Analysis Overview
SHA256
8ebba18732ca21d3a0df3c5cad95cf867de57ee57a1898e82bdf25ab1865f23d
Threat Level: Known bad
The file 2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Modifies visibility of file extensions in Explorer
Renames multiple (78) files with added filename extension
Checks computer location settings
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Adds Run key to start application
Drops file in System32 directory
System Location Discovery: System Language Discovery
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Modifies registry key
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-10-20 01:47
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-20 01:47
Reported
2024-10-20 01:49
Platform
win7-20241010-en
Max time kernel
16s
Max time network
129s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\NmkcgsMc\UKMsskQE.exe | N/A |
| N/A | N/A | C:\ProgramData\wSIQkMEU\qwIscQwA.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe | N/A |
| N/A | N/A | C:\Users\Admin\NmkcgsMc\UKMsskQE.exe | N/A |
| N/A | N/A | C:\Users\Admin\NmkcgsMc\UKMsskQE.exe | N/A |
| N/A | N/A | C:\Users\Admin\NmkcgsMc\UKMsskQE.exe | N/A |
| N/A | N/A | C:\Users\Admin\NmkcgsMc\UKMsskQE.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\UKMsskQE.exe = "C:\\Users\\Admin\\NmkcgsMc\\UKMsskQE.exe" | C:\Users\Admin\NmkcgsMc\UKMsskQE.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\qwIscQwA.exe = "C:\\ProgramData\\wSIQkMEU\\qwIscQwA.exe" | C:\ProgramData\wSIQkMEU\qwIscQwA.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Windows\CurrentVersion\Run\UKMsskQE.exe = "C:\\Users\\Admin\\NmkcgsMc\\UKMsskQE.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\qwIscQwA.exe = "C:\\ProgramData\\wSIQkMEU\\qwIscQwA.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\NmkcgsMc\UKMsskQE.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe"
C:\Users\Admin\NmkcgsMc\UKMsskQE.exe
"C:\Users\Admin\NmkcgsMc\UKMsskQE.exe"
C:\ProgramData\wSIQkMEU\qwIscQwA.exe
"C:\ProgramData\wSIQkMEU\qwIscQwA.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-96927588-1668594510-887566661985858318-4356971971979325582-1812838372-889206768"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-10523067692020779955-1127036797-1703213784-190081027165455230216255769902020240584"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YSQsgYIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1624564826-1341162525-461603915-1404551727-611285910-10263223491959541007-1613676838"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1894398354-50555070619662414081819523470-423553393-20347316051746727832-1002694356"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "484354889897427547360261057-10037893-881549763-1830999624-1383428051069622988"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IYcsQgUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-8366479201518248138-1447293176-813617347-1697186716-1226312944-185198298900379486"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "928035502177052007-16482928181618080931470169011-906718073-376917964313804764"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GgMkIIog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "7853300141890733519-945325211-646789712-212546877948974789817924700042061934448"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-898961557960953032519675052-472436716-1644251723-2069564828-420538587-810478299"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "12728390385977493551728153371-1165155019-3049194931023703816699810039814534179"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aygUUcYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "4519587986888702482116920432330424505-13063313691233104552-7926845-1414123231"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MGcQwQgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1559083879-11956845932956316225347778752102289263853310029-549014872-1149169380"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-49866507910707152713003501161538028929-4364082972093313673-1478984823621706561"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-6289257541384748297-458251954-10589014948558095111132650703-5143687431828109277"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1969475220-1604239486-2082071968605044267-2055165147-139907319612258800921070355695"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xkIYoAEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-115598300811518824431938331054-2095825797-8836629838702776311612604070-479479646"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "636994672634486071316387306-2126423677-1502385107-84850701813358996-972295654"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1214867645-53002834916559984201943082562-965786566905733290-1089183395-540328873"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1337642666-1659695474212935115317228090492005852940893985012-9791417002130732524"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ROMcQoQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-6837964761371277231983843737787976689108716885-13877538101584112388521402968"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1620300222306261122-992033286-745429151-1536556741-384864955547407223-1256095045"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JAcMYIIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2157387847924763687020022491290696381096085670-3428909011814037163699584340"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ToooIoMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1530200683498081135-732834702927599540744640287-1256711030841204628-369384763"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-80241425497831803981617133163497003-20733660851107463006-9426870851554085287"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RMMskUEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "115019031618917829139874109442478614211464039961-146146543324804237-1773244427"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LWIsMMAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1627668436-568099902-100079469978194185-924916165862281659-20691266541437654482"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1312606308913435742-18894033291240639152-191706573910490766427009472361835106311"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1602600968-1947793605-786113304474340932-1675112622142738286442893294755876389"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1618513775-437617888-215439393-1463684725-985295609-30039182-848851792-2140607645"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xGEIsMUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "326056743-113650188510618360194099476919700033131098276522-891819379-2114437385"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iqowQoIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SMAkgkkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1224