 83c3e405a72dc2e2d14647e8e44ede99a9280aaf |
| SHA256 | 1817e869c2616beed71b64c10d3a67bcf2c3484c93370d16b05363df01fb51cb |
| SHA512 | a9fc23705db848f7cb0408bcf7e151464031281a820829a9a3bf8b58a954c01aa224447fd724da0beddc1da0f1562decde8fc7b35d3b088387c6f76568266c02 |
C:\Users\Admin\AppData\Local\Temp\yyIIEIIs.bat
| MD5 | d39d8c122c684eeaa6d4fa48be4d2703 |
| SHA1 | 0e7e15326ceb11d9a67b718e88547183af46ae1b |
| SHA256 | 515dad6fad3cea5baa7ac31b7c7f5bac2fffbb50309bba09e31610a5ea726921 |
| SHA512 | 6f9acb6d34e8f691135ff6ef91ae3e45fcaf40082094cfef8458241494bf6e0ff399f7f6898ee64676ae208b4a4d74204e7070cee71d9b4b6d97d948e18640c4 |
C:\Users\Admin\AppData\Local\Temp\mYYY.exe
| MD5 | 738312554acc6d63a7870868de2bbe6e |
| SHA1 | 68156c5791a709858bf3cc37b8af391820a08c7c |
| SHA256 | 0c557529b7e5f31fc4ff4fd0119e53ba665a08f45f5a24f3c13517142f7435ec |
| SHA512 | ab0b1f13cdd06a2110056c7af87ba8494a4f386a486e69d884a08bc80b4a7f67a85e6a7c03940f5bec01c82786d1d6680556b03e0ddbcf5020bcc5173ef843d9 |
C:\Users\Admin\AppData\Local\Temp\MgMq.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\cYsk.exe
| MD5 | 7dcdf362f01baa09ffcbb6f0f75c1c9b |
| SHA1 | 070484f95a8ec111841a023af06807fd17126a86 |
| SHA256 | 68f7b4fb8b4761f8e954faf74a564b9d10dcb2c6c02e18f344cc6318d5fcb3aa |
| SHA512 | b0832507ac731db5bf057d6cb63502cf9db1e10b664f9cac6e60cc4aad833cc7f582fc8df764e3de76f8b2c2fb3ed01938261d2a329e01a49eebc51991aaebe2 |
C:\Users\Admin\AppData\Local\Temp\uMcE.exe
| MD5 | 52d896ab4face91ac398c36b75eb29b6 |
| SHA1 | 2b9b6005b2cd5bf9911d97d5c85bf9be4a29233e |
| SHA256 | 7af3b5b8514c898562e6bd2e64796873d3ed253ee7aea0d7f950feb7758df245 |
| SHA512 | 3160d4cef767d806388eb771148c2cda0a94be2f3ae680061141d6775186b9520db01d9dee0cfcfcdc9593da7de381842fe476c7ab48e077e6f539edaaf0c168 |
C:\Users\Admin\AppData\Local\Temp\Ekku.exe
| MD5 | 2cda016a1c2ddbc08c3a58706e9adf33 |
| SHA1 | 02ebb94ec49c67f270450e3bd36c82b2e6e46a18 |
| SHA256 | 55ee1dc6a629276824a225e6a18ace5705575950886a5df2df8a403ff32af682 |
| SHA512 | 4aa07aac7511760fc7f511f804349c9fc01003863f90d304f3d9cddfdd25049073a7c937585df62340e1f18cf2b069ecd6405d5a26ba37b0d306663ad2c79180 |
C:\Users\Admin\AppData\Local\Temp\SsMsgYAI.bat
| MD5 | 1c1ca1b9d5ae7a410ed04fd237d148ec |
| SHA1 | 54cffaa5725eb3e74d0a2f506d0b834945f3eabf |
| SHA256 | 76bccebf123fcf89339d5e8c80c1c94a492cce48796e517690ce361838aa2e0b |
| SHA512 | 3d9c526016901a1be00079e92a03ef91dc6870b97c6afd2d0a9a0629a893aa3a8c678a66fa1f6589c96c2e852d762b85435962b4b2a6e9b2183f3d2e50808892 |
C:\Users\Admin\AppData\Local\Temp\sUkO.exe
| MD5 | 037b43300619cdce254a9e967f791af7 |
| SHA1 | 1b7503885e244d7e329f62651df3d4c8cf022980 |
| SHA256 | d10b8b1222d144cf518e27067a4f1ba639ff3d98d291c1040258222a451a90d4 |
| SHA512 | 831f8280603bdcb110623c8a1041138e18c992843291c294e355904a64417e53172c9cf1fe94ff23614ec209340e6976e5624caf1d9f695b3b5a634bee269086 |
memory/2332-2022-0x00000000775E0000-0x00000000776FF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\DAMEAcEM.bat
| MD5 | 9335348150b91953f44a4c4a1b6bfd07 |
| SHA1 | 40e1d836a3ce6c3e0c1a26771e484d813fd6f4a7 |
| SHA256 | ebc84c38dc7646e1c55c2a8f494dbf40696796e0c7f5fd0625198c79f218b195 |
| SHA512 | 91f77bd3792ae9e70a6ddcc44c4adc044bf433a7773a6f830c1b81bd0e775c925a2b6f7767a8be9c67ed703efec2e45f44cf649f9b9a68912e371dc03d1f4dec |
C:\Users\Admin\AppData\Local\Temp\PWwcEcUg.bat
| MD5 | 1994a59a160516c9eabb24742ea8e36d |
| SHA1 | c7a1260ebcb5ecb16496c26b05c6ed50f50f4c95 |
| SHA256 | 69baade98ae4b1b9a7e83bb04cd0404daaece6b498de60e6a71a878da9bf0c98 |
| SHA512 | 7d0e445eb6b0b3b331cc4ae7fc525d37607502e5cf689ecc4e799be01bed350e72bcd1894f1082924e9ee412ffbc6fde2e10e8bf8fd8368bcdcdad772b858060 |
C:\Users\Admin\AppData\Local\Temp\BwEUAgsk.bat
| MD5 | 48fd8c9912d0cdfef22f6f4bc5d08787 |
| SHA1 | d016b13a42fc099005f7674fc5442813841ee8c5 |
| SHA256 | c0cfa1e0f5ac243a4d15cd573590c07dfcff168c5166d47036baca08b7e09f3b |
| SHA512 | 1079d51dcbe6de70930c23bd5783fff15a9f4d9050473284288ec5199bc88f6164ea8a0da4e93e3019c51cb080b2055a3e7eca113a7dc8040bea5451ca2855a4 |
C:\Users\Admin\AppData\Local\Temp\VKwoggYw.bat
| MD5 | afc235e71e8332b8caa48cd37f751e3d |
| SHA1 | 8ad67054030eb017654e5c0108d0d7df72df6c1c |
| SHA256 | ccbc505339d1c9900847884ddf6697d7f8d483302eeb4ec97752955b5fd99aec |
| SHA512 | 6c78e25e61be8f489d911c7db630de33acef68c500b6c6210a7c342d87ec8fafc82b9c20330991bdb779122294404a701d2ad11aa349af549937015297b96a63 |
C:\Users\Admin\AppData\Local\Temp\oeoEMkUg.bat
| MD5 | 6b970da625191b7ad2b41ed8b9401913 |
| SHA1 | 0b4bc4132d48b147ce41069463224c2a604695cb |
| SHA256 | 3bbb63b1e9978ecd1988271876300942eb95d4083ec4b6109fdc7218d787e407 |
| SHA512 | b446e346be5fedf34ec6e7011f1e10db2257cc39f14afa313aef0b5e73b71ff206ff70d0d0d63bbf6455efcf0e85245867117acc90ca208dbed9aa1d536dc00b |
C:\Users\Admin\AppData\Local\Temp\cAkkIwcI.bat
| MD5 | 8b353ee968b65097ef955d4d50fed82c |
| SHA1 | 86c5d9e9c6a5741ddbe68b9493a524275e027c80 |
| SHA256 | 583cd6a8b6630c6b730e5ddb7caff78826d47b2fd5b3109611d40f11d0cc02b5 |
| SHA512 | 28988a9dd5a48c3a17628e9a02a36f3af1177949c49ea4f2eafb0ed6face830c87692b4f9bfa3fba44d3f0eeba2d52d6ee445009d9cce64b4a1df7dd3bc0913f |
C:\Users\Admin\AppData\Local\Temp\WaAMgQsc.bat
| MD5 | d52d18927d90d737a8a142e4f3b8dab7 |
| SHA1 | a578947a659060e2d723a3bec215efbef06df73f |
| SHA256 | 8732d3a9c1a4d85a3f40b7565e0535ab0f2cb61c353fc214f58cbd4a36b1689f |
| SHA512 | 759a40c893833c8fe76de71786374f9e22e461b983486531b1fb1caa90a6f24d3cc679846018f8f9d6e553ed1688e87d09a6aa91dee505a6b1bd328152cb79e9 |
C:\Users\Admin\AppData\Local\Temp\AssckUQw.bat
| MD5 | cbbac791e371c0a8e534eea72a2bfd81 |
| SHA1 | ddbe10839137ed4f837985283b3507a7269b2bf3 |
| SHA256 | 294f77b8808be318dcff04271a82a3270923d605bb0c08463df4de1c3342a553 |
| SHA512 | 7ea13b52beac2457afc66184347f8452df51f6f4d9feff1a0f3d10cd8902eabefd8ff7548b3b90ccd1fa654a26269960be1b7420bd2ce7a01b8422d087cecc11 |
C:\Users\Admin\AppData\Local\Temp\VQkkIUkI.bat
| MD5 | bb07befebb18489a79b8089b544074ed |
| SHA1 | f1ba62b4003a0702dca848ac387ffb0098b7f83c |
| SHA256 | e07df0037afb2f5e882e2a81d2105d8090e324917ed3d5efc8fa036047a2460a |
| SHA512 | 2002cead60a4103b3424ff9fdd7ea4d48fc9aee91fce47ac31fe022ea2b56af1d3da6b7beb6bc0da7ce0fe6c30e831a74e8e7e0190c2e89daadd763feef37b33 |
C:\Users\Admin\AppData\Local\Temp\lQQUUcks.bat
| MD5 | 74a3b80525de617898d0bee92e3aa2a0 |
| SHA1 | 70833597bd5e80ca9d138f0d3fb9ce6d845938df |
| SHA256 | d1b4b5c448382cbd7882ba871c4add7f53518dbb128e0b604a020e5844c1092f |
| SHA512 | 61c542341c6ac13a21c53de32f6aa456fd8f533efd774779709972af050a9928224bbdbe28fd045abfda015e7b1d9e6b7e0121d82e8a1daaf286a8cd31171624 |
C:\Users\Admin\AppData\Local\Temp\tecIcosI.bat
| MD5 | 9fa869ec05c9f5b24456d67662af4402 |
| SHA1 | 6a853c647276bfea3b9d7726820dfb12a5d98b5e |
| SHA256 | d38642c7d864325894d31144f0dd3fedcf3b7060064dfe2871976e152108a79e |
| SHA512 | 663f89078a9680f77ae828c71f1eea4a5c288acb51b2d02ccc662fac5be47f71dbd0411359e55c379c3f865c0e161f05a2903947bc51e46d054de5beee121a4d |
C:\Users\Admin\AppData\Local\Temp\JuAQEAoI.bat
| MD5 | 080b80e28e93fdcaeed83a78b119f710 |
| SHA1 | 9495f56bcfb560916426bf5dd752a5e95892d1ad |
| SHA256 | 15f973eda4d2bad228e7ca11450d06697ecd7a9fcad9cffff2642ee116facb83 |
| SHA512 | 329f780043c91ed35e922ac91ff87098533b6a5d28751499b43e10052b5a0aee56e720f8ea8d4d4b357774f4fb62e005c2cb1f05f90ec4a28cc30c53dc8bd164 |
C:\Users\Admin\AppData\Local\Temp\EwEy.exe
| MD5 | e1f259e102c2eb0642d86d4cdcc26a31 |
| SHA1 | 4e3b7e39c141dce38b418f478eb57739e5f0c6a2 |
| SHA256 | f94c7b15298de4307327c1878346a418dac666ce6d04eec5b257d8ad35208dd9 |
| SHA512 | 007afcb8e7449afd3cdf77526cb1234e7da330d0e6b257f487f7287a4c2350ee54b1859e00a0ee62e0e6c78ccd2fbf628f164b95d0e86a6884626b2999b04795 |
C:\Users\Admin\AppData\Local\Temp\gcks.exe
| MD5 | 1bb6bd4a5ecc8434bc591c454f99b9a4 |
| SHA1 | b31553589d3d06c64d8d85a9b12ccb5b601815e8 |
| SHA256 | 7d81db92f21976a3337ce94246cdce80653e53d6d0d755d7bba47c5c7272f12f |
| SHA512 | 7215fe08249f789adbac59645995d6f554d02cb4b172ac5e39cdefe33167db3b27d1174d1e69105176eabb2c7ec8a2d158866dea5dea23b2e94ee0829b0922c1 |
C:\Users\Admin\AppData\Local\Temp\esYO.exe
| MD5 | 17e4d721697cb84935de8b4cee9567b7 |
| SHA1 | bcb9688df70dab17bf260e0966cd25c11637ed7f |
| SHA256 | d4e6c3241768580be96549103054eec70aa5d800fffcc1249493ec98d958fcf6 |
| SHA512 | a05a0347871d5469f7086192abb6826630c7bf950ca20bd19eccde7a391b7ed2cf1e3d59eb581280851dd6198e91196fb4ec7f4633d14659f31fd9fdd9cf48ba |
C:\Users\Admin\AppData\Local\Temp\ukQc.exe
| MD5 | 8853f652a7c1d16a592be3e60a49d443 |
| SHA1 | 5a07379286f93f548014ccfa193b7954e22f7af1 |
| SHA256 | 15c75f9f332993467e4d18f1b458fb68170fefe3b7f11b46c45802fe10d65f08 |
| SHA512 | 94b71ca52bb93c5b0ddced0fb4dcd97ca2e514daa8f7d1d786502dcf6982e26997b2ce170f8400b9d7444a0d27a8c87e6fe96202a54f255f6ec6185adfa45cca |
C:\Users\Admin\AppData\Local\Temp\yMAS.exe
| MD5 | ec446cac8b09b113802aeb5699709abc |
| SHA1 | ed911b86d126585221a2c05e8b864826faeccfd1 |
| SHA256 | 594521c01dec39ad3017865f51ec40b79be90fddaf044a83c7080cba8cf5fc7c |
| SHA512 | b0393dd3fb5f475c3ef557ef6baf83473e0fa093c5f305a55885cddb9d735a4f04a9c98d26b703afdd96d1d5e08be8e1a50865ffb77334af82b04d730ba1382b |
C:\Users\Admin\AppData\Local\Temp\qYYG.exe
| MD5 | fe0dc0c4b63da6bb358cee0aea5dca27 |
| SHA1 | f92bb702a9d1460de43a2c64f3b0c2ab34aaf315 |
| SHA256 | 84a89dbb3c5a6ffb6863529d2191317f5fe583f6071bd267785ea22fa7b8f70f |
| SHA512 | 87597f4085f924593cae8a015b562891addbe47e0e854cc8e91b5f07c077f31b8a83debb409e5e9085b5e72df873983a17367935344bdbe19f92b260e39483f0 |
C:\Users\Admin\AppData\Local\Temp\iIkQwoAM.bat
| MD5 | b4455ef02e95118178ea85b6085684d7 |
| SHA1 | de141b267adf36d2e9b2ce71db767542de2e065a |
| SHA256 | dd039b735ce4cde0d4814beb3b0dcc68abc866ebbbeda7ef25ce7df19dda093c |
| SHA512 | 5a8c2686d7b8cb5ad642a3769e246991c6a013c766884d48f425703a8eabdaba8d2eb841ae809a80549fbe710d1bd06f431138691ca8cd17f6e3487bedf64dae |
C:\Users\Admin\AppData\Local\Temp\ksAC.exe
| MD5 | 4838d1f3906e69d9e9fc4c1a90198937 |
| SHA1 | 2590dc5118485424c3efa86ac05068913d283103 |
| SHA256 | efe4fd2d28f8146315ad3c0543746e2217230377d46ded84171f8cdd5c76908a |
| SHA512 | 053aab25f47fe4a982e4e407ee85a6bce8228ada0c64d3eb332059c2c54cb6c73c6a0e0bffa781513186bbb8a1ce017e529ff86b563cf31fc7690a2477a6fe22 |
C:\Users\Admin\AppData\Local\Temp\SwYy.exe
| MD5 | e662d53bfef69df9fc4933a5110615a4 |
| SHA1 | 799509039c1d3e34cd78cd02e6b07907107ec005 |
| SHA256 | bd25214c2cf8b0ca7aa5c7b7eb887d9ea7bbf433bdc0634e3cfe2b1ca56531a0 |
| SHA512 | 9f5fbc401bfdc83c55324f6e13076b9d386d841ab11a3bd2be35c9fddf386903df734108ab04de9b6552b3d84b5154dc2716e476e05ed93c927091229ecc3242 |
C:\Users\Admin\AppData\Local\Temp\IYkq.exe
| MD5 | f9674e9c36df3582479d2023faf9dac0 |
| SHA1 | e23ea769278b302d253dc34fe396f43f418cc528 |
| SHA256 | d66364bc4190f2bac77857f5e394da139146e7f2542aaf4c704db080db4dc0ad |
| SHA512 | 39041ed9a8b522a294b4a4518074309b72f17046eb2c7e2a23b36bd1fed938827d911dbd5484c7305bc756a1734d9f08abe7a9782821b8a2fdc779ae84d1b480 |
C:\Users\Admin\AppData\Local\Temp\oUki.exe
| MD5 | 195791862750535eae0d1a922a70c91f |
| SHA1 | c2bb65d89a8788d69297dd75f645b17d335ff5cb |
| SHA256 | 2c66ba29cfa76250eca062ac6430f925bbec27c8aa734226d02b1c9de02768f0 |
| SHA512 | 6ad9e3ac302883b1a875a33ee978dab964ffc9f1082c895f3f1eac4334e3ba03e71557f7a2ac5971b99b980b3ca22b8325bdf583c90d05883f3796449f044f5c |
C:\Users\Admin\AppData\Local\Temp\gOMkYoEU.bat
| MD5 | bef7ef6d0c0d879a0b76327a7db76bb7 |
| SHA1 | 42b78f62f2c8975096a0032ce1b96eb29e62f02f |
| SHA256 | bc84c859eded51271cbec6fa31f3451c92c18cb527e1860e713bd21174641b43 |
| SHA512 | 52e3d4e0224bc8496b80fe4ac24178c5f618542c13aa392dbdc0e4f379da1a3f852cac58165bb69b8914d23273263e7c451ee4333e62343ff65a6b7cff2a5b06 |
C:\Users\Admin\AppData\Local\Temp\YcMu.exe
| MD5 | a6cfcc367664c819e095ddea7ae60354 |
| SHA1 | 23210c9b2b702118f70236cabb778943fa8a6e6d |
| SHA256 | 394cb26a7d3c9adfb6648189d07c774aaebda3e8c6f3897e3748ed6f73a4d2c6 |
| SHA512 | 744756dce074f2cb5989c3f7e6386243e7e8f7bee5aced4fda934345c1489eea3236b410e6737b0b9fcad501312cbc0c147861340b0bf0c3c21dd437d65fc357 |
C:\Users\Admin\AppData\Local\Temp\KYIo.exe
| MD5 | 659c92bf9cddc5abe5a0cc3cdd711ba5 |
| SHA1 | 75852a557e93eafee24b76ed8664f6f701598dd2 |
| SHA256 | 5bf74d09631646436ebf41bd305d1e61948af56ed411188fa1fc6240039e6b64 |
| SHA512 | 6e5859179e582dd5e7aca2a98e13600b5910f81c6c2c24c854c35c9bdb7cc5545ae9ad8614a95539b12ad9d41d953975edca21328c9a675d053ce85f929d7c36 |
C:\Users\Admin\AppData\Local\Temp\IIkQ.exe
| MD5 | 126cf3bed367acb069ec0f59bef0b788 |
| SHA1 | a53dd192a0f895bac44c949c237f520143d271a1 |
| SHA256 | 78467b5238f219db62fbb270dee2bcbf4630498785b06ca6f99febf9cd7eef4b |
| SHA512 | 2b5767c8c047bbc3095873eeaf13e9f26c39bb49b4556b98fb17c1e035a87ce165cee15434dd63cf24e272751d7cfa66a0937be6e5d1245b51dea0594baea547 |
C:\Users\Admin\AppData\Local\Temp\SwUo.exe
| MD5 | 6a46bf67a5da443394666e3dd02827af |
| SHA1 | 82c55d918197adc3321f7c4ba8430b7aecbf7dfb |
| SHA256 | b95a7f4a547c1b122abad597bf36ecaf21d86b96c0db3252f5cf06722271e9f1 |
| SHA512 | e884fb9869b051f5006a89800db9f37f5ac68e0be3716321559409b703edcfcb8637bc28366dc48b5e1ec4bc58da5f471f2df71b2c6ff3e6e1eee1d849399edb |
C:\Users\Admin\AppData\Local\Temp\aKQscgYI.bat
| MD5 | 38c16bbb9507e228f53c6790fbd0e375 |
| SHA1 | 95d7fd14a434768c501bc4495a9ccb634930a3a9 |
| SHA256 | 75115548bfb659b8ff3fa8d7e029698947900182746ee38ebc8949dee3bdd884 |
| SHA512 | 65027ac0bf10388ae9f647f6fe097de65bd613e5f421f2b17266ec161b3091bcf1c7f82e5bec3476cb2e93c7995d9566c59d97734daccc9307bff8a5060a4575 |
C:\Users\Admin\AppData\Local\Temp\cowO.exe
| MD5 | 324684cdcb42d905081bdcc0d2a91c15 |
| SHA1 | 5fb5ad03ec0e1173d0feb0b588d988918282c766 |
| SHA256 | dca3059d436b4ffe25be33461b39ba7d750fbacc5854cfbb532ee0df51242a4f |
| SHA512 | a779a19dc9df2120283860ac6f115ddcc7c4bc32c1fc2b6e4dcce309270b3e5b93ba4822c70663c292efcc7c066dd0381b0257fbb2406648c40e9eb023489191 |
C:\Users\Admin\AppData\Local\Temp\IUEu.exe
| MD5 | 5e8f7501758f2a44edfd5d3f79325125 |
| SHA1 | 8bee2322905be12ef665a32376c323e7f8f53323 |
| SHA256 | 5cb5ccde83f32a58288ac1b64afb696d3d5af3ec305de547e46a239e9c58237c |
| SHA512 | 12e95a42e89d8594c68764d29632990098fe8710f5dd9e470d3898f980be7ef7b0807dc91ca08bf8ad9e9a7e6e3202ea9c1fa1b82b78b68d1bc98d4390107912 |
C:\Users\Admin\AppData\Local\Temp\GWEMQQQU.bat
| MD5 | fb5f512cd9cad45155edca31948721d8 |
| SHA1 | 0200cecbd98c2be9e05aa8a85743b7853b651a62 |
| SHA256 | 3ed4c59e02290e1c2b1c4bcd76072037f274c0c2fb3803b55ec0467180981a09 |
| SHA512 | 893fcd95a9b4f61c080202fca9f2eaa51b78ba96c471478e89c9c3b900cf0bb023dbf1d4ceea186c34a9c5e730d773f4a177a4277ecb19a0972919581a09452b |
C:\Users\Admin\AppData\Local\Temp\Csci.exe
| MD5 | b88cb0c7bf628072d7a3484e8547481b |
| SHA1 | 4fb633fb8c3d91955f12455307f83bdb09dfe5f9 |
| SHA256 | 9985d8c869bd4506472de8f6f3511448c301fedbe33b899ad83121e4c2491e99 |
| SHA512 | 5e7174ad291197f34d70f46690b8596ffff274d93dfd5e108cdf4078057cb4843138e6c6e7dc71ff4fb7c9a4e6b40e4cb54bd6cbc486579b0904494078fabfce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\192.png.exe
| MD5 | e2745ab60cabacac75ab63699fa96441 |
| SHA1 | 0d881585f8597ef5c11e51ae727153ad377bc9ac |
| SHA256 | 32464ca8f72d809895c9e536a830a31093bfb15f670c0837415613b7e7572021 |
| SHA512 | f6e226b42493bb142f93c0c28419a541d2d922d89f8228b2d2d5848bfcca9f947f1aaddd25b94666f73cbbe7e169ada0e2007ad9a53bbe0446cd587404f44c1a |
C:\Users\Admin\AppData\Local\Temp\AQEM.exe
| MD5 | b0694de06ee5ac9b7bc440975ca92f8a |
| SHA1 | d0cd911aa2a9b4946b4bc46c4e763933cd522f81 |
| SHA256 | 53910176516a56ecc84c1bcdc57aff4787759d01f675d39cc4d70ad83901d8cb |
| SHA512 | c590aa979f85ce202a198e9cdc93c08abf006522de074c05a0bfb626c95e4a77022b423873848fe2a947a79cf95c633a7e5e5dba3caf375001f5cfad2691ea8e |
C:\Users\Admin\AppData\Local\Temp\kAQM.exe
| MD5 | 4e24c3c89c08d6172e2bce5ff21c6eb1 |
| SHA1 | 520eca89abe88ec2e23232c2bbd2147f6587a21c |
| SHA256 | c084e0248ea4b75265f4184ee5d436a80c3592b968fea29d8bc9d36d1cdfc0c4 |
| SHA512 | eba26e379f568c812ef953f394b5a10525d79fe5db3c83eb7008cb4ad26255dc65bfbaba460d3b77c7c4bc71b6770057bb0b4fd8df983edb51db425f22651345 |
C:\Users\Admin\AppData\Local\Temp\OUUC.exe
| MD5 | 3fac521cc0e73a16dee8405f2ce65120 |
| SHA1 | c2c9476fff4985d53991c87c5e992614d3c53180 |
| SHA256 | 0aaf6b1331218dec1d5b1ba8006d0343e22610e61caae56493c3633507edc4ea |
| SHA512 | 8d0ed4c108b3c1e36f001397d0cf9e53d6491e691cac3fee5c3fd096a303a905260286040d1bab0c414ab5320e12c62937c7030e926bc345f53f450366438cfc |
C:\Users\Admin\AppData\Local\Temp\LiMoEQso.bat
| MD5 | ded0e24163c5484850d9fee2f8d8ffd9 |
| SHA1 | ae7a8679ed6ba56db24dedb057094d81d3fe808c |
| SHA256 | fe34a3620218ccc7c74a81c73d086fceb2a751d0dd0e8c1926fa6056f6c17acc |
| SHA512 | e657f3b07cb7a786cb7b44f1407743692786ba5d26b87675fcc9b72e39db80b6a73c6c8ee84cdeb687e176e1555569aeb3cb84d294d6dfd1985baf5702a26296 |
C:\Users\Admin\AppData\Local\Temp\ywUY.exe
| MD5 | 6b3875b8c8d5388abbdcdf6cd02d8940 |
| SHA1 | 6206a2b66c2858de5a67f12a308f98f8ce273005 |
| SHA256 | 0b1dda46f81497e8b06c509064873fa4ad078d9c0214acadb5f5ef7161133943 |
| SHA512 | b619460b6cc9cf1eb5f4066fa0175e48573634503e002c8c22806760968bf1bd2d2f95a8a6f312766163db3931f840db82fb447e58bcac2062596a2aef3b04f1 |
C:\Users\Admin\AppData\Local\Temp\EQQa.exe
| MD5 | c1aa5f11454bb57433ce57b8baf51477 |
| SHA1 | e662aa271a3e05a3554d31a24f91c5bf4691e1f2 |
| SHA256 | 135cd2ff290ff79af656bd9f04deb049be851e306ddb18197c89fd965b625cfa |
| SHA512 | 57a66fb6f4bd26780064d34033b1b5749bbdbaa51ca86762ed975e89c7ab7befdf9d1626f288a03256c21ca35166bb14549d493fc2eefbfa9877ffb542455c50 |
C:\Users\Admin\AppData\Local\Temp\wUAS.exe
| MD5 | 6e1d4272448d5692690aeb7d7696e310 |
| SHA1 | 173d1b053d1784dfd1677ff12b3ff2d3302efeba |
| SHA256 | c92a7376330462615f050fc2680839741df62a40233eaef80e0424cbe3018177 |
| SHA512 | 82744265100d29d78cdf11e8a585728b0463702e2c817fc88c743b175d74b008237394000c635c37f9e99e7b7875bea0a5aa2dbd8f1e10823b1bbe68936d5139 |
C:\Users\Admin\AppData\Local\Temp\goQm.exe
| MD5 | 0ecfe4cf1cd46b8feb94bf5449ff203b |
| SHA1 | d2ea81ec352f1f13d9abc8f24e9824abe09de1ec |
| SHA256 | 61b6eddf9a4e74612379ca390c3440ff4bf041e9244bd87f55c2456c9b376ea9 |
| SHA512 | 48648dfb2c5d58e75c0008c948cc7f5c957d01e3f35ad851641b51702e3037bdd93261b5fa1f43fa5e6f2f530722aaf8462e53efc331c59fa642df4e57b6a3b6 |
C:\Users\Admin\AppData\Local\Temp\xgYosYkE.bat
| MD5 | f5379c0c35ad8f72776ec5016e9db686 |
| SHA1 | 88d6cb750e20d5e3d3d8a9895a2adebffb8fa33d |
| SHA256 | c526b9613a714d20ea0e2367ca23cbe936ed75fed0173982f62351d98f332efa |
| SHA512 | 087f8dabfa802f6a96a4cdbf1c03a6cec7bc3f6d2efab829d5c2ec349174c38278bd20cdf4c905aece838ce437dc09b56bdf4860d68ed381258c36889dd2702c |
C:\Users\Admin\AppData\Local\Temp\OsQq.exe
| MD5 | 6c302799d402b401c28fbddb59b3a113 |
| SHA1 | a748ed115bfcc2cbe38b86f0ba9f8b853775b88d |
| SHA256 | fa0948e56045d80b8ccb9b566abc17dd07ddaa039614ac792f2969223bc1c3da |
| SHA512 | 4604e78a3a1f1713a85d9c3928c9af865c609b6448cb2ca8929ad2e60b730e0ad938242e48f624d1cc30c7a3a1ea255a9c0f37ae3095872b0d7f677662a3bd9d |
C:\Users\Admin\AppData\Local\Temp\yIEm.exe
| MD5 | 24b21bd8ba24555178ed6f15baa242bd |
| SHA1 | 5addce795a42fd7b5d273d16835133aa6ccb505c |
| SHA256 | b7c73cb888282d354625d8939625b9c0edebdb9356362551118f7fde13bfd258 |
| SHA512 | 7337eb8a665a60239b2f2c0b64fe4a3eccbefccbe78d92ae48585aa9f4e4eb607a215a6be604057e3435ba851d5d9722ea9eafc78e83fb31879651230dcd108b |
C:\Users\Admin\AppData\Local\Temp\bUEUYMEE.bat
| MD5 | 93d616ac07a2c4f81737d13cebf99ce9 |
| SHA1 | cb3dab2400284c1524a3f38b09408615ee498bb9 |
| SHA256 | fed2726e515a662abafffc51a9863a697cbceed8e3e3649e0ba7f8dd41dff711 |
| SHA512 | 2fe6d0f0e213ff2bdece5d4ee942febc8cad10f8f1f47ede161d6a5cb06e90c806abd53f4e3b7db1f76cbb0a16402df7f8d755af03e67fcbc29fb00356111946 |
C:\Users\Admin\AppData\Local\Temp\aoUq.exe
| MD5 | a49d90801fee9e63f430865f4dcfd3a7 |
| SHA1 | 4952310c3055d4ef536a1931053e29828ad7d655 |
| SHA256 | ef00940cc95a040c8f2bc4e2a1929ef7482a43f23bd15cd46bfd238a05f22c38 |
| SHA512 | f8642ee8c82b2c796aa44e1f8589ca26ea1e88eb35b22fd9ebde7b4b04b8eb017c5afe31ad98b9ce0c878e38f3adf5b19d0c4a7f13498aae9c9f9539550eecc6 |
C:\Users\Admin\AppData\Local\Temp\nIcIIcEY.bat
| MD5 | c01a99730c939d877843f38b40623456 |
| SHA1 | 8b15818e1b7276c784bc4303c31b0de20d651845 |
| SHA256 | fe0e73417d9921d82f1068b35041f65ce0447606f0003ca3f232bcab32a031aa |
| SHA512 | bfde9a07a3ed5702b678c6e2332c4b96c91969d43f64d4f3df2124ea9299d993de6c8c96eeeb45701d604be246e9a8e89a4b79eca2c71db5e5663c579f37d1f5 |
C:\Users\Admin\AppData\Local\Temp\IQIW.exe
| MD5 | 20f31c8eb8679dc4ccccf0025cf6e344 |
| SHA1 | 872025a8d9bad779e1961635f081f51d22d3edd7 |
| SHA256 | 7a9ddb3b788340af7b11036593ba9fe24417381a6e4d40c09a254b27cb5f6a8d |
| SHA512 | 07896dfc03ddcb6a78e30e2410354b8f717d7c7c2f79621cf8d0b963ccb6f3b8f25d0d195565ff10fb07f5f0fada31a6406cc2fe4a9c7c1da08b0a5b7eb71932 |
C:\Users\Admin\AppData\Local\Temp\ygsK.exe
| MD5 | 833d4b21a93bf96078acb887aca15ffe |
| SHA1 | e3d9faf35af0344f767e9a075616ed3c5d5694d9 |
| SHA256 | 399e75a3b2e14c44677d84835fee92f0cd781894a8a9f4ef729039cfee579292 |
| SHA512 | 930b498a72945f80ac817570b2a6baa5e15a77dc2a76bcdca5b45eed54f8dfbfee7bb11c877adbf60476f343ae39aaa9ff96acd326f68a064fe3c4e7a95d50c8 |
C:\Users\Admin\AppData\Local\Temp\EUMg.exe
| MD5 | 39aaa906f4df0d6b861c528135b1880b |
| SHA1 | 20428de48c43fd8032139a7de96b181522b40399 |
| SHA256 | c9c8da02abebcaf61229cdb95ffe9a49db0eace774f088e5dad1a2f1d0942b1f |
| SHA512 | d794c57f190da7e8becbbd8f5470dde06ff36cd89fc51d60da7903f3d4c5ae39c9c690836f83ed1b15ca76c03df77c5bdf70a07355e4be47f16edcaf2b040778 |
C:\Users\Admin\AppData\Local\Temp\NKUwUIMo.bat
| MD5 | 7d6d446cb1aaf6b07a5eb85c0a8c317f |
| SHA1 | 26dba1bfbe3b7edaabf867d54f2bedb4b82afcb7 |
| SHA256 | a084153af3c8688994232b28f25000ac2bf1f6ca2382590ec8a0ab955b5d3564 |
| SHA512 | ac9de3bffd8366680aa419d8aac75d14c0a6b780eb74d20eb8e9a35b6204e38429d66a31f6aff79e32cbabce8713f26ca8916880f35e9adc5347bebd967c5e3a |
C:\Users\Admin\AppData\Local\Temp\IMUM.exe
| MD5 | fee113e8ce0b6a90541aee28408472f9 |
| SHA1 | 986fef8b086c438fe5d915b2c82a82a81ae65c17 |
| SHA256 | 09c581f1f1f2a0e7bf0e3d7605d4f3ee4a86c9e51b73da63561c1743e2db7299 |
| SHA512 | 188aab77dd1df94ad4021f435b2302578d21ac47ee5ed7cc4439920ffec7c30b32e084503e0c154508a23466fc50d5a4ec8d6e81bf027e4460827d09cc74a4ad |
C:\Users\Admin\AppData\Local\Temp\qUQm.exe
| MD5 | 389815125d19d13f219a9cb41db60f36 |
| SHA1 | 813e714d55d683c75d6520e64191e41f7cbbcb5b |
| SHA256 | 3543f02a3f36c1568d2a014f65361f4189caad27ad027b52d06240b139a2815c |
| SHA512 | 65cbf92b55b1011406d8c46146db6f457f163830cba372d31cffbeb9e5fa5dd6a08d5003faa658fc09707388334473107c83155fb72691c76292b729316f8a13 |
C:\Users\Admin\AppData\Local\Temp\cEEm.exe
| MD5 | 2ff8362ba152333a839e50b752268e1a |
| SHA1 | f882180316c0471129be06b755a7c84ab9f49e9a |
| SHA256 | b7355e3d2737ce14beb9b5318c5b80a41333570c5a29faccc75938504f0aae40 |
| SHA512 | e7755eda745c7a358dca13e1cf0cc27268fc460f20f9facb10af3d876f78459937f259d3d40cb0ee9c27926fe61d87cd5d51882c248db749027e4dfd139cbb45 |
C:\Users\Admin\AppData\Local\Temp\mIgC.exe
| MD5 | c00e23d3afddbdf2116a3e377a0324b0 |
| SHA1 | 917f756b029903ca937847ab95231d5550529f23 |
| SHA256 | 24fda837f3457ea4618683e3040d9818695839f59d93c910c64905f937620fb6 |
| SHA512 | 300ec3a26efeb4e5ac69b3e454415d351b4014b0cd6d474e3c5f2aaa8c9f02f291fcb00f168f139c07681968f9674f3c8be699225bcaf8400ab80c8220427c46 |
C:\Users\Admin\AppData\Local\Temp\wAci.exe
| MD5 | bb4ee98e7bfd5a6a1c816cd0fc900f7d |
| SHA1 | 0a0e8a976fa96546521d61269038dd086cad3d3a |
| SHA256 | 36da28f893a89e250f8fab5a395df08cfc0797863afd21f222dda30aa308a839 |
| SHA512 | c74a6d51d4e76df16f9e27440aee4ff750212f44665eb3d6cff2eef44f234b74d968f2d0baf448ee199410ddd9c9c79e31de9c9d410683ee546abef55228493a |
C:\Users\Admin\AppData\Local\Temp\yWcAwsog.bat
| MD5 | 6a019eaeb982cf8452995e06681bf040 |
| SHA1 | 551de5d46526fa5197782312f4c534bc05e5f2fa |
| SHA256 | bf75492db101f326a22695e859a49109c15f2e3ec9802e2e3d208518264aa471 |
| SHA512 | fa828567fc5489cd9e0c183ae45a35f4abe0ddbec8a4b32f721bd421039240b2e4a7891ccc4a5d67b02f74705faa20b1449781ce0cab74b09cde9bb9396e6115 |
C:\Users\Admin\AppData\Local\Temp\YgQe.exe
| MD5 | 1dcfe1fd665d66f0dc3840850236ec15 |
| SHA1 | 9c2f48e5c4b1c7855d3e67fbf4450f16ccbb111c |
| SHA256 | bde58b0622b28bc2bcddd08d06a11378c319f86401418c028b49072d79a89207 |
| SHA512 | 2eef0087ad85c1a855b6196a477510d41f1081415db722c6571f13783186254112df667e1b2d45775f2e03cef0ef3c4f37312099c6a60b4e7a6c23ad6a45077e |
C:\Users\Admin\AppData\Local\Temp\KgQU.exe
| MD5 | b4a0371524fcaff77398bde147a76469 |
| SHA1 | 11396b86f6a9c83bbe1df72a1a6d8b673555797c |
| SHA256 | f8a9dda0e4c07d2a0c1ff3ded56d1fe0049698f847f705af94073235f9f15921 |
| SHA512 | 31d63fd79f871ca06d7e298e61d7ddb9e96107a305a6f560e74064e448fcb2157523f075e7283a42a0e2765cee4d054a101eeef4f1929580c660b6fb63268e65 |
C:\Users\Admin\AppData\Local\Temp\Uggm.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\ksEm.exe
| MD5 | 37c2cc484bde222e7e2cbde4cab8850e |
| SHA1 | abe3354dea0aad09d117381938524713f6ffc23c |
| SHA256 | 8dcfbe908ab15abad23c53e04cf57316f0663720221d05b38883f15c766f7467 |
| SHA512 | 6905c0f9c1c59a490ba40e2d1ccaf40d887dc9ce54233fac2644f3969ff5abda27a65b0291c4f0d0513141a000d5b6f973aec03b89ac05cb42c252d95e7c4e3f |
C:\Users\Admin\AppData\Local\Temp\KQEA.exe
| MD5 | c95feed84068bd2e978fb75c804c296f |
| SHA1 | 3174b686cb9db9f51ffa77da11508078f02ebf1c |
| SHA256 | 800f707d9fe0f0b4299fda74f81730b2b533a7b5d3212d4ee5b7ae1f6cb92cc4 |
| SHA512 | 1bef255f55a659850f72fab49ef5c8e708d200e5ab2d7908e1cccfee5567e9e9aa6f485526edfbcd65c3b817edae0ea6817a506586c324b30dc649d594af40af |
C:\Users\Admin\AppData\Local\Temp\IUckMssk.bat
| MD5 | 32bd7c975c8c7861a0c1c4876693ae56 |
| SHA1 | be4b971867badf1ced27a36f83519e544f6fd550 |
| SHA256 | d0d710ff39c875159e311067ce927d9a11da7e8a645ba8c94bcd0e18af4fa4b3 |
| SHA512 | 89b6d21cad015cd2ae3a0ba265842afb529cb0ca21dcf61773dcf4ebb11aff722815e2e393062bb86b9c6d4ad4e07f19e4791c9edf9803f0cc026e9287f4cd53 |
C:\Users\Admin\AppData\Local\Temp\gIIw.exe
| MD5 | bcebace25392c3387799a0d78c313cff |
| SHA1 | 14c1d59e2de6d9c6709ab218d61bc82bdd8f8b0d |
| SHA256 | 5096fdc6ddca6c50426c606c76e5e2e30000934589a9e41764cb1d6373f85e55 |
| SHA512 | 9caa8c7d520a33c570c3f177f8b944c04a3b8110cfad45124a0ffda964d41d8cbcaceb2d0627a1b04e445eddbb3042393fe06b363e78c83c9451cd3427f351e7 |
C:\Users\Admin\AppData\Local\Temp\MIAq.ico
| MD5 | 964614b7c6bd8dec1ecb413acf6395f2 |
| SHA1 | 0f57a84370ac5c45dbe132bb2f167eee2eb3ce7f |
| SHA256 | af0b1d2ebc52e65ec3f3c2f4f0c5422e6bbac40c7f561b8afe480f3eeb191405 |
| SHA512 | b660fdf67adfd09ed72e132a0b7171e2af7da2d78e81f8516adc561d8637540b290ed887db6daf8e23c5809c4b952b435a46779b91a0565a28f2de941bcff5f1 |
C:\Users\Admin\AppData\Local\Temp\oUAM.exe
| MD5 | 6cd79cda781c622fa139d2ee61a4cc8c |
| SHA1 | ef5c0fc4417134958536fab512789e2922670c10 |
| SHA256 | 2143762c2fe34f5d3e734d0881d9b9ea4891cdd4c2581d9a91da2d119bb91cad |
| SHA512 | aa6dfdfccae9ac16f872a9fd00a30baf1731f6f951d59c21173351583ef27ad62bb4ad96a424d048ec96b1ea9ac3ae31812f20a980b5b88f809cb630e2b12b72 |
C:\Users\Admin\AppData\Local\Temp\MsMY.exe
| MD5 | 267063d0d774bf3a7e5e3ee55d8f5dc9 |
| SHA1 | 41e711b7a235586a61128e9d53f6877a36ea46e8 |
| SHA256 | 557788e1506dd9cbce5d87896a38814a674399cd42d9894573fe918ca135c960 |
| SHA512 | 07e2e64f1f0df29eee64ae4919e298f7c04f7622d5d62b00ff1d5afa9b9367e52686edb5b737f011617f7a031ed3e6ba7f2b240074f055b8b5812026b7472d49 |
C:\Users\Admin\AppData\Local\Temp\YsMo.exe
| MD5 | c4f7479029469eaaae3491e6e520e6b7 |
| SHA1 | 900a5d97a78fa15b00d0907a0ceb5f2f22984e29 |
| SHA256 | e68e2313aa5ee985be26cc5ac098188b1f98fc135a0916333ee29f3e9e675662 |
| SHA512 | 4b26aee10d4a4beadae113a011bde39c86e5fe2e0a5a470c3ef1fd2103679d47678eb4ee9bcb2ed8ff293c5dd899f6b647d84902983af6702074568e0d018cfc |
C:\Users\Admin\AppData\Local\Temp\SucIUYIk.bat
| MD5 | a4485a9ba7c9bd023415397a1d4b8aea |
| SHA1 | b59334b213f45c86a1dba940ceff74753ea2db0e |
| SHA256 | 70df3ccc67a66964f3bbe9014aeaa128645e1f4495e2fef576393cfec88f4623 |
| SHA512 | 05867a53c8e953b2f76e365ada9051b05d89c058f0c4fc32889f7d3cbef8274aed3bd8a7cb601d7b936058c04b98b8d48a57b8f4374baba35c582516ab941be7 |
C:\Users\Admin\AppData\Local\Temp\QIQO.exe
| MD5 | fdfde1a1c7b6bb5d0c9d64a2482c1a50 |
| SHA1 | 3c6598ecbae0c7a6aedd850bf3dddc8029f7a0f2 |
| SHA256 | d8b67036de82295efc2b3c8eeff1dc1f6fe13b337da8998ebdaa271cf989357f |
| SHA512 | aaf036bf768516ab4977ebaa85389a5376451553de43308cfda45c8004bd825157fc31c5b0515bc34233cb27f09a38190edc4e38f632cb04fe659bcf7c1dd36e |
C:\Users\Admin\AppData\Local\Temp\yUow.exe
| MD5 | ba310faeb52115c4a5bee1ff0e3a625b |
| SHA1 | d43965b900f7d66253b4a770a7fce9b2b889c67c |
| SHA256 | 1c1c0336575ed29d8cd3fb79104d4dca926139b0216202c34774ab2384359892 |
| SHA512 | 1079ba26993ea28d2f005af2cb05af4ecdf3e6759575b63128c7a99edc9acbe73e125a2d07e609f8b77c9dd98b455b842755a938d873df3706d2fab56d6546d3 |
C:\Users\Admin\AppData\Local\Temp\qcEM.exe
| MD5 | 8b96fc5a5dfbd2bffad2ac1d4e36e1fb |
| SHA1 | 72b0d031f3dfc189f343964801ee28519b6d5252 |
| SHA256 | 37687437d943b5e7fd2382eb126d49a85d3732fc951694782fd4df4feb094971 |
| SHA512 | 35e3c06e983d50e36ed0ba73b6b517181c21fd50006061514bfec1931389d090fec41fc9d40c8325b94276ed004fae1f57cc0fa23fc93e7b08b68c067fd3d8f2 |
C:\Users\Admin\AppData\Local\Temp\OUYEscwI.bat
| MD5 | 313cab4d9f5a9366498d05119fcc1b44 |
| SHA1 | 88ed1c96f6ae9d640806c46cb64a69e961df7f8e |
| SHA256 | d53b08c03ff627170fa4be41507739259e18962d8c457775c73e45bc7e7e880e |
| SHA512 | 998d7de48e91318c25b06b063be5e0f49ca9798cf6517dd216201bedc5640c5385160bfd7e4ee86447d5f2f4b62f366a0167490236f0c09205b2f9bc4c90fe7b |
C:\Users\Admin\AppData\Local\Temp\EsEs.exe
| MD5 | f7dfb625a5fdabfd95c3809197dc9a35 |
| SHA1 | bce9b3bb77d2954eb4dda589dadbfcbff0ac5f2e |
| SHA256 | b4c24f8ea23c385574b3cc5cdc49641ed4e9cd7671f03c75bd01848aba3ed7af |
| SHA512 | 6732a9ef89adbd4da3f10aa49656a1819a5f500e969b017d2959e7e7abf51d84260a342b5d4042e41098fcabed54ae1e0ca896d53c38e1186b43b9c1944b758e |
C:\Users\Admin\AppData\Local\Temp\GoAk.exe
| MD5 | 581c281e8b0a06a8bce24bb8cb5fe25e |
| SHA1 | 48c623126ff4c24d5ad6798a359bfb049258d9fc |
| SHA256 | f4893d32f70604a88a32ef01725c17a9ec404f2aab1e3b2f555a19611e895b88 |
| SHA512 | c45b8a2f9f0029e82f347921da776b0c99eb4fa43a2df71404c733d33fe7f6f40448a62fc6f23ecf8b0d8ac03d0c3624eba28127bfe7d206a1a00f1df745086b |
C:\Users\Admin\AppData\Local\Temp\mUIG.exe
| MD5 | d5f9a6f601af7206a169b880a9ade175 |
| SHA1 | 5021a6d5bc7714168787c48116c14136910fe68e |
| SHA256 | ac43be5def5e596d06a2544871c2f4af79e36c72c4fc2392f6978ed06c6da3dc |
| SHA512 | 14b1c55b6da8ad1ed2b3c49d351f525fa9d26fe19b53a9176c7d7c7eef24b1c33f5849cc9ade77fb08aebe1a45ec6ab9696b792add1c84cae651a3a6c093e2a4 |
C:\Users\Admin\AppData\Local\Temp\CAQo.exe
| MD5 | e3454cebee5f0f50e8989f7e29087988 |
| SHA1 | dc9f6611808fb62f4f07cc5ba5c0997fc95a0ea4 |
| SHA256 | 49481e3b993b54957d895d15f10c953e1d9bdd7b1756eb408c884ed5471f74b8 |
| SHA512 | 5e62e11c12d845c9cf8ecd7395697f791cfc8e34296b3163b5d2849d221bde8014ce2b8408d5d4f0d7f025d84b6d69bf682b15880bf228a0153174aace03551f |
C:\Users\Admin\AppData\Local\Temp\WMMcsEws.bat
| MD5 | 603ae331500e9a8304cca2cb1ea80259 |
| SHA1 | 9c97e5d8825e7d64df2c6b386f3366cf618b8b42 |
| SHA256 | 9ffdb0e308faf1607b972e1cd999fd86bc35dc27e794074f2fb38818d8a79b53 |
| SHA512 | 523a604e5b18903fa2a5991e46723f3baa6dfc7b327a803678c597c51180bf70a01b98ae8cb368879109aaa15a22dbbf1b1b08059e363a8c4eec07ec800e31c2 |
C:\Users\Admin\AppData\Local\Temp\EcwC.exe
| MD5 | e9faf8300cb5db4a195fd3752c7d892b |
| SHA1 | 134505d74075cf0b84e25f40da05975903908b95 |
| SHA256 | 0420293c1d3c458bdfcd8ea27130495ff941c5d779ec91a209b8942cf020348b |
| SHA512 | 2f8506ed067d008b4acd2aae377a9b588b2053a4f9e77f7567af61d6792e02e1f9ba7f96ca4f17ab94ac214f7592994c14dd38235e6471b8d9493f80c6ea58b9 |
C:\Users\Admin\AppData\Local\Temp\aAAo.exe
| MD5 | 9bb6587c0f4d33d677ac1594398f68f1 |
| SHA1 | 7f1ca6f8dc5039712f1155e5470873e7c00eab21 |
| SHA256 | 4bbe3241aa09cc779893cc0c6054d1aa211bc4fc0d1e889bf24f31f2a407ec43 |
| SHA512 | 2131c236cf952755f2754733e0f987d700bc9a9bc3ba9f2f5b6659ac96b8a3101ced0bcd780066cbfc7fc0d69800675f354c5e255895665a8c63d47fa1918810 |
C:\Users\Admin\AppData\Local\Temp\LQUUMcEQ.bat
| MD5 | 2a9990079e06544cf22b2894619321ed |
| SHA1 | 0215ad28b0ab3eb6bc204b9f97baed26a51bda63 |
| SHA256 | 44071f254afefade42dda4cd8518eef9e8c38c8c72b6005d35f7343991f6f173 |
| SHA512 | fff1dde5622cbecebad116a0c72bb592b0e7e2a0fb720666941b79c2cfa25d3b424cb1e4dbefbe8c6dcb78efa1ed9c36c0992594b08f4770b4b5ea9d2a1533b8 |
C:\Users\Admin\AppData\Local\Temp\OwUY.exe
| MD5 | ca4c564ba2c18809396beeacbd581a05 |
| SHA1 | 30c3663f06ab5e7fa99af52cd1cc17b008e58c98 |
| SHA256 | 85d0694a81721f6392674bed7eafec1e52e7d2ef4c78e0dc9e3445e9f75a3c4c |
| SHA512 | dd33ae5933d2d2446af8459c74a66c0c3aea18e96b4909fb55739ccff459ddcdc5971fd4e6207bfdab132edd616d662ed2d38dada669223b2d0cfcf4ba32af70 |
C:\Users\Admin\AppData\Local\Temp\eQEC.exe
| MD5 | 59c6042b59df274be85e61d1de9b302a |
| SHA1 | b201837c137297c4cbd31f436bfc0e0c4ffad452 |
| SHA256 | 4b940af52c97d900d0a8a1f4131cee12bfec8a0c7ba5fa05febace26424e87b0 |
| SHA512 | c9a247b30559f9f671c11ea66b372c8e57ebb0d7d8fde0444a89065b65ce63da5439ca92202016c92b007c4c1d41e3b515da5a15b2086a1f4090798f212e47ca |
C:\Users\Admin\AppData\Local\Temp\wQYa.exe
| MD5 | dfa12f08bbad94448ccc2e4a4d44dd89 |
| SHA1 | c2bcdfcdad1fc384095ca2f9a8149097e920a3bd |
| SHA256 | 9c0efa8824005e092abaac528897ebdb016d2739ce35cab8d9ec95bd83d4ed8a |
| SHA512 | 4e6efe8aaef2d66c208f579c0f7d554eb5af73714821b9c7c2f58f680f67c66e2df1e14565b8aeb00484f736f59069e4c6f1799a28d9a8c5cef2ecdb5acbbd27 |
C:\Users\Admin\AppData\Local\Temp\JMscQQAg.bat
| MD5 | afe74af04d7486720e94a72e8455b8b2 |
| SHA1 | 79195754645a0dc9203577464b3ffc645c763a8f |
| SHA256 | d7f8fad0a1f84256be301d3ee1c0f4c0e55aa9a6b8247f1377d1bb0d364b93ec |
| SHA512 | 86b7cc127b7e447f2236aa5ac48874548d6f3bece83f58c555ef198853ab442cbf9314b7c4dd7896a2a4ace2e0ca1235179a2ba24ade124f0eba20dd30c0507b |
C:\Users\Admin\AppData\Local\Temp\oMAe.exe
| MD5 | 99f39544e4c7d639b0321be682b39b8f |
| SHA1 | a0cff1aeca12f8226d439f04be35238f27ff9c02 |
| SHA256 | 7a1cd02b16e4511eea84569782ceb878d0c8bb3c3ad56e9321743edd8a9df4cf |
| SHA512 | 57e1eeeef314ddc1d146945edd8d3519af4f739079ba9632bd40b6cf216ef50efc09fadf2b7e3a2e0614024ff7fd21ac60e42aa0d7de69db8cd4b20a1b8c2446 |
C:\Users\Admin\AppData\Local\Temp\sYcy.exe
| MD5 | 08ec31f98e07963fc4de4cdd1c7e4e9a |
| SHA1 | 297c9a6fdaa4bf83c461ab99cc3668726456db39 |
| SHA256 | 115a093bb0c1cfc49fd46a3624c25dfe7eec0820508d57a7d8dad054710835fa |
| SHA512 | 21fb99bfcf7e01be62ec64c1561ac96ea40e0a7d7dd6239b81d3c50779ef871b2538a2b3744e1b582ad8d4209ea64c659ea7e240163f3cde2cd07b7ac86532fd |
C:\Users\Admin\AppData\Local\Temp\FgQscEsw.bat
| MD5 | 531a64eb450f47042f7b6c53a314486c |
| SHA1 | 6e83e2d7507abce64f5e5e6cfece06a31aa80e12 |
| SHA256 | bf20ed4753e8028897e1d4117fa5d84e0cdfcc07a71cbf3e6e9528303eafdd91 |
| SHA512 | 888dc6ac7218078a0c7494163532a22370cd2a8ccbec30a265ccb7485d1e5070f24fb724fe1a35c24b692b7afa85be18296552031d2d690c12465c2035651e53 |
C:\Users\Admin\AppData\Local\Temp\EQwe.exe
| MD5 | 022b20e72263ea4781ca7189acbf133f |
| SHA1 | 4a82137727366a5688ca46dffea6cb7c29d1b6c8 |
| SHA256 | 7ead41470f5e419df99c2604dd76f7de0e58946ef9d4eef34cacca179b8843d2 |
| SHA512 | c19896f6399732ed863025493071b279ec6b9ac76c96e378dc37a5ea3d763456ccefbf17e320db3c149f45e778a1d9c69719ef5a9f89509a4bf87b2b13a15f57 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile16.bmp.exe
| MD5 | beada488da90a239c75d80149ed2b1b1 |
| SHA1 | a1444a6cc6a2242149d55839527f0fba67f5f5ad |
| SHA256 | c6e070294cc6e004ab5becd5c9d74c641401b8abe58ccafa1df1b988bb5a7ae3 |
| SHA512 | 34cb751d85984a082ec9c8d752d2371e59941e26f68b2f31a1e2a7a314a32213d869ae5093e8a2ccf67834ee9d01905a5c1978ffb71b5cbdcfaa52a1d4622348 |
C:\Users\Admin\AppData\Local\Temp\XwoIckoA.bat
| MD5 | cdc19f27d85d099c6b4bc6818d8cb6db |
| SHA1 | 34befa8c0ab85b9120ee5c29256f87f64e94417e |
| SHA256 | 0b031000679aa8b96d87d1cac727f954af1210293a77d684bec45904054f7477 |
| SHA512 | 81413e4a93b0a288aff0eb45dfe8f01c3d4c2b9553604e79c118b6e44c7479cfcb19526ea989a7e2fd5db2b741e4afa28fbba9747b424856e814ec27ba079708 |
C:\Users\Admin\AppData\Local\Temp\AEom.exe
| MD5 | 8f8831c5fc623b701d7def31b2c1f04c |
| SHA1 | 804b0652a2919b8c8778d9fc917273404d8d4821 |
| SHA256 | a9a33d4e3e3aa9dbb579f7c7804828e05643ff7c9e7b1b5296d90556fcb2f429 |
| SHA512 | 1b59c1bdff9d528600e9f0d999672ef429414c41e6b53dd6fa553e3961ab68b3f93734afad15f4fe82b900f8b26dc0334391676493c519c472fc9419f0d42742 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp.exe
| MD5 | 7b0b9ca0e4d08e2dbbcc7584305fbbc5 |
| SHA1 | 7346c4a989c157f9ab3d79b1185b0b779b60d3de |
| SHA256 | 007f2498cba36568e9bbb5ab52721900e308c143f5c4867d3d08c5bf3ff5d3fa |
| SHA512 | 7a6ba390893960a5c3b120f9490fba35e57800bf43bdcdaaede996a51dbb0b9dd250d0a102f4e0dca19447323f17ac490449fa1da433dc43554d8ec12dd44022 |
C:\Users\Admin\AppData\Local\Temp\mAMS.exe
| MD5 | 7486707dd736e39c89a12325ce22a9e3 |
| SHA1 | 6ed027dad97e082c730d1261438a8e56c89a4b53 |
| SHA256 | 84f95e8fc25b1bb441394174cb340a4b5516b1c1b477b0482edb53ca3f6c6278 |
| SHA512 | 9b191ffeb62ddc8579636a65e3a9bfbd88498331ad90ca8187cf1f46358666fc8464677faf22299d8afb9ecb930762b35a755fb633365d6c03e3f341587e1d86 |
C:\Users\Admin\AppData\Local\Temp\KkkQ.exe
| MD5 | dffa0b85e413d52c22d0f06ccdc75c90 |
| SHA1 | c9103f4ae3315e27278bcd52bcd72ac009cee874 |
| SHA256 | 2b1e1fbe42f331d761163bde8f19f7cdf408938b468d5408e0fede304b558462 |
| SHA512 | d3f5079c8eab4b91e410d2babcc4d19e2d745aaee640750cfd2ad594a99990a2f0f434eb38a16d885231658343fb0027204fdb081155736824077358d9b77b54 |
C:\Users\Admin\AppData\Local\Temp\skIIgMcs.bat
| MD5 | 7327f5dbae237f78f2bd80c61cb0600e |
| SHA1 | 13349d4a41d998431bc6e299d60071bd221dd8f8 |
| SHA256 | 3420da5cc0816c2c726da49076d17d2037d2d499b63ef2d79b5cf4460dc8ed6f |
| SHA512 | 01d3d6bbcd35f432011933a352da9012758281aa1971a537e1ca679491f633e2e6ab50cb1525e70918ffc1cf0042a61eb429819bb9509cfd7b6f3479ee941fc3 |
C:\Users\Admin\AppData\Local\Temp\aoQq.exe
| MD5 | 3a73c9fd75f9e0aadd68ed30ffff7ac4 |
| SHA1 | a1382079c7abe9c55ba91051bd2e710314a0ec2a |
| SHA256 | 9a111c0693433363085958d888fcd391c3d8b700525060ba940308127ca8d483 |
| SHA512 | 46331971bc60a2f6783d39a6567cbb744b53e041116f9c1c43cb4274d4c44f43ec88538a72374eb49a2bf7754de46ac41349aa33c6f7567ee2a585a481ef50f0 |
C:\Users\Admin\AppData\Local\Temp\SYYI.exe
| MD5 | e3786634a2e87148fea07fcd74b1fd66 |
| SHA1 | 93a48f58131d15a88e0229a805cff9c7ead6a654 |
| SHA256 | 2ed81fb8d8b25931ffe40d7c44acab6257a7e57c93c3c0156df7b48530c5cf4c |
| SHA512 | e3ba2f2138e6809c37afdb58680e0df0d90a5af8636a2e504ef1cf237d729ca3b439302cc2c8f9aff34c402a5b594b5ab9407e0436da03b06a71b0f395578e19 |
C:\Users\Admin\AppData\Local\Temp\wsoG.exe
| MD5 | 9331eb949e30c79503d6ffc4b106ef92 |
| SHA1 | 54a2afe9e93169e82c68a29d979d941f695e0d55 |
| SHA256 | 9e3a2e0ea136becd0dfb881744cfc250d6de2b8582beb4d746e5663ee0c82aaa |
| SHA512 | 67b7b116402a24a629955967588264702d2f4c15c69e355ff28b23688f74150d47e43f11316fa683161b99123950c22290b9b59ba27ae633161606436eb4d30a |
C:\Users\Admin\AppData\Local\Temp\Ioka.exe
| MD5 | 09168588aed4aa5b1279d17a3c2d703b |
| SHA1 | 70fe31f7b58f6f9ef070010470daae9433ec4818 |
| SHA256 | 5bc8aee112235607dbfb95473862e888737e46cba4d1b516482adbc438b34f7c |
| SHA512 | 8d231ef5023571b71932d48ff2f117f4abb0829cba657f1716447b2428996a6f9e85b02a44be03447e99c6e049ea477279c229b756aa2c628e38b3fa5065149b |
C:\Users\Admin\AppData\Local\Temp\ookI.exe
| MD5 | 7caf8713dcea7baedaf6bc57e8ce0ae5 |
| SHA1 | 6f0720e151819e464e00839215074f9375e454da |
| SHA256 | d6ac342169162a1c216be9354f75f2f983b4cae13a362bf1c23ea622a21989cf |
| SHA512 | 82d2668855069237fed4c1193537522f189b76698ae2ad3d720cb03489d3998c89229c79c0a44af5158b4cf1ffa1f67acc28e73413d19a4eefbbf7bf36e2e209 |
C:\Users\Admin\AppData\Local\Temp\koMAUcwE.bat
| MD5 | 25b302b7486fc5606e5ee523a24f11e7 |
| SHA1 | 603ef619c42fa40b08a28a30c64b906590a5fc0c |
| SHA256 | 1111e63e777a00febe62aba86d897a3f7066c0b7da12231e3c0363b688bea3e6 |
| SHA512 | 50fde5c2d087989aeba9640eff6faf01a32852ef1565229e96a1ebf65dbf6fce83e4c09a186bf8bea1656b7a69fa80b173d5501a9d71c64afc5dfee14cb5c5ef |
C:\Users\Admin\AppData\Local\Temp\owcK.exe
| MD5 | 0ea64130e5a59509028280166e8b2ba8 |
| SHA1 | 3eb936dad627bd3224e70dcff0f473a0dd28ae0c |
| SHA256 | dda0b7241e19a0adee31594f0fb38b81d4fcab732725f67a5235eafcdf491915 |
| SHA512 | b4d950915cd86ca830a1ca896203bec39c75d24884e900e9b02da603af9882b46d35ae57a156c2bef7cd514b99b2f57c28ecb2d9ff5f310314e7e96cf38a0bfd |
C:\Users\Admin\AppData\Local\Temp\sIQe.exe
| MD5 | 22cf4c589dc954406920aa9618b6161b |
| SHA1 | 056f95fb230acd5de19f1446558429ff08ab8224 |
| SHA256 | cd318e60d5bbf848252b38884039d0494f9721d83ed2bb521c4d72e87be15c8a |
| SHA512 | 641220539e80f2dc47a647ed8bed6c78ee25be0b33da247b375d28318358e5141b15a42d8d1c6505401da893181610efa009aa3d865723723bff300985318bff |
C:\Users\Admin\AppData\Local\Temp\sgck.exe
| MD5 | fa0b1d00c7a6fa123cdee73cfbe436f3 |
| SHA1 | 25de39682b154c61e6468b1516733721f6743b02 |
| SHA256 | 3c80f198a410493a5b2cd207b4ad9c3f5a5b3cbc895360d624b897aba22998ad |
| SHA512 | ad7bb7c4fb072b24c4d7e73b898466dcd264de6e3889d1a0723d94c622cb90400a7eefec77ba5776576c74dbef81420c6781c1d0894066ad66bc4fe8e54fc64d |
C:\Users\Admin\AppData\Local\Temp\qygMIIgY.bat
| MD5 | 8dfb023113d56b97cd85ac47ba4c725c |
| SHA1 | 3f33205664bae08569a404018bfe073afb042956 |
| SHA256 | bf1ecb90a4b01f9a4fea5864a666452112a8bb204dbff23cbc24032f9be3d60a |
| SHA512 | 7dc4e8e11a2eab6deff084b14644080a29b9909d0c998e7562f857626d57053cef8171dbf1afa75acf55f7b04c650a4be438b4c6f55d1ecf7257ebeed3c1d1e3 |
C:\Users\Admin\AppData\Local\Temp\usIm.exe
| MD5 | e73ff578ada2df4348997d8bc5358667 |
| SHA1 | 1f52e1bc127e0b1f01d22035c13258f28e0770b4 |
| SHA256 | b3b2515c70185485e8fde4a17fd3fc7d77eb008f2ccb0e9e55d3e51f9c66b1a1 |
| SHA512 | 1df9d47c605f1a3e8cf24c8b0def7dcc25f9eeb8db5e8a0e10ee37daecd041264a8b04fc7be29ed426d7a27b011077fa277930bd80ceb29558a5b3d15f822713 |
C:\Users\Admin\AppData\Local\Temp\WsAM.exe
| MD5 | 71c8a670647c0650c9133e623c267c79 |
| SHA1 | 6af29e21849954d1e3b0ac0fd8b1b3ebba16356d |
| SHA256 | a479e6ce46721842d0db87afdeeb14ae7ef7425bcea818c637295144853a8158 |
| SHA512 | c252b94ae9f6e55f72421347efb113104d11e6aebd8a80b353cfe752b76a0ffe02b07db9a06bed2f153dbb9524bd3a0065664636df266782fba9eb5ff0934231 |
C:\Users\Admin\AppData\Local\Temp\oAoa.exe
| MD5 | 4c709122b041a2c49144e75d3031f391 |
| SHA1 | 0312e7e61091ffe9a5415356f5d6909ecd45c3d9 |
| SHA256 | 7289c4740bea608cb998f44981270a62541f78c16913281f6e5b67cc844c7312 |
| SHA512 | 0bb65ec588146c8e49ffc1a08806498b52d9a840b12d23ebe71a758aa14e6480dc0a2f962df840e60c96e90dbfdada654fe97ef71c836298feb254fbaa7d8134 |
C:\Users\Admin\AppData\Local\Temp\sCsQAQQA.bat
| MD5 | a0f37daaeda70cc82f94df1a6bc536d2 |
| SHA1 | 867c22a44186f646f6e2c91893a4b09090cc45b4 |
| SHA256 | 1b1ef5b86dc5506d935c094b4ba1bc125d12de1671a14bd7432b9af4713358c5 |
| SHA512 | 48631420dfe66b8e494320cf7bd3e6534d727b432a2474e11f0c0b8db90175e3b36dc3d03b1d183aa1a049a1de0bd3855e83e35ec881708bbdd210f7224d1c63 |
C:\Users\Admin\AppData\Local\Temp\yYMS.exe
| MD5 | 3a755d00c9d8b912ac5690b243d22ed7 |
| SHA1 | d963f6036286dfc0e5b2d8d11b3e5d874c0160cb |
| SHA256 | 0def4552791ac7abb4d47e53f689b29421df10ff7b187f9cf64795b345e403f2 |
| SHA512 | 1477cf41ea621b3c3fdc17d7336bb85a649fcb6269c068f64b3d9f9d77f00215bdbc464d4b23a186f8a627846eeb8ecce9fa39a9aa43c5941d1baf925c4711ae |
C:\Users\Admin\AppData\Local\Temp\skwQ.exe
| MD5 | 4adc1fa54ace3985e2ae9a50332b2c93 |
| SHA1 | a760fe439602995e3d4fe944b13600d96342dad1 |
| SHA256 | 2efb31f509824898bd4c2e88cd1f448c2b0a6c94922d301d8e63f80df9eb3963 |
| SHA512 | f2ac2dc4780b657e5fc9f0c274b965b47caa94277d38b1ccb0e4ed799a547a5072ca6308ff18e07386f25614218e68a0ed6d8095b6e3259557d2a50e2f24cfa8 |
C:\Users\Admin\AppData\Local\Temp\aMAW.exe
| MD5 | d57b18cde0dbf68ac8e32acfccfcc15d |
| SHA1 | 884f9ab50bb782513ff035089ab4540a83121ee1 |
| SHA256 | 5a0ca866eaa215b3f6502d819f2b9d1f1afca92191065e946cbe14a795c0be2b |
| SHA512 | 1f3ed526db3090025f451dc061b83380b3d9f215c32dbc549da1dcf1f3278f8da039513f65b6e169f4fc5f06f8f6070021d549f45977afe4f5731c5a39ba893b |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp.exe
| MD5 | af91dd7d6a3ce455ffc9fa0036de6113 |
| SHA1 | 6d712a76c455ee0980ac479fcece3585a187f7b3 |
| SHA256 | c9a36b342df6bf83eeaef62864054105739fd20b2004b31ee0645160a9320790 |
| SHA512 | cfd6c27e17243b2f830b93604b90830382ba44b9b66ce11cd6f96d437e242a28cec4fb74cd4b077ccdfecf31c2c8d6a3f96df7121ad3eaf0888df73e8d06b74e |
C:\Users\Admin\AppData\Local\Temp\rQckMwYo.bat
| MD5 | 2abbc5a6245b2853c68b47da3453f95d |
| SHA1 | 27ee166e888612b5bc6cdb829aa447dfc129a5d6 |
| SHA256 | 5bccbdc27017ab59f861d281023605d30fe7151bdfd05d597d808d192fbf77d3 |
| SHA512 | ae3a0ea0880e944300f7401edc3a3bd76db61a9c71f0a021c87cc392a15c767da6f6b8ce679896b4b331f27b711457e07faba9864ac8feba57b4af49390f33c9 |
C:\Users\Admin\AppData\Local\Temp\aAMi.exe
| MD5 | 8126b9bc28cb222400b9e615beab222e |
| SHA1 | 164532b50a519bc78828106d79f39b776868eb73 |
| SHA256 | 8acd7a37c14da0e58dbe962591ec4fb92529cdc5ca15311860c9503d2a400d57 |
| SHA512 | 281d47b11a646c52ef6c8ca58945b4bae6cd661959bc3a4481b9bcaa48b48a6bd6631af2e0e03ceb1aabc7762d49a5b320cafae85ed3ccfe6f9138ccead28994 |
C:\Users\Admin\AppData\Local\Temp\AgMc.exe
| MD5 | 32dc33540e0e3ae746a4abb7313ef882 |
| SHA1 | ccaa5956432d78d36157722fc268a67bd158daf1 |
| SHA256 | 8dc30a4eca375da626569ff47f890114694f50b56cd367539b6e7a0f442f21bd |
| SHA512 | 29aac0f8ba39c06741301e4c35086e4232e73b384fb5c597265e09e9627341bfedda4bda68cf8446a8f173d6e0e804648120c1a60dbdf84aad11fcb004391b09 |
C:\Users\Admin\AppData\Local\Temp\zKUcoEcY.bat
| MD5 | e2fb89048d84bbcfa2dd03cd487e16a7 |
| SHA1 | 9f18cc3525ac5e1725c7d0a1ce200f746d7925a6 |
| SHA256 | e2ef6175f5e70d7ae53134d214c3e7aab47b6cfbefb8190285e72d4113795651 |
| SHA512 | 6f98012fa4b956fa6bd160be32f448c8b1b6ee45d8f65c5ce1cc673c999061e51c4f4c9caaba003e21aaa570f3e7bea19bc3e9ce303b7f68ed69aac45b7e3427 |
C:\Users\Admin\AppData\Local\Temp\ycsu.exe
| MD5 | 0c19d143c8df6ffaa57179b048c1cabc |
| SHA1 | e7b29d4daf67267da1d18d19fe03f5a463b429a5 |
| SHA256 | 60d838bc216aa1c2ed649e5740d26e7d6355fe77c1947c80ead03abb05485e8c |
| SHA512 | 90dc58a67b66a581097d3eeea529508eaa0ca6103df208e715380f57ceddfff845173e55eba3e97ea258b3b6806e03e11df4816015f090b7fbc02520fce2951c |
C:\Users\Admin\AppData\Local\Temp\ogAi.exe
| MD5 | 697292dc09558b3290b9a17577132c47 |
| SHA1 | b1b2777aaa7ad1fea51a4a688c135b9e6d21ca17 |
| SHA256 | 9c02ed1f6e293e71a0b038eb343045d16755e2a91d02591dd438bf9e396fa40e |
| SHA512 | b5d6c8ab8a443d55786956ad974565025ce6cb566c4f625361f61f16d93e1fd293b108b9c9810f6acf8a2c8b0393ab3c3f00949d43057c28e2d8cc9e1cd55304 |
C:\Users\Admin\AppData\Local\Temp\akYc.exe
| MD5 | 649bc3ad32d04e29afbfecea2fb40636 |
| SHA1 | b5cdea8c655d6cb2224011101d1506a4dd83dcd0 |
| SHA256 | beb79b34b90a5e2a6fb85916381dc73f793507666fa5fecd5da7943d2d9d316a |
| SHA512 | 31bdd015a94bc8d8ac8461221ee3c21ac6b732eed93307bfb12d94ad0d3c7d7ff470492edbbbe870f57dbe4d6864716b74e24d60eac361453d3ef402ef602e01 |
C:\Users\Admin\AppData\Local\Temp\tmQcswko.bat
| MD5 | b793922b2b305a669058b7ee0d5e5941 |
| SHA1 | db7c85a525ae45115444b54a16428aeb9caca6de |
| SHA256 | f2507d0fd0447b36374176fa063e83b407f57308b6a07744d866c37f02ad6c6b |
| SHA512 | 40458607d2da103f250fdf37e313bcd20226069d3d54a7f63242170ca0e192a14a8e0d9b5d6dcd1d805fd52110f87b87e1a576d0e6d2f1b2739b25dbc683df87 |
C:\Users\Admin\AppData\Local\Temp\UwgC.exe
| MD5 | a3e8bcd0ab538b08b8bd5a50fb041bf1 |
| SHA1 | ac1419e157ce6a07173d00c3ab51a445f7965459 |
| SHA256 | 2643950b8fc17881386311363281df19c90a6c32c912cf03b70571aa60ade6fe |
| SHA512 | c5100ca5bec29bb6a71bf0561c0024a5c6f8adbcc8a2998e59d10603a158dddc79abecade0385d322471717665b955a39b87716db9e836f6dd4df070f7e69df3 |
C:\Users\Admin\AppData\Local\Temp\AMAi.exe
| MD5 | 0642eb78ffbd093c759b6fe18686c402 |
| SHA1 | 0e838f35063effd465def228efc7c75afe52c38e |
| SHA256 | dcb4177f5de14d0c023fd5b0e19063cbd551376e6f689b0a66a64ab34158a601 |
| SHA512 | 7f76cf0755092c48d0fab3bac50eb904e5969229ac016873f7761bf3149682e731399f46b8a681b13f72580d981fec8b62a0f2168b889ad0d5e813c7ba8fcc55 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile43.bmp.exe
| MD5 | 4ba4ac393107e48d0388c507fd8f4780 |
| SHA1 | e4ec7f7d231597080e08016f87f3aa7ee8479a6b |
| SHA256 | b9ee5508a506ac10346071337d5e690e7081168134fe7944cb77433a55802fa2 |
| SHA512 | ca0c82a96516d5cd62f815f8e4d6fb9dba073d50a19f1ad0e44a0441ce169d36e2a12d3c286aada3b71dcbe7cba1df3be1400f49f761e56c077586413c2b61ba |
C:\Users\Admin\AppData\Local\Temp\jEwsQgEM.bat
| MD5 | 2e8d500a548932b26bb5b5627d164cba |
| SHA1 | 8feaabb0b3af112f25ab932902a8f6cb06d4b7aa |
| SHA256 | 0e4b0e08a2ce1f843b596097bb04744d2cd7f66f79fc9bbd1a748142710ba15b |
| SHA512 | 08802f10594b3400774947af75bdd3851fe3a585a25937c5f56947911cc7339940f74704db5750f26528813d1925843994edf3e69fda664c9dde581000d0e3fe |
C:\Users\Admin\AppData\Local\Temp\ikkc.exe
| MD5 | 2d5bda62137d31604c427fd8222f1989 |
| SHA1 | e890d48236ec392da43ffb18dbeafdd63268adf6 |
| SHA256 | 4be8291d125eaa98bb9eca25d4332288db883fca0ec924d415487a54fe12e8db |
| SHA512 | c26e8eef0cd373617d67ffd6d2c53221ef533578ee7a58e9d747e57318765f9c1837812beeb2afe4142e1d87a5a837c54584b1c5f662c88ec785ad5f7c4427ab |
C:\Users\Admin\AppData\Local\Temp\eQYcckgY.bat
| MD5 | 65bc9d6d631e2c907b2bb9d4b1ae308b |
| SHA1 | c575c730ebe90cfe604d32ec0c8d30214f08a9bb |
| SHA256 | 320f0577a66408a0104c15f1041b3077b6c22a91fa5675c50e78a2c36095c57e |
| SHA512 | 109d76a2db67aabef291f9dd89edcfe227a86d29e6b9ce734b7930e91c5598394b1c9f192c21cda4a72c92a88f090fc39c0deed1e3535c76c2e9958bb9ecb950 |
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
| MD5 | 7c3bb7f5ab5a92ba2a4dfaac68f394e3 |
| SHA1 | fc87ac77c18b899844cf25058f46d72f7d457471 |
| SHA256 | d1bcc94aceee56bac52b6e8f0136b41e7e30d4a2f394bb339d14e3417b2d3b6b |
| SHA512 | 8d24570115e118fc1a8d6bfa2b3565687bb572a3dc41fd77c57c61a2ff83253078709ff8b6f951c19c5c18ea2ba0bfa548e30e0bdf16b723fe9b39037ce0aec8 |
C:\Users\Admin\AppData\Local\Temp\YYcocgoo.bat
| MD5 | 5796f169aaa81e2056320b458333e6a3 |
| SHA1 | 522fb789d235ce11e1cbde491697b3ee354a1071 |
| SHA256 | 271fdda5bdbd0f920f4dac1634c974214b4df80e329cc379986513349d8bc195 |
| SHA512 | 4689129cab11e6c5b4313081635467401f274d4dc9ada345760c9c7c6b3695342c9323309eafee9bf4fdbd81d9793644b0c33b01678de9b89bd7bdbcf9a6f07a |
C:\Users\Admin\AppData\Local\Temp\CIMm.exe
| MD5 | 4d8304f563780ef25c8b447ba4337e64 |
| SHA1 | 539a4c71aac2ad3eabcee13adcbfac00e4376f0b |
| SHA256 | bc3137f41f54725f846e3b1c7b2ad9ffa97fe0cc45a4c7e97db95b8297b0eb77 |
| SHA512 | b6e53c52dab049624d406b71e915bbeced1634ea2d0e19ae4edd33bc2b354658ac5524351e2e182b93199cc52a13546d20eb9cbd3b3d82f708b135e1a55c8916 |
C:\Users\Admin\AppData\Local\Temp\eIQG.exe
| MD5 | 6ea88e968d045e8bf72ff876b07d4add |
| SHA1 | 80ad44302823dee250adcd225ad37c21d05e954f |
| SHA256 | e161d17e4afcc0840e08b019dd1313b418a42d1637209a6106f3072daf1a8948 |
| SHA512 | d3b505614b5efbc40b9742abb97d3dcf50461ae399a03219008f8d96030f301c7477b6f6d8039c5313a4a1b224024d0d57bd60e5783d327a1b63f564034199be |
C:\Users\Admin\AppData\Local\Temp\icYE.exe
| MD5 | b4a93320f0faaaa8a68fd8bcc344a08f |
| SHA1 | 869717a62adcdc02ac61d2f16f39e8e9167ac5a2 |
| SHA256 | f0885fd882037ba0c04aa23433ea7c37869afd246801a4755a948c268bfd309f |
| SHA512 | 9eba3dd802a0bb9b9a3acea2533daf0685a67eea41ce0b112acde55058451abd9ee683a53906b454d74f1cc682f9d61754dd3b25e34c5d9949d79f42f9eb5f48 |
C:\Users\Admin\AppData\Local\Temp\wQkw.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\AppData\Local\Temp\WAsa.exe
| MD5 | 8c591657b415d5797cb9f10172d3f59e |
| SHA1 | eb2eb0f85a6420916913e3e06807341abff971d1 |
| SHA256 | e743b95707b392a61cac8cbc596b6677365f63d49f08029c178b20fcc5c1ab07 |
| SHA512 | 0a31dce6041c02cffd0ea3df95298054498385d91642462728d68c192ccc13a8847397a299a00ef9187f46491157c0c16df5dd0ddb647445cdd5dc2262597a2c |
C:\Users\Admin\AppData\Local\Temp\oEwS.exe
| MD5 | 444be9dbb4ad623c2aa4c21bead64953 |
| SHA1 | 83dd2b790a7f55e8626c7901552957988818b627 |
| SHA256 | 5a258ff60aa4214d83da6edf00c099e0a5fbeefbe5c757111b36b8c4f306fa2e |
| SHA512 | a6557303ed54698155d8064edf217d0c9eeb686889d64929743cc2bec976e1e58fc552f67e67654799070ddf0267e088542267d00b2f291c955ec242456dc12f |
C:\Users\Admin\AppData\Local\Temp\YmgkwsAA.bat
| MD5 | e4ff1647c72d8b52a22f393cda5ba240 |
| SHA1 | 3378178e130ae0d770fa9a4c2ba7aa5dd4825883 |
| SHA256 | f7d8d19dd6c81b9c18bbd34228e1f7ef0f91596e22a12c9cd01acff75a5b979b |
| SHA512 | d6b6ff167d16f13d73891e00374218eb4c8414847df7d3dfe74eeeabedd0ca0e4c4f9e22e3fca5fe1c97154fc15fa076e1032e2f2852afbd6a07a0cb40ad5cf8 |
C:\Users\Admin\AppData\Local\Temp\OQws.exe
| MD5 | c72e82dcb00f519a9bf7473a6906ee3b |
| SHA1 | 23d254dbee97e619147cd97851698b6744c330dc |
| SHA256 | 29da9865627af1e0a6eca5643765ad791f408c8cb475cc5818b2a1153de84b85 |
| SHA512 | da0360d972219427763870b897b1ccf5f3208e68e9a1587e7d28f67e6cc435dcf839f2499c985740f029eae203686adc08104de17489208c766363a4cf83d982 |
C:\Users\Admin\AppData\Local\Temp\kcsG.exe
| MD5 | bf6c5cd9abf3f4459022ba4633a1c735 |
| SHA1 | 7d97f0e84b8f733944d5bf6a9874ef45b2314fa0 |
| SHA256 | eecccaa639467e4be7076805314eb95ba6b233bc20c7d35630ccb15609c15ef5 |
| SHA512 | ab33f8319d6a2584a16f75dbea3731be2e46d4e346967c2c513e42239dab37d53e76a0e779e0148748b035b4fa182536447c6cf633a2f7aa4e14f712b5a3b560 |
C:\Users\Admin\AppData\Local\Temp\UAMG.exe
| MD5 | 43fa6a66cb0144b9ec66e14675ac5e3d |
| SHA1 | 6516523feda7bebedd0b5c5af8117930b286c687 |
| SHA256 | 01cb1b3485b6a4330d1374a0bbc9003245310e18e17116f2da5a5f84082fd0f9 |
| SHA512 | e03f7e5ce611a876293b830e9a5aaca8588f59bbfed3d5584fd4f47dd655410f4dd8e078312bc42abcfdcee9ee3be8b652f39236c99cb4e4c5a4db87eb61c3a0 |
C:\Users\Admin\AppData\Local\Temp\UcoU.exe
| MD5 | a9102d04d085a0dfc0b47997db2f659e |
| SHA1 | 31a9f586a176a232bece913845457d0bc00349c7 |
| SHA256 | 93036849d28c8adf4ffa44a1e1c4aa2311d23d01f58d458b16427b86d4a0b3bd |
| SHA512 | e99c5ad6a5727b64c1ead1727d4ae07c7c1d0aaf2e44dffbf24d1d1026426f17cf72eaf975657ef9a7a22331576694f4e0f94ebd8c4a0f00cfbf6ddc539abc2c |
C:\Users\Admin\AppData\Local\Temp\coIa.exe
| MD5 | f8c8775832814b6a14b64566f918dd4a |
| SHA1 | f594b6a957dd98935dc1426e76fe7c6c8bfa648e |
| SHA256 | 1a74f30695eeb15a7df0e0f05936346e88239b7a660c2cacf85c37c08fc3a801 |
| SHA512 | 9149992fc4f06a2c12952a763980c385be3c487b7c6f78f6c4ccd7971ec6f32c785403e1aef096217a1c82d0209adca540dff620c59a8e8931b0546167421cad |
C:\Users\Admin\AppData\Local\Temp\XwoAckYU.bat
| MD5 | f4c5b2847f7e5d4c1003df82ebafbf01 |
| SHA1 | a77d3067ef8d5f07f27ca0ef5755e320953b551f |
| SHA256 | 5b4aad7eb248f37fc18e94397097a5b27b6636fa75a956746e2990d81baac306 |
| SHA512 | 99ea7ba4e557cc786b881e719779c1a9560eeb0bca74ba1df712330e2aca99623eb5babb2c35c0ec7abb295d5aa86e1dcde29747e623fe3c6ff1fb71f4b87696 |
C:\Users\Admin\AppData\Local\Temp\jsMocUAo.bat
| MD5 | 8b31c4f62aa025419a62584de4989bca |
| SHA1 | 8b4716193a7a40e30c1455dfbe36bf51dbac3f9c |
| SHA256 | a61ceb73849a81768fb2957553944c5b9158f56f57f431e047c7292843cfc348 |
| SHA512 | 5046d4ee4f97d269ac36ba02292d253940e275735360f699025997ebfe72e0437dcf3365406bad55e08a07a07dee30f41c3993901a59dd1774a45626ac94386f |
C:\Users\Admin\AppData\Local\Temp\jaUIgwMk.bat
| MD5 | 345092b91e3db4917bf1fabb48b620ce |
| SHA1 | b0db048bf2bde1919b27dd8d4df1800841a4a81d |
| SHA256 | fe796c187e2d1bec2fbed33ffeaecbff7ebd861d3dbf9a5aba13bbaf52a95776 |
| SHA512 | a80f4d52f89867f1f20881f19c7f7786cb2b365d2c12d4baa73b45f3c8b5335b0461ecad188878f364bfe4399b9ce32677a6690777850863ef5e89b51563ffd5 |
C:\Users\Admin\AppData\Local\Temp\LuUooQsk.bat
| MD5 | b948c000f432e5988eff3e3b61bf08f1 |
| SHA1 | 8240187b5675a7756bdf61631c6724939d4b2f96 |
| SHA256 | 179497d9177c5acb00bf053d8405770871de7c604e20041a2b62e0c6600193ae |
| SHA512 | bb42c97a336b04c76b6bd5dcfe56a46fb49d73273d9d1f82e744de6a0b72fb4f1e08c8e5135d0f649f0032734f88c85a4980f1ef4a8da9881c86757480037b9c |
C:\Users\Admin\AppData\Local\Temp\wIsEAcAs.bat
| MD5 | df3e1b8d5fa86ae12f035353307d9109 |
| SHA1 | 5b4c69c740a5ebc9f995faf556dd70a00b0ac069 |
| SHA256 | 5f868f5c70282429e4a5039faff98be1087a78ec4eceed2329715cce2bfe7d1c |
| SHA512 | adbdb810f20f198119b23542a6a499111e7d517a1edd4a0e5d2512f897bf45179d2450d0f0a2c03d338b2f34ca000a8f85d71f9690e62ab9f88058ca71d47bff |
C:\Users\Admin\AppData\Local\Temp\qksYAoAI.bat
| MD5 | 89246d90e50074b89fc8dcfd8b6c1af2 |
| SHA1 | e445c1915df64be2dcea7bf30a45681ae8ef7f31 |
| SHA256 | 645efa0e2cc16d3a7c98efbfae454305ae5a2356af3fd22627122d44605b0e27 |
| SHA512 | 815a7234f265b3160efd2ab079ba18e721154731227165d246dad705222c7b2a8e5d7b274eca27642a6cf43c012c23fe2f5f75af2802c2030d5968d8f0cffce9 |
C:\Users\Admin\AppData\Local\Temp\gAIMwsIc.bat
| MD5 | 24f67c301394ec9296b032c0c77c865a |
| SHA1 | 51c55a4266cde84a71be33dc07d6a5851ab1d47c |
| SHA256 | 4b6052aa9926fa8ddb4b396333dfd76261a4ab9cb5b50c338e8b4519f9d5a9fc |
| SHA512 | e8a3325754d6c33eeff336e987e860b49f47c99c2e4304bfaabb7e8347e27bf92e73961ba7ed903b8946465a7e793fb7315828a724af7f3d572d283208864493 |
C:\Users\Admin\AppData\Local\Temp\iCAockkg.bat
| MD5 | 05fd0cc2988cfc519f2361ae7885ddb1 |
| SHA1 | c93e173831295f36b0dbd9498fb4e51cbde28d83 |
| SHA256 | 65667270e0e217edfe7de84838e05590a441e1b415cb17dea9c8a2f71d0a87cd |
| SHA512 | b35c0652238a207ad5a103f09de93bff68547116e65c6cbbb7a667a914600e8bcb80e5e91acd9469502c3760c1a461382bb20da4fd0403622e74bac9b47ca057 |
C:\Users\Admin\AppData\Local\Temp\bCQcIckQ.bat
| MD5 | fa68efa64509d07f702c2d7ffae44cf6 |
| SHA1 | 3b73017d040f1df3de20bae6f90be3d404c92405 |
| SHA256 | 274ed49da73da87878509e8303fc0f6accef904ea6d0567703d8dde7cda4b14d |
| SHA512 | d079242d0faba7a4e467675fc3e252db2a4d77c7335c04b09bdabf8f761a0cae2faf1b7b0cbeab3b2d89dda479cc6fe75b9190d8faece8b2c6c25c6fc0c46e0b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-19 21:42
Reported
2024-10-19 21:44
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
108s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (74) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation | C:\ProgramData\UIkccsAA\KEskggUc.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\xOccIQkc\myEsgwwg.exe | N/A |
| N/A | N/A | C:\ProgramData\UIkccsAA\KEskggUc.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\myEsgwwg.exe = "C:\\Users\\Admin\\xOccIQkc\\myEsgwwg.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\KEskggUc.exe = "C:\\ProgramData\\UIkccsAA\\KEskggUc.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\KEskggUc.exe = "C:\\ProgramData\\UIkccsAA\\KEskggUc.exe" | C:\ProgramData\UIkccsAA\KEskggUc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\myEsgwwg.exe = "C:\\Users\\Admin\\xOccIQkc\\myEsgwwg.exe" | C:\Users\Admin\xOccIQkc\myEsgwwg.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\ProgramData\UIkccsAA\KEskggUc.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\shell32.dll.exe | C:\ProgramData\UIkccsAA\KEskggUc.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\UIkccsAA\KEskggUc.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe"
C:\Users\Admin\xOccIQkc\myEsgwwg.exe
"C:\Users\Admin\xOccIQkc\myEsgwwg.exe"
C:\ProgramData\UIkccsAA\KEskggUc.exe
"C:\ProgramData\UIkccsAA\KEskggUc.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xygMQIQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AqEscIwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ooUQIAQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IKEIAkgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iKEoMoIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WgcsIIsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NykEwMoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dqMYokUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xMIoEsAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QcswYoAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QEMUkIww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YoIQIkkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vAMswcME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FOMQUIME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PqAYwcMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FkgAkUYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\USMEYMsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YAcckMgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kesIEgAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LksEUsQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VsckkQIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TAQsYsoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VyAUEYwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GuQAsAcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GggwgYYE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mMcwckAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pcUUgUIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fosIgwsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XSIswkkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\swwsQIso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qKAIMEIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KOoMsQEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pgMAQAwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xoEUIkEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lKAAAcAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lUEYkYgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yOowQAsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mUYUQgQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oOwwYggg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rKkwQkUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LIskogow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lwwgQAYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DYcUAMkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OUwEEQEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ggEgUMAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WMAQMUAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VmsYUsMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FikokIkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FOMEYMIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rSQgoUAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QIgQUcQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KQYAQgsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mEscsQEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HKMAoEEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RUokEscc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NqYUQgAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zAYsYogw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KOYcQMAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GiMsAMgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cEEMMQoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xcIEYsAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pyAAYUYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lwUQkUgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DQckUYoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OOMAkYso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OIEgQMIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oOIogAow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LkAEEoUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HEAcocEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pwsIUsoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DogscswY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eskMYkAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YUokUkgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DmUEAIws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bMcgMMgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fGMAAQgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\beYMYQME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gyYkgMYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gYYokIYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kckQscsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PakgAEEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pEMccgIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DQwIgAQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RIAAoMwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aAIwUcIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qGwQsAgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cwwwkckY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AAEMIEoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tqUoccME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BmEQIIYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\voIAEQEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EWcwAUAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IaIYsQQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IOAYsEMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eUIYsEwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xcIooocY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VEkEkIII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hiwQMwQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\quQQQkIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SocUUwMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yoIkQscY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pUUEgYkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RYQsYIsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NegkwgQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lKoQoUsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YKsgAEQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gWwQUoQg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe -Embedding
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fagMYYwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VswYgYgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NaAkgEcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MuUoswwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wiocIIEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pCoMEcMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zAgcAMgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NYwwYMYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VyQkEIMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EqgkQcUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qoMwssYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IwMAkkcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LyEUcwYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BqsIAAAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ncosYcgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rggwMEww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XcsYEIME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wIYwgYAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qyMoMQEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gsIkoQcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qOYMAAcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.169.14:80 | google.com | tcp |
| GB | 172.217.169.14:80 | google.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
memory/2032-0-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\xOccIQkc\myEsgwwg.exe
| MD5 | 41b405e6c581c2abdbd4c5125a3b4a15 |
| SHA1 | baa2f93269179d24906f444f7ee96adb875c803f |
| SHA256 | 09bbc96e6696b2982930e70cb9ed11a06513f57e3fe046cef9eb5263cc0193d9 |
| SHA512 | 2a7c67afd9ed053e9c24fd8a1563210c513ba107bd7b5ce0f0eb818f0865141b227f1b55245aadb317a54c2f0be09529120d7ed53dead56969e4e8b0c9bed954 |
memory/2692-6-0x0000000000400000-0x0000000000433000-memory.dmp
C:\ProgramData\UIkccsAA\KEskggUc.exe
| MD5 | abd11ecbbe627ec5b26e7b6584ce2b5b |
| SHA1 | 5131cbbfab331d62fe15ee445dea05422ca6845c |
| SHA256 | 0971b873ea46ed72ffe8fca4be3b69d80f6bdedfd9bfd8b633e859326ec03290 |
| SHA512 | 67c4422cded74f4254a820e71780a8978269d52f1485e55fcbb0927778a47e931cc1b650005a2fe124929c935cd3dda2aef8e3887a4f75ba304ab823264a3f79 |
memory/1480-15-0x0000000000400000-0x000000000042F000-memory.dmp
memory/2032-19-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\xygMQIQA.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\2024-10-19_07540665a1eb01b36d37811081e86979_virlock
| MD5 | 477256402c581beed8f9aef56cebfb0a |
| SHA1 | af541187d2a0baaeb1329c6234c6007c5ef322f4 |
| SHA256 | fec9aafbd19c3dacbec0b2b1168d0720bdbc510b53919b628de736d15971139b |
| SHA512 | c2d14818d3a7fe9e15627baf34527fe76213e5d515e6995a81349dfae262ee57af96850eb6c61f486870474b853237a35d85cb295b84eb9b62ba80595cbe5a85 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
memory/2980-32-0x0000000000400000-0x000000000043F000-memory.dmp
memory/5016-43-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4032-51-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2016-55-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4032-65-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/4608-79-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4676-90-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1136-101-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4272-104-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4272-114-0x0000000000400000-0x000000000043F000-memory.dmp
memory/5116-123-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3612-127-0x0000000000400000-0x000000000043F000-memory.dmp
memory/5116-138-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1292-149-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3092-162-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4196-173-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1432-184-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3540-197-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2304-208-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4272-219-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3668-220-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3668-231-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2488-234-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\xOccIQkc\myEsgwwg.inf
| MD5 | a02bf708a8c41ff1ced08a5eb9392abc |
| SHA1 | 450d3d4729d2986c68dd700417e51062be44e7bd |
| SHA256 | b75e66f4837fa3871a91c622ef29834e6332d4b8b0a6a989a4797c59fa6a941c |
| SHA512 | 5c7fba7eccd983ff5e00838550736f8bf7ef29703ee1110d84dfcad89a8ad75388dbf3483031930416e1049c3157f37bb353b5bc624febf0e6f9a0f8cfb864a6 |
memory/2488-247-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2708-248-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2708-257-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4660-265-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4228-275-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3112-276-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3112-284-0x0000000000400000-0x000000000043F000-memory.dmp
memory/456-285-0x0000000000400000-0x000000000043F000-memory.dmp
memory/456-293-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2436-301-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1356-302-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2436-312-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2032-320-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3600-321-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3600-329-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2116-339-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2396-347-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4852-355-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4448-365-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1096-373-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2040-381-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3792-391-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2440-399-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3596-407-0x0000000000400000-0x000000000043F000-memory.dmp
memory/5052-417-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2200-425-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2780-433-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4744-441-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4556-442-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4744-452-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2196-460-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3816-468-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4564-476-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4556-487-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3688-486-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3688-495-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2196-503-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3968-513-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2032-514-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2032-522-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2940-530-0x0000000000400000-0x000000000043F000-memory.dmp
memory/5116-531-0x0000000000400000-0x000000000043F000-memory.dmp
memory/5116-541-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3464-549-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4692-557-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4072-565-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2436-575-0x0000000000400000-0x000000000043F000-memory.dmp
memory/452-583-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1004-591-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2372-601-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3156-609-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2400-617-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1464-625-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4812-635-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1644-643-0x0000000000400000-0x000000000043F000-memory.dmp
memory/656-651-0x0000000000400000-0x000000000043F000-memory.dmp
memory/1120-652-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\mkAQ.exe
| MD5 | edf08524c2ee7147e8912e72bcedbb7e |
| SHA1 | 914628fd19e68806aa98bc568691971056358eed |
| SHA256 | b70fd5618f7cc3210bf03e72db47e07ef62be813e3b90590585d828e6ed0bd3d |
| SHA512 | b3ea1cf70e235850227881e104e0b213b298fe24f176ed3fb27e1ef9f2f3307c82685a0a267cb89d0b4e1acd344fbb62181ee67957c4556d061db5f8fdbd11d1 |
memory/1120-677-0x0000000000400000-0x000000000043F000-memory.dmp
memory/2192-700-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Aoks.exe
| MD5 | f9f8b50c5501e3290b9fb4b5469cae63 |
| SHA1 | fb385268d5e6903f921585f5f7541bc909db3227 |
| SHA256 | b0123ffcd3dc990637cfa8a2ad0d760aeaba2cec625d53a08b3029a866e54f7b |
| SHA512 | 9ba5b07ac42847baba6f88b3f2c17d4cf99fb30d0d1b07463d1edd87c0934655b52675f354f42de109f35177c9fb74bfc9a91bf5fb68cce9454841b36d3064f9 |
memory/1988-687-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EcAK.exe
| MD5 | af01ab4eb7ff39496ff05099a79a2ac7 |
| SHA1 | dd4b82dffec68fa84798c6f8724745ec8e946170 |
| SHA256 | d45feb930fd0a9a12a1b2ca471b6d6f0e4af468724b37940935e568880ec9911 |
| SHA512 | fd700dcf8d7a371e8da67b31d0747c349cf21926a5f29e8985183703ff862f652f9058db81fe36e115365660a6fdb87feb62b91b224d95810134935edf582fce |
C:\Users\Admin\AppData\Local\Temp\MkwE.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\Users\Admin\AppData\Local\Temp\ygAU.exe
| MD5 | ccd2eccc0c3150c0321179bc02b4d7ec |
| SHA1 | cffff2158b72645ae8e0f11d7d7cd668f9df9806 |
| SHA256 | 5f85246fb9cdd422654867a1b8bd77e163c9f990c4a470af5a523e4e647c1511 |
| SHA512 | f655150f3a462a883f99db20575d4b8b66a40e57fd4c9bab25c0d2a2f298d584200d74bb322da9f5ab5dad847503200b9395306d18cd6896c1646d0cf51f0483 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe
| MD5 | 7b06b699a0de6e7c54f7eb5ac6d22791 |
| SHA1 | c71fea478cb83fd2c699b47201a0a0a13819405a |
| SHA256 | 940cd423fe4021e95078dfc9b3ab000c77c7f2910c813b5145a467a3b17e5731 |
| SHA512 | 56369d10d170c9232f6f067f42747abb899cfbec25b453e37c2fa06cb1f9a6e16a042a64c8e6839293329c25beb1d55e04ca0f94c3e7b38cb6bec4ca34db672e |
memory/5088-747-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\YMgk.exe
| MD5 | d7c40fbdb19cf327f16397c68f103bde |
| SHA1 | 31c8cba1b4a944be4ad667f065b02d6850cbaf88 |
| SHA256 | ad9b2c968c6cb2137283f4134ab309041777af8e9529cf43328178defa14647f |
| SHA512 | 096ee7fc2bc373dab5081ec8d066ea424cd7f98a64fc94ae49d83ad17fdc76ce281c91b355dcc283a506f7be689df280fcd252a40cf2d729b4da9ba2cfc10019 |
memory/1988-765-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qUYm.exe
| MD5 | f322fb6734a8071ddd8b0d6781da04dd |
| SHA1 | c77efe7ce15683de5ab2b7077108081ccdc97c04 |
| SHA256 | d7f657fae8d66c2e5688805d4355dace4c63b5ab3921ea5cb47ec5fa95b62485 |
| SHA512 | cd97709d4fbbfe747ac796104f950423e4483c4f7993815c7ca43ea269ea0c9a36db3006f00f97b161bb49af2d37e444b6a14d27dfe73ef05f0526e7d40002dd |
C:\Users\Admin\AppData\Local\Temp\Ukwy.exe
| MD5 | 29bcee8fc9937c21a3f288283f089f46 |
| SHA1 | 4470e6828b4c5381f98d4bc961d80abb85164fa5 |
| SHA256 | f232c3326deda7efd575bb4c8bf7bd1625ba1ccd15acbca00796c7ba15533d43 |
| SHA512 | 33397376c9bac5a27663bd3ec79f4a89bbd59225c7b6153d8c99261dbe5c99e50aac990ca73a537f414e564d7f79dac1ba53c7586bdbf2850131c2519ee1642d |
C:\Users\Admin\AppData\Local\Temp\OAkw.exe
| MD5 | b0deaacc30efb601464388c866d39275 |
| SHA1 | 2b1efc3f4dc98cb26016f8f5468257c0d7adb530 |
| SHA256 | a013983c46c309337611a79d805b87f5afcca19bd2cc6f5644787c49728a7c87 |
| SHA512 | 8a97245cd9c13bd8389be446683ac6119e5c9669eca3681c465a0a9ab63c4578e3e67d4898052f0c563a5363f1b029066578156e7550bae6bd1ea8789fae0882 |
memory/5088-815-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\mccS.exe
| MD5 | 95afd41ee3c7ab3cc9c8d5bb54588ee6 |
| SHA1 | 1122851ca350eb82fb75f753db6297b4bf6e11a6 |
| SHA256 | 5145b816ce1ec177aa21be368ba2555f2f77785e1934480342bfd0acb3050500 |
| SHA512 | 98aae04705068a4d71d657481400a23228260824c9fc192e4828150dda971213b2595000603c486f4f0a029c416d572e754e1c99b7f3397c5147dbb3aa7878d2 |
memory/3816-832-0x0000000000400000-0x000000000043F000-memory.dmp
memory/3816-854-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AMoy.exe
| MD5 | 3c8c888673ef356dddc5341d11f115fe |
| SHA1 | fab627a3e1c56aab0c506e48118b2c1c23e53dac |
| SHA256 | 02d974aad7a85a7e6e0e096756e95cfcc6910f716b92dbb9dd4eb73d0661a9d8 |
| SHA512 | d87508b01865b417cb6e75078e466846158f9eab3d46384df54147ff45981ca11fd1ba12f15dfc0dfa57fec70cffcf0f67e14c384051a6374990cf3197734d5d |
C:\ProgramData\Microsoft\User Account Pictures\user.png.exe
| MD5 | 48de21041c6fd015da875e20144cfb79 |
| SHA1 | 9abcb511c1cd0f9361c3accf127e0049c2f588a3 |
| SHA256 | b622aeebec95750e0afa08b0216b4b285aade4cb4c9c93839a3b8601e04c0a69 |
| SHA512 | 65787829f5d28c2a650eb42ef173f10100e4b0701027a0ee37e6cd2defaa4d5813157568cd9434a1c9dcda68e2179160da04d137979a51aa5d26539a69d55dc2 |
C:\Users\Admin\AppData\Local\Temp\qEES.exe
| MD5 | ef147caf0f391662e7edf2654a208282 |
| SHA1 | 3c3ff34d5eb5e5da4d33101949f33e9780b0dd53 |
| SHA256 | fb63615824b33563396e7d7a9671657c48d6e5fc0bfea3dc1024a4722320e2d3 |
| SHA512 | 18196aa209337fba651a5c3439717080fa7a9ba34e393937b2ce37fc6eac0eeb80c2e2256ae614b618d890427e02b1b72f63019b88757835203e2c2ef7e0ff5b |
C:\Users\Admin\AppData\Local\Temp\yosu.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\ksss.exe
| MD5 | e079a69a561e420ed5102cf0093cd964 |
| SHA1 | d3a088320e21a4d3430dd9731a12d730de32271e |
| SHA256 | 5d1382f13811904e10aceb22657901886b4c11cd82e1c4981ed44d97eb319504 |
| SHA512 | f133a2157f57f86c2ab1a99c5070d2689202ebe67ade9bfbc1030c8f064514c9e05d36a2022e4046ef6ac8d02d53c431f2621d292b2c0810c99bb1780c337687 |
memory/4056-904-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cQMU.exe
| MD5 | 16fc2f64cbbbb308e3d8341fd55e5315 |
| SHA1 | 569a7a13adb2792f80d99badc383f5d3bba04580 |
| SHA256 | f6f283897b76b6f5029979c425c07ada8ca8fd9cd1e23e70ea9803bd8713d429 |
| SHA512 | 3e5dc758b53d49b0ac459ff2bffe14e4a5ca6e59e24da95ec6a469f345bb1f6de8ffc771bb517fafefa91025931eb1becebe5b27df085af0b44e20f84c9c72b6 |
C:\Users\Admin\AppData\Local\Temp\kAsw.exe
| MD5 | 795a5ad75238cba12d3637eb2462ca32 |
| SHA1 | 839a1c6d2f0631694b90b25f9066221c30046311 |
| SHA256 | f4b88e82137a85bc4678fc1b0f34d5423409d764a4c145ba0498d4b71300b944 |
| SHA512 | 235fed293e6af8e926c9db7c18b8b643fd048fe0eeea0a1dda6647d066d4c8de1524e58fb392836db1e4d3e220a67edf25da75dce36d3497d38f0132154b722c |
C:\Users\Admin\AppData\Local\Temp\ksQK.exe
| MD5 | 8e7dc35bb2d4cfd5ecc0f01e437ac968 |
| SHA1 | 5a6893e64e9bbb7891a195e0fb646b5a89d25f98 |
| SHA256 | 37829f1c22ad8517f377d527569e13d1839b0ce3bd2ca112e4ef2ffa7288b5d2 |
| SHA512 | 89b3fa390238b435593df6a04ffdf0865ce55fa2318e7543fdc40e358f6184f7fb4cb75a0c4642e83cc8c18c4f8a5372535ddb94fa87dcf5dab7873fc4319343 |
C:\Users\Admin\AppData\Local\Temp\EsAa.exe
| MD5 | a6427b8c332d18c5cf5708a60f32665b |
| SHA1 | 3d1aeb085ca3ef8aff2dedcc16500a58bac8c041 |
| SHA256 | 3a60a7def7ba94c69defe42aa845fabe563750d7595f1627aea99aa3e73f0a5f |
| SHA512 | b74790363b37df618585d1aefc62953691eaebc978f4b0f15b7eaa952054c4da607ee2c61bcf95a56de10e95c97ec4990dda2ef027d61abdb22f01c1c067e5f0 |
memory/1732-968-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ckIC.exe
| MD5 | 11d48829a09396826c24daefa98124e5 |
| SHA1 | 5f127ee3b4ce71bd941baf582c003f08d777b8ea |
| SHA256 | 4402a29c04123c0d7993b87fc4b7ca2e8bdb2315f528f4859f409b10f8e2525b |
| SHA512 | 2b3e4f76a8aa7ed344a79c8c9b25faa00494bfe615c54f4041b8092e701087505bc0911efbaf2ac4c69164b59e8b6d11bd0e350664d1a98b19d342f53966ef3c |
memory/3816-999-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uYYq.exe
| MD5 | 78168bc0c4af84b661712cf6471a53bc |
| SHA1 | b6f98b1e0da17140673dd1ab128f9cc7ae04fcce |
| SHA256 | 0a59d8e4e9ae2d4f93e7ee0c96edf13a7ee0c2eaafbb7f943c0c85dea86fde34 |
| SHA512 | f4ef2b92da21543b02cccf8b1d8bd6b47cb5803a907f72ea2edf2d22b6f6e03c00edd44732fa8fbaf6a1b3690c522a6a508ea9d028407d0177d307b409e189da |
C:\Users\Admin\AppData\Local\Temp\iUkK.exe
| MD5 | 3eecd31c835326edbf5b2d6e86b292db |
| SHA1 | 0d372809dc3ecb1b61461b9fc8433fc65d242eb1 |
| SHA256 | 558a0f1dde78ed71283c6765127e55498b604d20018a3361a0cbefdaecbbfee0 |
| SHA512 | 17d1b0e328e8fa81eb4a5a94f4791f9495890e21bdad21ab8796f93d8a73e57d9e3afa25d2084e98ee9b05beab5958083252dc836974a904d44e71434d74964b |
memory/3816-1020-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CYAa.exe
| MD5 | bfc19e6ecc9a9c5713a385b8b18cac12 |
| SHA1 | 4c60b6a2cc39b30bd9860445c99ea9807160e9b8 |
| SHA256 | 06af233ba8597d4133469bbcb1c4084660a0b6e3bdc746c2001a1145dc5a9914 |
| SHA512 | d1e14baada7f25c63eb8efa526cb01f87fb485f9644b69a97d87655c2174fdf23ae436063411d60016188fdb04d98d194ca2a49ff8105f5d5bac76b6a3e68606 |
C:\Users\Admin\AppData\Local\Temp\ewcW.exe
| MD5 | e7d4da535a3d896acd032d75457ad18c |
| SHA1 | e2ad53ce1c4da8d9a1246c0ccf91f01238cfc067 |
| SHA256 | 5a67a438c2181d36cbc01be569975630be48598e9289c7f5602c46701d9d46d1 |
| SHA512 | 862c12f3c62a34db4635dbda9f248f10775e567e5f4d352da00523836302e27276230915bf03afe965a81d58ceb487735c447328b43fd1dbc3bc83c8e71a7c1d |
C:\Users\Admin\AppData\Local\Temp\KMYw.exe
| MD5 | 9b861943a5ce6ffdb0e76d208c88a597 |
| SHA1 | 37ed9f493d85559f8f78758f5ba985c9ed6279e4 |
| SHA256 | 36feb5c21456bf93ae95db7baca1b6ef6c140a733cc9a053c2ea13963c1ce0d9 |
| SHA512 | 63dd0770d061a98b476102187766177d8d378964802ce496f2b36b57136329709a994fb363339bbaebbd7a258650b55e2767a0e2a76ec181b0faa91904553a4f |
C:\Users\Admin\AppData\Local\Temp\yAkI.exe
| MD5 | 724437b5392ffaac1da99afc075877e6 |
| SHA1 | d8e8f90d2e63774bba76e6d402b095aa40801045 |
| SHA256 | aca988ddd6db4bebd5febe742147e7448fb318de32bb7d36edf771e1fd024755 |
| SHA512 | 779ee05666d84e888e840d99d3b3ac26e531aa6deff6b495b469ad5047beb375d5dbaa81c14aad5e35bf3b6e69549fc3a4c54f14c024918440df114cf2f373d0 |
C:\Users\Admin\AppData\Local\Temp\wwgg.exe
| MD5 | 8a5716a8bb6c2d8e4a1c6e6a4228b49d |
| SHA1 | 44eee6cab120c4694c265a9803d9686a7e55f622 |
| SHA256 | 0b2babf043b6bccab351251091981f3839b4e88577f3ab011d7df3a6202f0952 |
| SHA512 | 8672462a862d35211bb94f1641685668efca912546ddba4effb2b4fb9842a366286d9ba025938e7d3f616ce802aee986f195cf19fd97f7e8963e0441c73c71fa |
C:\Users\Admin\AppData\Local\Temp\OsUu.exe
| MD5 | 2cbccc637dd77ed469621d0e4e537bc0 |
| SHA1 | 06bcf737788516b4a74fc9571f4b3021ffbae207 |
| SHA256 | 88a656535302ad9493f6d29bb0582157525a1fe0ea6d397550cdac52195192a7 |
| SHA512 | aeac588d2a0c09646f0ae21420afa824e2b25acd22b75034cc9c6400c90219a8880f92f95a9cb10786d7c4797be1b3e96d9a6e9eafac3111017c9c8df5cf12cb |
C:\Users\Admin\AppData\Local\Temp\cgMc.exe
| MD5 | b50eaf1cc63b22da71b41cda6d50a7dc |
| SHA1 | b9e3ac7b63ad1b5c6ae65582205df865d3601f22 |
| SHA256 | e770d742af4b27ffde39650c06a300732e0c0b46ec0ca978af9183d134641779 |
| SHA512 | 055dfa4a0135e485c9aaa9da0b93e3c08a273f87d10a8c47c0415994903aa5def91d6d859ef15b226f97f6cf1dd86e9e9faddaca4e4d707ad61cd1cb66b63753 |
C:\Users\Admin\AppData\Local\Temp\qcIM.exe
| MD5 | 86e7fe7f5b9047aaa416799ead06402a |
| SHA1 | 30429a31981e2bbe799d4e7dae75be8317566473 |
| SHA256 | 7940645573d01e517bf5f427878472eba7b09e840e8eaa7dacdfda55806e87a4 |
| SHA512 | 9be6327770b42198c11939ea685631027e2e5bece92055eda31f1d2f76b56bdf05a7fad155948b7c4da375457619054038f445ded094e3d55303b41c8c9b8d63 |
C:\Users\Admin\AppData\Local\Temp\ggEg.exe
| MD5 | d7fb8fb10152ea862337159084aed1b5 |
| SHA1 | e1ce1c49b0c729dd4d69d16c555611be5d1fb4dc |
| SHA256 | 3486cfbd47381ad0e11c8107ae398e20ebb406fb22d2b310b5cbb29596d38f62 |
| SHA512 | ad6a01aa51e108d8afebb5bd5f8c35c68d21e307068aaa308d516dd67f0d839e251049af287882a3dbc44c89fe15ba5dc88400cdd43ad067df875ed7245bf52b |
C:\Users\Admin\AppData\Local\Temp\uYIu.exe
| MD5 | 75fc0214ca0df4dff40c732b98adc06e |
| SHA1 | dad2d23285371da2c3c2c06e126eeb73979414d0 |
| SHA256 | ff1ded87477d6e35e07079e3c2e6f007bbd0ffca99df0d50507991cc9e5f681c |
| SHA512 | e33ffcc6c89ede76c433ad321a7105fadf5cc99e7f9db036436be9b5df58149bd7d92c955b7267cfb1937696d985dc6e60d5e57bdd44b3fadfdabbcbeffd6208 |
C:\Users\Admin\AppData\Local\Temp\Soki.exe
| MD5 | 5e4881956258e90bfd39115ca15be910 |
| SHA1 | a184b1fe130237cde0979f7acfdf5ef17181a653 |
| SHA256 | 4718b913ae8c7b18e78b3ee71c84d7b912139af74f652a1093f2a45ca1653f4c |
| SHA512 | d1fd13dc5d5621bca8fa13802294cd534119f48a4d1f7bee3894bde07f43f5ec8cd865fa7274408b59cdb652d985a9e8cc9abe5f35a807bdabe59c16bf0c28bd |
C:\Users\Admin\AppData\Local\Temp\EgAM.exe
| MD5 | a85ab83e83e826b5958d4ad207eeec5a |
| SHA1 | ddfc161e0e07a7c1c1867fffc327e687acf7a8f7 |
| SHA256 | daa0199e1a049c9c82f8e5464e20fb9d85d671f05e61883652d44949a36261e5 |
| SHA512 | 2b78001ce3f604913090050c6f3f4bd465f91a2c308ff7469485e01717027b654a3f7d3adf8d1275929cdf40d5271782d02ec6cdb39a4235878a1fe0fa65767d |
C:\Users\Admin\AppData\Local\Temp\EYYE.exe
| MD5 | 2f1f2ec6253f2606216909d0427f3d54 |
| SHA1 | bcbd38334e07631f3f9abb02b4116c6c64118f1e |
| SHA256 | 4566bd5b956d987f5b5304c413d196ba45a9db4717968bc9b710a1b0a75045c9 |
| SHA512 | 29c7bdeca057f05f7627949efbc9a79f8db0aeaac2cc83c1bcd85df51ae9156997ed7abc5c8b9bad8be0fb5476c3911cce442270ab26a6847c5f9a8ff11ebb9c |
C:\Users\Admin\AppData\Local\Temp\GoYa.exe
| MD5 | 6d8ff3b92f21466f9dc380ce304fa277 |
| SHA1 | ab6f49df53bfa7579e4e9cb27df6ca5fa91bb11b |
| SHA256 | 0dc192eb0356ac6cf91bfa25d4383eedd774b2943adfc4dc26d612fb08457c93 |
| SHA512 | 34b9e3625d1ce84ee9a0e35ba4bba05a934c65926f5dedb93cf53f91b0bfc5b3d01f73c4a4473c28c0eada8caf65e04e850788a85857b2090fbce8859f7678cf |
C:\Users\Admin\AppData\Local\Temp\OwIC.exe
| MD5 | dce7daa7ea726a9e557b168ed084119f |
| SHA1 | 2bb422d899c27a1bd39e1662ee47cd9d28220cd6 |
| SHA256 | bcc7d8df22a397a0dcde995e255d5aba8bfd1bb9f8111de16c0f05f071af842e |
| SHA512 | dff148681fbe0732e916dc4ac0179af51f3bae7d12f345fdadbf4bd3b768e0eec6fd1759fea367a30fa59c0d1f5bfe5b7d8f5eeedaeef1ac5eda4ba5e006152e |
C:\Users\Admin\AppData\Local\Temp\ssEM.exe
| MD5 | bb04ca52f72f2302ade7986bbf0a257e |
| SHA1 | 484c6a44f1b6312ea7e158df9897f9cb7d7cbd2e |
| SHA256 | 2345a33360c21d60ef16e6e967a0948fdc793eec7dfc4917940bdf12a4731a9e |
| SHA512 | a0036f19663e6919da8c397d388d93ee94a7180bd0f85be7bb4bec1696641be1b2daf1174d805ee818b0c66a49685b1939e0534076927c04d863de4c6362735b |
C:\Users\Admin\AppData\Local\Temp\cMYO.exe
| MD5 | 8b062443ee47014f0be24352a5b94ab0 |
| SHA1 | 85dc8d6afaf4a2490a12a436574546be3b6f5122 |
| SHA256 | b050df4eacc43378b508f3013529980c8640d33a6b891a26e4f14ade27bb2dec |
| SHA512 | 769d03904b237332030ec7b7de0a55b501070acac89c528630d4044af5d7992f6b72a1dd31f3d488d308dc51d9cbc3cdb23e946467c64162403b9512233cc252 |
C:\Users\Admin\AppData\Local\Temp\wYoq.exe
| MD5 | 4d44e325353e1a4175c040d175b8091a |
| SHA1 | acaa56e639d6cdd66363943c205acb78fc6aaeec |
| SHA256 | 3ca75b63c069ea5e10586d12e8cb7ea7ec7355daea3eaa825280280ef48a185e |
| SHA512 | ca1da8067e9b22338ebe5b41ad125624155caffd467c7b1955734b1112259ff1e7b27d981efef935fde245180fbe61ef145ee7f70fd073079490ad9a3ebfa2ac |
C:\Users\Admin\AppData\Local\Temp\mUUO.exe
| MD5 | 5b7939fa1249cd2cace590e5d9c9d6b2 |
| SHA1 | f7eafa21aa96835481e792e202fadc254bf8df1f |
| SHA256 | e51c9acb9d31e79e6c75340454189a3cedb78634dad70dfde00cc55195f3e5df |
| SHA512 | f45a3e87aaf8bd4ed4436dc0f5776210a5772c0090a6e7d0a01d30c838a1fdd81be4cbdb80940e052816446fe1c8859ef00a8169c2abe89b940709fc8fe78e0f |
C:\Users\Admin\AppData\Local\Temp\WQUG.exe
| MD5 | 6f9cc4fcad80990e9f6227fa5d2a2dab |
| SHA1 | f2d340e436683d2e0a2e95a32298209cd2bcea4d |
| SHA256 | 56f665a1fdf0acea49081a236de94df1694bdb5f485ada8221e2bedad381fd14 |
| SHA512 | 6799cfde510a51bb52f6f49a8111e2c22822eef7fbc66e92d01347f29faa78471b0782b6902be4550bc32f9a3de7d9ad1be1573bcc9416aa59d085c9fbe87604 |
C:\Users\Admin\AppData\Local\Temp\wYQU.exe
| MD5 | d9520fccadfa5119821d7df10630debc |
| SHA1 | 75e41e67b13e75562647df4da4f54171a6c4d83b |
| SHA256 | 9bc4c05d86091a854dd67ff863f645609a29c9d02eb41fc0e803f5c4d4f3ed96 |
| SHA512 | 281d4260281988762680ea945293a4947b13072ee715afc11d64cf97f45eba8eb445b65be3ebe437a33a23b3b5773d0407b7e39a912768272f077821a4251439 |
C:\Users\Admin\AppData\Local\Temp\wYcu.exe
| MD5 | 336ee0fffa38f00bca9128eca45857b8 |
| SHA1 | 76f6a4cc75c7e4da7f4a3386cec7152d052623df |
| SHA256 | d371a6092f19e2abee716dc3f5f816d175861a4e9c05704e0e925ee2f4876aee |
| SHA512 | 8e322c5e4a3f4a7475ce877287143703c303e5b78deb60801e1320d1bdf416b329e968bd59129ce2c753fd25a3486c6cebc5882f4046916c0089b7ce2b3f5754 |
C:\Users\Admin\AppData\Local\Temp\EcYm.exe
| MD5 | 6bace8945ae37fdba5160e7631a1963c |
| SHA1 | 41314edc93dfaa23a2e667808a228a76978ab1ca |
| SHA256 | 0a8e07aecd441188a50a7ff8e06abdccc8bf11e813e71b3781d046ce604a1734 |
| SHA512 | 81e41a28a33dadc370494086ffca1e35bb18dfb7cf83c1fc57bc7f7913cc2d08c2da626564bb8bb4e42b242378f79909c5fee7991c2d8d1e8da5c4e3ea44adc0 |
C:\Users\Admin\AppData\Local\Temp\Mcco.exe
| MD5 | 9d6f5c257fbf33b2946d9b461c3b3516 |
| SHA1 | 5284daa55fb9fea939a33808aeb4cf3bc642c6c8 |
| SHA256 | 5fc8d9d3034ae7cc7ed3c425d7b004615aeb6218580a97971a1544bdf6a0b35b |
| SHA512 | c360eef39fc4cb9f909e680d8bb268bf2e93fdf5ac5e2eb50996388ff4f6c1b040be87bd7bee1a81ded467e2c5d50d1330553ce2c38d1800020fb3db917208cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\64.png.exe
| MD5 | 1ff7ee833c69769d11ff178a5844f618 |
| SHA1 | c1b25cded230f933514f8da3bb4a40acfaa1c7e6 |
| SHA256 | 1fec73088bdabbaf40a8920878822b2284a6d4075608ed1b0d9ea8f8f3ee72c8 |
| SHA512 | bb4ed7c7b9d7ac6381d6caedba9968e261316a8b53133dfe7ecf44134ca4c1f63a48e2404dd9a4c0894bf2864308ecc04d7af084812c81ecf6e91b710096db4a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\96.png.exe
| MD5 | 352c16c74398c222db8ab777930ca133 |
| SHA1 | c4c15c61ced7b460999c76bf2285e8a15d2b6e94 |
| SHA256 | c0ce7cb544638d170f8feda9cc956371a6433dfaa2962ff3556903a23a323f2b |
| SHA512 | af4a76b5f747c65864e2c5e9d786121202afc04d23c11c3e06af9ad277d23b6c6254b7493502a2fc8bc0006f7718ae0c5bbd373c92a533a726a7335fa43d8746 |
C:\Users\Admin\AppData\Local\Temp\SgYc.exe
| MD5 | 54689b65b2085584051cb611b184f03a |
| SHA1 | 367399f1c594ea9f47510ba0b1ad24831426af6a |
| SHA256 | 1e0917fc72ac4dded9000cd16ebfd1913209e5764a7d1afa3d236d1cdcf324cd |
| SHA512 | 9aeae78e83404eb0d5236bff7961fd7f568a3439838e02fdebd2fe5563be7c915bb325e8b5f4f9cc0e4620eabc3c47b0b5304395c94e020ada5b11176f7a34ff |
C:\Users\Admin\AppData\Local\Temp\qcsw.exe
| MD5 | 40679e75d11b550bc6ca9e73f2e17138 |
| SHA1 | a29fdaf4f35159e2b3094f4451a49c01d3c66797 |
| SHA256 | 6ec7906836ad16de964a8f1317c7173a5a87370a209fbab2d275e6ee2c65a411 |
| SHA512 | 0dc6911f945ac6db9d73f1c72aac86456c4ccfd2e406f18d0891a7ed54592bb9175b664c817af49f232a3627a3ca99dbeb818fa8908e726aa6e01f3906845124 |
C:\Users\Admin\AppData\Local\Temp\Iwoy.exe
| MD5 | 64d400c682512ddaa47154efb6a0a024 |
| SHA1 | 3e14dcf84cdcbb66f06719357f612bb3dac0471b |
| SHA256 | d5dc40fc457d8900838ddeb633c5b8a1899e248df1cfaa3cdddc2cf533f7dc53 |
| SHA512 | e71e6405e5c3b0dea56a1ebdf4a0425889b12248194ab8c4179c8c32364b2229bb34cb81f865cb12473138a96da3ac09fed32136423ff27d63de2a2060b34fcc |
C:\Users\Admin\AppData\Local\Temp\Swka.exe
| MD5 | 92fd8c877f0363b0237ee8bc61bd8e9c |
| SHA1 | 8bcdd6c5633eb295164e45ba7d9b57f21e69ba7f |
| SHA256 | 6ca7f29da1b6c5d2b1c6d11bfbf125aaf03de4f3b439e1a70c402176d1c15736 |
| SHA512 | 4dd4f37880b6a070cb9c9387bd212462f47879a48e810d5ec5290097c075c01b510394569582eb9caccbbfd2ca327878b92cfd01f9c8c84850c934947e6830ed |
C:\Users\Admin\AppData\Local\Temp\eUEI.exe
| MD5 | 73926537d9bc86b9fe29cb56afe5fb29 |
| SHA1 | f0fffe588fc7d61227473faa85397a35017d1b69 |
| SHA256 | 6af2132651f7fc107a4a8758cc7ae683c03770b985d1aa1c90fea4208c3e090b |
| SHA512 | f6127b15966fd4a9928079fc3bceaf0f04eda7830c4e2ef3bb2d3f47e61f7973a3e8e5827bff4d5711f69462656119f7565cbbeb25614ef26e66fd27a472428c |
C:\Users\Admin\AppData\Local\Temp\SQMm.exe
| MD5 | 3ab6acac945dd75e2ba04db0a3924096 |
| SHA1 | 16c5f72a7dddbafee88051885e6f0b2673e6d5ec |
| SHA256 | 785fe98d5dfa2e186704fefe301c6dfb4c7587e8d225612db0edb86e3b2cef0d |
| SHA512 | afd20e34dd3ebc7a5600109fc21c987a2ce8b036ea8437aa35bdac62f0e0e601f4ee5aba374c0d0a412433972700139ed9be67e25ef856a002a6f2acb35c66ef |
C:\Users\Admin\AppData\Local\Temp\SoMM.exe
| MD5 | fd018d4f56f96cf8d93bec581cbeda03 |
| SHA1 | 434067d9c039fe563c9ee1c5544b7b2665864c3f |
| SHA256 | 801912a8d9566d9dcae82d7bbf4da45f375fdccc4b0a9a14e1cd3d10ab853d20 |
| SHA512 | 1156bbeb43d46e44960e3181b44252753034101541ff4139cee68d872b7172180c221945a81e410211d4f0c3a0e91fbd106f374d3b1c52b53fb62ac4542615cb |
C:\Users\Admin\AppData\Local\Temp\AUkG.exe
| MD5 | 346970945754f03ef78345e23ad3d1df |
| SHA1 | ddd338746c7cf08bac4be7d21ca5a97f811f82b0 |
| SHA256 | 3ac9789e6a165bc22179903a8e1a78f38a40660e3421545c87fbd84c55c6de4b |
| SHA512 | 5d72b043a3ec2089189e35d1a803045e5d3da81bde0a8c84747a582f90a0d3a2d206abea98e2e25b214518352c999c05f6f0614fcf54ed6dc85c8f2e28283db3 |
C:\Users\Admin\AppData\Local\Temp\sgwG.exe
| MD5 | 9b866197116e518d902490bc79b0e416 |
| SHA1 | 25da110138a82fba0f296250ac036a947daaa811 |
| SHA256 | ccb3f171db821831b48089b8d7ae6e9905dbfe9a5ed19e20fc33db605ac0bf25 |
| SHA512 | cce825c2c635826ab8b09b08e16d0e7fbd7f562662933408e00c8212533a99c4260317547014b17f993b4b83bdee262d9450ac93ab7f14bbaa64134a15e88828 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AutoPlayOptIn.png.exe
| MD5 | 1cc2d6bd2d6cd9e775c324dc8e93bd7f |
| SHA1 | 1957781800a370225fd0dc68f9637afe69d1f965 |
| SHA256 | f9b0c8c58382a5fde6139840fda572c65eb95a0bf8159407eacef10ecdb62405 |
| SHA512 | 15ab9ee15d09e77da34c621fa9a4b7ca2179fc8d657445c3e4087ac76246fc71e2e795b6e4b5f23c36305622a709da0c687a7b109c22ab96b788a3c060bb49d8 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ElevatedAppBlue.png.exe
| MD5 | e57d6e3bcc740d45ef6d7e3285838f1f |
| SHA1 | aea202bc8968b49d3903ccb0909273e0e6198547 |
| SHA256 | b67a6e4d44a5537e4d86fe6afef81f4112e11a3ea5dcbe0d5e2d23022d114f1b |
| SHA512 | b6daf82e66bb50ac427fdc060367b490ccf70a9a8057e9d7948b38791ce3154722381ded90114872940d9c5f8ae2db874a4a7b218c72067232a7e5b922d4c974 |
C:\Users\Admin\AppData\Local\Temp\oMAS.exe
| MD5 | 642a2289ffb0226eca91e0c8454b0d37 |
| SHA1 | 4a81bba7d6b6a383a94e09ea6e6dd8e919f1b3d3 |
| SHA256 | c19a042eed97efacb1a51555ab4145e855143dd35578f076371b05cc4d64f918 |
| SHA512 | ff2d15db9c75d0d6f54f2f0319a2aec7b639dc72ad2b11698b7134a422f0cc3396fb2d6640923b2d0c12ca34c5f1db497cd3550d99a9a3a8dd729d2e022c138a |
C:\Users\Admin\AppData\Local\Temp\AQAu.exe
| MD5 | 85743303aa84a3b9421eadcbdcaf1d17 |
| SHA1 | 6f8b78d49e7ac04dc3c10f24ff6040b65976a027 |
| SHA256 | 70f886936e4a237a7ba8e0f059a14b05b051f8aee9567193f2feb968b0aa2354 |
| SHA512 | 682a23e9ebdfd6efc42e972fb9b6b0de3e9f8cadef683f584738f5362b259bb9f7f0a203c62d8b0522a66d3cf320cb0bef72a2075be44b4af93b61ea0a565345 |
C:\Users\Admin\AppData\Local\Temp\UcIG.exe
| MD5 | 27582b94e99d0694eacd17002b49f260 |
| SHA1 | 9c1d80f790c338bc418d41344a80175e4316c948 |
| SHA256 | e62a7eca858fb1019e5dd7732d316b262e192ca06febfeb978ac990f23743b57 |
| SHA512 | 271ecbc857da226e91e7002487ea41fd0778b572f1a410f964e90b2637fff6fa3a975c75e4ffcc30f40f1cf7032570b1173cc95c33f2198f810fd2ecce55330b |
C:\Users\Admin\AppData\Local\Temp\mgcs.exe
| MD5 | 7c7df0dbec20fda5df619bf4373f12f4 |
| SHA1 | 28e51a7ede383d88b14d7f68f00c557ceb6873e9 |
| SHA256 | 8eab0e42c15238b1c05568c998f10b1effeda0dba4b96a989572eae4099ab28e |
| SHA512 | 63194603aee8da8201ffebba27bf6253d7000145f78726e18f77789717b6672efea75606d44f77e911ad54f86588e9bb0389856654788c772aaf838bd762a4d4 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\KFMScanExclusionToast.png.exe
| MD5 | 88ce66fe6eef2e4a0e3e52ae3a316d94 |
| SHA1 | 9f4ebf6b8057eea9f62015feb4370d7801f28e08 |
| SHA256 | 16195499f2a9c1a64fb03c354b40fd98f04d1f4a486b0d85767e85a5b0cfda35 |
| SHA512 | 05b997644bf1cd06fe0faae0cd7ca2da531f26ce41a861b48af70eed4975255a806197c22e054ea166fcd0a570520504ac3573eea8148e204f7a5f0be7995a78 |
C:\Users\Admin\AppData\Local\Temp\OQgO.exe
| MD5 | c77505b68330eb3ebb510a96f5e3640d |
| SHA1 | f443b641f8be58a56aee061386aee5892e9109a4 |
| SHA256 | f47d0e717a32736bb30a954e6348a7d22dca1510bd3082dbe5b2e0ae59e4cc1f |
| SHA512 | 6652da25fdc2b41ca978c473fedbd931634fb900cbb7f9a5eb8471a6242ce997345018c6771abb3c46e5fb396bcc45e316e110a18d80196be4121369975dcd53 |
C:\Users\Admin\AppData\Local\Temp\UMQq.exe
| MD5 | 88b7b0123b8e55c34d4c5764a0670230 |
| SHA1 | 04dc7c6c045a3fa7df149705a40625d3ff5e61b2 |
| SHA256 | 0049d6d43d966c4ee20f3e3f16de916d296f9f420057d1eb35097681d8d8833b |
| SHA512 | 0ac4c53e49866749e76b051d6ea5dc86c8881ca53ee560494969d1f0ebb1aa4cc28cf9eb424cd0ddd91dcb47c1f5f0ca4a923be699c33e8e8807eb6d34f1f7d3 |
C:\Users\Admin\AppData\Local\Temp\OAEU.exe
| MD5 | 0dd9d4704e1f3f2bf245dae8a2f0828d |
| SHA1 | dd39139109ee9ec3cdb1ff153827060dcb5bf128 |
| SHA256 | 41977fc45c4122402d3cf9fa25243a2ecbed98f0b9be12059c33df08e71a8927 |
| SHA512 | 6e312630c4bf510438788276e0f353321b44dbbdf2022f238688d2f3a7c4165ef7e9119d08e944671a76853c5f058660bdd2f94f21a9374ec45f96d5a03635f3 |
C:\Users\Admin\AppData\Local\Temp\ccAS.exe
| MD5 | 2e9e46cc2ae6e8579a1bee1987feb25d |
| SHA1 | 1ed6178c154a49d86974b297fbda7241ea5a16df |
| SHA256 | 04c9bd692cd63848c2ea186df918f67d82ad758a1c7b0665eb5ebca42d42c5c8 |
| SHA512 | 29f31a69134e1c68300778da5cd22ce5ca0aed6f3cd99a4bc17d0abc2d503a35fe9aaf67f5778cb113d6fd70500ec858d583f5c131703b3fc9ecf8477a0e21a0 |
C:\Users\Admin\AppData\Local\Temp\oosg.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ScreenshotOptIn.gif.exe
| MD5 | 714fc8119821ca811d384e41cd8660f0 |
| SHA1 | 43536d2727beec6181aa0a788a8cf42aaa968cbe |
| SHA256 | ee86f8e81b4d17673c44943c61b22d11ecb8c226a63a3cfe718ed9808ee7230b |
| SHA512 | c12b51c11418330b93a8fc806db807cd8aa2c60842bdff9f2f9bd819841653f783eb74fa19521f74d06a1afee604fae8d414e470605d2e3dc27882a07c864160 |
C:\Users\Admin\AppData\Local\Temp\CogM.exe
| MD5 | 2fddeb16cca4f5b596350f0fd27fe1d8 |
| SHA1 | 12668059f26b76a3dcc5b851ccde9284c095b005 |
| SHA256 | 4e44569e78fc0e4b21e8adc6c0a88a26ea1e2943385df514b49d37ce6241e2e2 |
| SHA512 | b46ad3d93504767c9197cebe523b8ff4cd30b2b6ed9e3fd8904a4655eb23bc54f3b49fd04b5e0a3d6163e8432fbad49638d4bd26d28c3dbe8546c7c87c710066 |
C:\Users\Admin\AppData\Local\Temp\koUq.exe
| MD5 | e4d6d551cab462aeed74d1eb5500d462 |
| SHA1 | 7929e311e0440e39b074f455fde19cc5e076d7e6 |
| SHA256 | d7b60b0f832ef182fc552124de95b509c1ed728a4c1c9aab61fc2625e6736130 |
| SHA512 | 14226dd4b7bae7fc7193a872b5591182ce1a25f5516580eb61133b19916c2a9c85f737e1afdd98898aaa1517567b4aa78faa659b98722e5a8e3295ff7a0d7114 |
C:\Users\Admin\AppData\Local\Temp\kEwC.exe
| MD5 | 7cdbb9cd45270789e5be9a94b8f9a062 |
| SHA1 | f42487a871f4557ba303ebef1929192e00e8e2ec |
| SHA256 | e4a0f6251ef932ab5472771c27c8c01f98c309a5be954b38b3b0a64f55901fd0 |
| SHA512 | 219b721b01998fb589205759e3f85821c81c0039f443eb0b5c1a5fbdf3d316805065f8616f8ca68ea84158c6977890901dc6dbe41b13ba3de285b45ae5fdf621 |
C:\Users\Admin\AppData\Local\Temp\Wkou.exe
| MD5 | 76efef139f8bec25eb7a53078becf74d |
| SHA1 | df687d76279cca96ab3157093507cb17025450e8 |
| SHA256 | dece457683ce5f54badb6ce971f4e6b8a4b72305108eaf4284d693ad676b5ad6 |
| SHA512 | f811de1368c567660bc461bd63ca4c49b2942f19dbd9680a8174f988195b1504a018222db4bc9c81ba7dadafb749c1dab4234174c4536531fe139dbc3e34343a |
C:\Users\Admin\AppData\Local\Temp\ycsw.exe
| MD5 | 701939d54de65989fbbd1a3dfbfe00e8 |
| SHA1 | 27d8ac1a5839e6ca52e32d32b0b1ad402cd759a5 |
| SHA256 | a915f50121cf69a12b0c03ad3affcb09322b354698ed6e07aef14d73111e47c4 |
| SHA512 | 97629d684dc18619f92874e13acf199ed7a7da90b51f37a6def458dd68b57023bcbb42f906e9c8f19ea08b6ec86354a02297b0ce450f487ab12b5e18ecce37e8 |
C:\Users\Admin\AppData\Local\Temp\GgMC.exe
| MD5 | e1c4252fc06feb91eea2b3d60c06cb37 |
| SHA1 | 20674e8ead966d730bfb3815938feced4c1eec8a |
| SHA256 | d019b953619f0d2c20504fc57bf7d9c24edd3b7b374199bfd3981fb02092cf80 |
| SHA512 | 26f8038578f2f084270ebb5c94c0e5e928530689ce1bb5a90226703f32678d6adbf47824881ff09860d9ba53c681c5284f4e71ed26c74bb4446f8edfcebfee54 |
C:\Users\Admin\AppData\Local\Temp\GAgu.exe
| MD5 | 32c75a8d4846a09bede0478245adcf4a |
| SHA1 | adcf6cc0168df94d7ee645c8f810ee3ab4a88999 |
| SHA256 | 4d6d43535f7fa59daf064e449a9956df03a9e431d90f49ab85c77d663c8ca8c0 |
| SHA512 | b680069fd712f417322443b12fef93f9690778bd6974da8e73deb9457680d9b1a6e931e39f3fdca2a63f8c472f07a40be20dca9843748524d79ca3d7c6f076d1 |
C:\Users\Admin\AppData\Local\Temp\CsgQ.exe
| MD5 | b6ea859f7fbd292ccbc77e66d5154490 |
| SHA1 | ae153e422bcc79786d4d816fdc24586eeef88e35 |
| SHA256 | 0351c6b9bee22a8dd5b6090c33bd48524ba4fa6be6af31f0e07f25b4d7858c98 |
| SHA512 | c27aff7cfd064f66f67dc57cfefdb7a1fb23f0b977612bfd943bb2b32f9d9d628aa0570ab26e419aa9746e2858891161ca8bde993eb729cdeb2a2b6007651483 |
C:\Users\Admin\AppData\Local\Temp\kcsq.exe
| MD5 | c293bc79b23569c06e4f59c3d1b5de3e |
| SHA1 | 3c092a8de9e988affc8cd29bc8d26ae594111dea |
| SHA256 | c20d2aad611c58c58152c2251b797005812ce194a29be06f91fd2c33934a6069 |
| SHA512 | 62213e8ac05edc6a79c9a1923b97d7b19c0e7135e9f857073749940669b06982710af38dd9a54461c3db88942eb7e83478cc25b90ece0615654e9fef90b6d9fd |
C:\Users\Admin\AppData\Local\Temp\mIoK.exe
| MD5 | 498192a2793e39851635f1d0a06a19ca |
| SHA1 | fce402d94bb48365ebe8f08f31508cb5fae28015 |
| SHA256 | 2bcbd42aad20d0860c7a676d12c25d23252344753b362f5d834f50c6d091a243 |
| SHA512 | eb336748ebc414ea2e69f87921c6812428109ee115cca1205299d8c84a8e519ab10e94dc3cefa48b631cec325a97d174b4dd36353b162616f90c6771f62a5113 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\38975140460\squaretile.png.exe
| MD5 | ccb848ef0fa7efbe7ee41a8fd4a1145e |
| SHA1 | f3fdf0c901548f783b0654ec599b89cd13c5adc9 |
| SHA256 | 9aab8ac1c86419eba53624d5cf4ed4f502d1f5cd42e72b020ede2c5fbd8ca9f8 |
| SHA512 | b37d1cfb6ebbb8c0a4aebe317d00b3ab4fc67d2eefeb7b955dc2b3d3afdf41450382a82981256876f86154124ac464fec1061e0348bcd1b02e16f1eb0669daa8 |
C:\Users\Admin\AppData\Local\Temp\iEEY.exe
| MD5 | 31ab8c31c12220a40428a2fb85ee103c |
| SHA1 | 7b30572ec73a9a86b892e827c808df10b6deeaf2 |
| SHA256 | 749fb21f15e11875f23fed5a2fa972aadf10c629bb8056f30b3b18587321b962 |
| SHA512 | 4938b155f653a416e3d52c0aa171f38fd404b79fc409b12a5370c91cdd80c8015b7088e956d8170d5b1aba79c3f99743833e93967c3f6b41b205e270f797d61b |
C:\Users\Admin\AppData\Local\Temp\UAUU.exe
| MD5 | eb0adb912f10ce08c17a330f4eda5636 |
| SHA1 | 29f2441a5b0ba2f78d7ea51a4b17b04a0d86cced |
| SHA256 | ff176f1269b7588a2a6c60b21d9395e9c0e00392f06b52cc3d9002d09dddd9b2 |
| SHA512 | 2b3e5d7c364e0abe9c20186936de23d526f786cca3348fe7a7a9f0439dc4a70cb42469998b38835c8dbb1f35c6ef4df0f899435a5b933c0b3e9369d25d77aa46 |
C:\Users\Admin\AppData\Local\Temp\iYAc.exe
| MD5 | 00edfa3089c4f27d7a30b5ee695b57e5 |
| SHA1 | b643adcf3d8136bde6324e00765f82671a9f906f |
| SHA256 | 833cd2d5b15791d896a125079a9c34db669e6a148d0e60b4d44d04d3602254c5 |
| SHA512 | 24f8dbe79de36918e48e6c95a8dc1ba4a0659969d9e309643b7a23081f35709102234163fb40b10dac12abd82fb08fc895bbcaa0c1aade39445fe8d16660d943 |
C:\Users\Admin\AppData\Local\Temp\GYYk.exe
| MD5 | 659e7050a28bcad33204ee88d8ef51c5 |
| SHA1 | 151cfb80413878937f4b0cb346a92de6ef21dbde |
| SHA256 | 6eadc79d2b60ba7da8e7f0bf0154826c39fbfc459ea89f8de2fe734087e083c7 |
| SHA512 | abb09c71c49472a049f3826e10db7db70c2661dfbe416a9806d4dfcdaf9940de6814ae3fd51d4fc90506346ba29f27565ff4a60b9b479c75004522b39648c249 |
C:\Users\Admin\AppData\Local\Temp\coAc.exe
| MD5 | aaa6de7e5ea244c8bb842f8463a8ca4a |
| SHA1 | 223aa057c4a8147b54831b2380aed36b1637ada0 |
| SHA256 | 8a1bc9a5beb56eeb1db58b1b5b799c48aa7bdfe25999a1e8188eb469a48af8b3 |
| SHA512 | ee3b74434ebe58160f0ce71047804d1bc8ceff6dbaefc4a2458701c0ff20f26e21b37d9b412145dbeedb2f5411898663110bd2ca6fa0e0d4f870a78a5d40e16b |
C:\Users\Admin\AppData\Local\Temp\ogsM.ico
| MD5 | d07076334c046eb9c4fdf5ec067b2f99 |
| SHA1 | 5d411403fed6aec47f892c4eaa1bafcde56c4ea9 |
| SHA256 | a3bab202df49acbe84fbe663b6403ed3a44f5fc963fd99081e3f769db6cecc86 |
| SHA512 | 2315de6a3b973fdf0c4b4e88217cc5df6efac0c672525ea96d64abf1e6ea22d7f27a89828863c1546eec999e04c80c4177b440ad0505b218092c40cee0e2f2bd |
C:\Users\Admin\AppData\Local\Temp\KcMW.exe
| MD5 | 26451994b09f8c91e3d366c93f190bfb |
| SHA1 | 21c41a31113a96fcf36fcb1d222d5f414063262e |
| SHA256 | 3e86d22c9474c6ea8f88bfa6db6a44e1bd01d6d9ba47a825b5658615252ab565 |
| SHA512 | 43b7e20196d8cfa6a5519a0a6212be79adeb25d2bf58b5c96b28f1bf5c633ef7e2b5f03da860ec26922e73e113499c2de91606893db5b1e84dd24c9055133473 |
C:\Users\Admin\AppData\Local\Temp\EwUI.exe
| MD5 | 0e3eec2c7115bc26e12af95f6af77e49 |
| SHA1 | 8b60368ac24172e50e88fe236b0357f86dbbb68b |
| SHA256 | e8c710fce815fa2258a90ed51da8a6a01c74f664e1c65672ad737ff622304b02 |
| SHA512 | e10c16fb8832c3b5dee10442b009e47e01db5755b65290a8a2b03d48945e8384604470865063ac8824a45b1d82b44ebd6a0409353333b59e2de97d53987775c9 |
C:\Users\Admin\AppData\Local\Temp\GwQY.exe
| MD5 | cd0721e262d19894dcbb1e744d66e36b |
| SHA1 | 853448b088dd65c4f3447d2c0e3b27722f772be4 |
| SHA256 | b63b84821dfbec435790eed4bdbba3287b7fc2dc124f09bb1596c9b33c1d9357 |
| SHA512 | 24b074dbeba45f92fcf0b3e5533aeca6e78c31f8b1609b35ec7998843983764a0b22a075e0e2f74286cfd2d11c9f84dcb0412205b789442834658f64995a5f18 |
C:\Users\Admin\AppData\Local\Temp\McIM.exe
| MD5 | ab9805295b12af86f8fcf619fbc585dc |
| SHA1 | 98ed4c56a66de04ffe689e96c9d596859f8e84aa |
| SHA256 | a69566d6076249e005123470a164689d33107637850dab7d0621fe85aff7e0e6 |
| SHA512 | 166ae5249e18d09934bcb77e907a5ea4e81a64f89e5f77d1e787c7ab29c249d95f9c5d47f62fe7e1acaebefd175975e5ec763fbf641391d7490e93e038b88916 |
C:\Users\Admin\AppData\Local\Temp\yEgo.exe
| MD5 | f95d2df53527b58f2fd5f16a271ba023 |
| SHA1 | 94be2733725657780f9fec03e5bb0ceb86c60827 |
| SHA256 | 36b46e6a97b0c0dfaf8f29ac46f89dffa5cf8ac798e97bfaf5736f5500a6d946 |
| SHA512 | c76cb23319fbc9b3a49f393407376f52c535a3e178272f0869d7d463f6b1a7b7507c8d8db1afb388a2d9eeb707f2eda521f43a6d46b8e33257fa53de27de149c |
C:\Users\Admin\AppData\Local\Temp\OgMa.exe
| MD5 | da67c2d9892e911dd9224a4ab4cc0620 |
| SHA1 | 0a1d095f721da10961f74e26942236b003af6d2b |
| SHA256 | 4499936191856b601bc9438e94756fef7ccb256e4d32cc1088651eb94d65865a |
| SHA512 | 3712070f0abb0ab963054711d69f3ab79c30dd1cd89fc51f5215f85a242b093e1b7e3062601403128e095fa1bc7885b7629378ff3cd489f25b5f8a4be96352ed |
C:\Users\Admin\AppData\Local\Temp\UIQc.exe
| MD5 | ac6e0ab84455a51463c7b4e6fdce377e |
| SHA1 | faf0cba283214fac46fd64f2e24c4c9f3bdea440 |
| SHA256 | 27de6929fe33afe42806a6dbee0a880f2dca7717f086a38f1d30052ba972d225 |
| SHA512 | 648294d195fcdc6263c743b463f1a15ef732cdae9d9704fb6eaf1f740f0ba31db5635d67b180087a6ee44f92fc17d88a485ab072e9d5123080809ad852acec98 |
C:\Users\Admin\AppData\Local\Temp\oEAa.exe
| MD5 | a8cbbec352ff55c0031110a4cb9513a7 |
| SHA1 | 65868b4e321fdf1a99b78d3e7b4dd0aea791eb85 |
| SHA256 | df8c7733d8f72e4ef29ee6932dbcecb2ce6082d23979f1dbec416444c601f5ca |
| SHA512 | 0098ef7543aeeb72f4653f3c220b879fb1c26f742928ca29d157fee29bdf7360b76e6e1185efb58d99b2230011a936b99da8ca2070622f19da01f8e7e5af3015 |
C:\Users\Admin\AppData\Local\Temp\YYgq.ico
| MD5 | ace522945d3d0ff3b6d96abef56e1427 |
| SHA1 | d71140c9657fd1b0d6e4ab8484b6cfe544616201 |
| SHA256 | daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd |
| SHA512 | 8e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e |
C:\Users\Admin\AppData\Local\Temp\kIQa.exe
| MD5 | 79e6eeb1275e7b1d388675870876add3 |
| SHA1 | c7ba4b2dc01408d99beb4a6ce2213b1c97c49795 |
| SHA256 | dbf67d519dbba4762e15d7c46445e784a590276a0bed2fa9cdc0620ca3e503d2 |
| SHA512 | 9d7759daf2c737a9bb57d287f8329bdc5b94f6d2098f4fd516a7ff74c3df17a3c40642daa453f72e3272e31668b9e9dd248be2d1e6e5ce17a750fc42b9fff407 |
C:\Users\Admin\AppData\Local\Temp\CAwK.exe
| MD5 | 52d10db90d9bf2be188330a498aa73dc |
| SHA1 | c6e0bcb7b2380d362fd411c6abdc9bae28a9a451 |
| SHA256 | f458d6bb2e408af9c15b1351531e01414e786d29203cb582b982b7c63d4fdf68 |
| SHA512 | 49c8626c1b0a24895ddbc7672f7e5329aeca00db1508298453f5f78a8cf11c543c3e2acbe2ad87cd8c703e670a403680d6849971f5088a2a1d0ab834d00bb70b |
C:\Users\Admin\AppData\Local\Temp\Cgoy.exe
| MD5 | ff119a6473b30f91383ade634fe48935 |
| SHA1 | d3fb82b3f704007df5390b8e35de1af3a5cca9f1 |
| SHA256 | 997f9535e0ce054e0a93a2b925355ecd2ae352d5a828b4328e2feca8055de84f |
| SHA512 | 53011f0926879c1931f91880d5dbbc70f2c0b1273c88beafadcd190dcb49e7598c14231da7b402f69fe4b161ec7cfecfb050e1ea56ca5bf58053f84b8d34e323 |
C:\Users\Admin\AppData\Local\Temp\WgYq.exe
| MD5 | d38768061ab2993c1577992e9ccc0264 |
| SHA1 | ace976ceecb014db697969ae5e146930fd8d6a78 |
| SHA256 | 61ef2e3ecc067bb47710efd2b67825773586e9a921f5ea1700e3f18f3c46eaf9 |
| SHA512 | 827b2bb312ca24129c5594cfafae877331cd2e9926b8c8635a058b87f120fc471f4edc35760fcf00c2bd939891b2df246951b407453a21f29bb7141f4db8853f |
C:\Users\Admin\AppData\Local\Temp\gEwC.exe
| MD5 | 20ff2818f4559841aac0b034887fd2d5 |
| SHA1 | bfeefec7d45d3b6d03ab0c0bc2b1b944f85f3442 |
| SHA256 | c60f169e56de200f5c2b25a6e73e30f48b12439ba8bd7ae10c9669f1403efdd5 |
| SHA512 | 3bb32f413d4798e0843815f4caf17fcc4365745ca0a84886ff9f601f523ab8c866b4e3d37d21976f3cdcb7c94cd5b8b0ecb5a86b3efab65f0f01597d23ceaeaf |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.exe
| MD5 | 810295655bb352c16f195e9f83cd4385 |
| SHA1 | 0a4131c7bba8f4131d06e8bd3e44904d37c8ed32 |
| SHA256 | 195be72c46f6b3e52c4440e0bb6f7c138086e29281f9ee8d66f08e5b71097b42 |
| SHA512 | 4e998bdd76b1bee86cbc4d3ce85b6cfe4d8f9884c8ed7f050322e5752f1b8dedd097e9e062bd46bbe124c1f9e7332a1ac5df1c4b74fed2c1857df08e545ccf08 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe
| MD5 | e753c70a4993b3b4d32b2f540418bdbc |
| SHA1 | 637aeeed0073d1cbd703897ea73176ee177837f4 |
| SHA256 | 6d9ab55cb410ed84f97535576aa78d10eb9a1444a79fcbc004eb41c44e1ebd4f |
| SHA512 | 26169525bc3df908e80b6cc1af605d5042a7282827c7c7c62d16b75c03e45e03a73e20914059808bd77757e71e1a96d4fd0906916af6066c622b099fd8c6c85a |
C:\Users\Admin\AppData\Local\Temp\Kosa.exe
| MD5 | e90a3c26465e3ac14535d719093fb55f |
| SHA1 | d5f3f3d9185df71141d33cc169e8b5ae1cf9a17e |
| SHA256 | f9b966262c5f3a2f9dea13c66b05a12bd998ee641930272efafdc0fb8fa0b4d6 |
| SHA512 | ab0bc8f588a27dad5ef488728da3dd354fd019b9630274954cb9b7f0727baf6e3c2f803ac0638542607c1b39f12e9799e515076b8013f7cfd5006ffab638acbc |
C:\Users\Admin\AppData\Local\Temp\wQcO.exe
| MD5 | b88f1682162084bfe6a39f2cac45cab2 |
| SHA1 | c884a3b6cd2422c94183d1e1ab9943253b569d7e |
| SHA256 | 06bed0e2504cface561f01a1e29d3b2f3c8bbed9fe7e0b98792d9ffa91236225 |
| SHA512 | cbadab3848071daad559624a11d2b78f67253d38b8aa6dc28ae12215615d98684b40b663bf6edddaf7a9248f723cdcd48bfd67d33711062031377b34b4a60832 |