945665-1264253406-786896081-1086952836480203210-374520565864848189981128581"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-280484291-1927959670499750489-1546149661-202022077-144742598250254017-856633236"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qwgwMMsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "453681834-4799067112776066240921451915318598082107745475-11640197001958268671"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-265678018-595666918-90594439-9127867812100107950167789040415098138071592124904"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OGgYogMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-477656641-796885770527049102-2141036879331880387-753714214935895067-511932416"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-9831972133594465425239678961033563046-905492111-201537980916694130901577730787"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qcQsIUQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-77368935-1992668752052964838-423993723-781584794678784771-20630781331769283695"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sokQEkQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1454875663-731331871-10716870771690146508-2018105662-1756000875-2947296341036167650"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SkgIoUsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VOcAMwEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fcgYMQIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nQwgQUYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "181745945-4946002414155066151656241246774450715448015381-577277865127937228"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nAIAMAwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "206433086143582815211608370541348255893243541504-1943338261313623502115643343"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nyUYMUkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-413104290-905221223-18480389251582888124-17238281956080803-333488511396502647"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FqUocEkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1204171168143484035758988365012961189701195626912-694263564423131416677325833"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "927169843-168162840-193989403-1782111341111669316212804495201413502480-1403593387"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1397093556-1560264093207699278817238789947079218097983238-1052554183-585347065"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DwMYMwAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\waAgQsMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GKcMQooc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-14845443931115460899-1432916479-20013062468752380921166894350836959887-1347336382"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-786086120165394696-21372948902109850831-1945072811-64441740315207216391008177499"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EwIssAwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "9643856134395682211175099982-1801882062627740521-1552875015-1713800750-552402736"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KWQAQIoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2985719251290789397-1801076257-91536717910480145981697038988-569819235-1132604781"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1178861881-211741177-1705770481311792975-155405625-928018654188552750-1201201749"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-200564270520223160581862197499218127108-154579820519279425-8681391351755952202"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oeYkgosE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QiYEsMgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1949095885544577039462478573221059065-1653222448-1087496355-251202222002481616"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "208958291-125479062821049251001740757213-836897458-177408729618548103721299608765"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IkgkEMQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-185345254-1565425049-24080441840098313-1089532849-1481745316-16723655601299893405"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1984242923-159879651381665481411020245-1575826922406057725-1280530590335120000"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-20397656442816389732053858418-8781265481971981905-20718300151027738395-2145311168"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hsIMUsIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1731047197-1594902201-80938045319178951691359993501166684029-523347001-826463524"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BGYwoowc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FqogYMYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "3105593421857903657-19900935861634410259-386116240475634417104716525-479963545"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-973903011679765408841513298-12433500291190393841867515513-1135545885-411157282"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vGccMMgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-142152496710926680391440218646577786276208705524313277127022075590276849223"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FgkUwEQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "377307340207120976735935951566913659011611434711208459511-172602440535461749"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nMYkgwIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BmsgwsMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZswoUooI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iycscEcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ywMwwMwY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OOkssAYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\okAUgwoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "591538666-16124271821922499862-91808205-680767913-720361060-21418747122044044024"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GAsoMsAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CKIwYUog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qMUQMEgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DCcIYYoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HswokYUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nmUQMsMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-15943760994967966331934908529134208816619767007361639020371980666098-2019672140"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FYcYksAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fEQgoQgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XcMQYkUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aSoQUAsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QYsUIEQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KaUEcMYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\Wogkoogo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kSUkEIoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MgskckIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cQQYAYUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hukwsIoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZkYEwsIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xgAUEgIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HEccQMgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NWUkYogY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1512643181548114684-1167022928-1847262331035333381108710102-804230383-845684201"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DMIEMEQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VSEMIUgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-187393420232593010716241810788043583241398795940-1683355080-10224291241998298677"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PmMQoMcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WUMswwAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ImUMIcco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kSscIsIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QKYcEUME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KiQowIQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iAEcwYwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gSwUsIAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HOAgYsQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VKQQcQIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JQEQUMgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LyokoggU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TQEUEAMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FuUMogkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aoIAQEAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\meIgQAQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2098452284-296722579-229858116-2047052481638999709-198917214161296730-1335325540"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AykYcYYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-665115092-11668588-11129862391044017576-1254136903-1466861868-1446757519543209077"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sIUwMwAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-661791276-1873494396-1726923469-61236955415655383801646403455-1714149437-1205904541"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uuYwsUsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1614302923-759221106-13258059151858668708-25203328749585827-29322556-1802041915"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UwcokEEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZKwcAEMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rWUkYQEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LyogswEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LsMocggA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JGsIUUQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BOEIYkMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hkYQEYgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SsccQQoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OOswMsEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qgQwcsME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YmEgQUoc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KmgUUUIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MiskMQEs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pWMMUgMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rUUUYYQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VgAocIAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "8024205921269402812-600660059-12651442338320822-1723454343228952611694728259"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TeoYEMMg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rMYAIskY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TwMoscEQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ISkkQYYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GkoIQkMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gKEwssYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aagUcokY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iwQUokko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sqogAUcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PsUogMQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RsEAEoko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZEEcYIUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HIQcogsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VmEwsokE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RoMgAgQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jykQkcss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HkcYAMok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IokYEgsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IEwskowg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\myoIAYUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.169.14:80 | google.com | tcp |
| GB | 172.217.169.46:80 | google.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/2380-0-0x0000000000400000-0x000000000043B000-memory.dmp
\Users\Admin\NmkcgsMc\UKMsskQE.exe
| MD5 | 54906ade6ff4340bc34fa3b5efee4280 |
| SHA1 | bbb58c502135157c0b2deac101612dfc1bdf3b90 |
| SHA256 | e0c99478898375e64969206610c6bae07b885fc2a58bb466b34ac513dab1d237 |
| SHA512 | 9933444e5516a02a67e9ddddaa3f48a7286d7df09871ed02433029ee2f4369aa2db2ed99d668c8c76f9a34d800c925c2262ac4f770c9684b5e5100304ecb27d4 |
\ProgramData\wSIQkMEU\qwIscQwA.exe
| MD5 | f1aa8593dd92df1a31fed59abb44fb75 |
| SHA1 | 9894ad6ab74fe95592c380cd645a557e3b6e9d04 |
| SHA256 | e6a387e85f7a371fc4bfa0ac25a67985cf6ff2b5e81811f6946c08b91fa1551f |
| SHA512 | afdf9f233cb009bcef49644003d7cd091ecc8484260c61f9ec792e504d45ab425098046b4b9f6cebc89493780c96363db21b612433c34ec524036d5a89333279 |
memory/2440-41-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2016-40-0x0000000000140000-0x000000000017B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
memory/1196-80-0x0000000000120000-0x000000000015B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GgMkIIog.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
memory/3024-102-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1692-124-0x00000000002A0000-0x00000000002DB000-memory.dmp
memory/2212-170-0x0000000000120000-0x000000000015B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
| MD5 | 8069e690a23c6c533e7209fc672f9b23 |
| SHA1 | 7c4c896dd84d8cf02eac5f74282a18323a0304e3 |
| SHA256 | e7e85353e559a647deb852fe76bcfeb7e0bac16c43ea107f523ca158e36159e0 |
| SHA512 | 6f37198327e617aef5c0a41bf4e4098ef827aa520d98802ab93653bcbdce0646b370104ffc8feb25fece2593762d9bf6943dd6459f97e1356e602a680759044a |
memory/1340-237-0x00000000001D0000-0x000000000020B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\NkogMIUs.bat
| MD5 | 2166d16409d8f1d2b0057fdf75d05a86 |
| SHA1 | 76c516ffc902ecc2499276be466f5ec8dbde4082 |
| SHA256 | 17c1426582d22d103c0c418fa8dc670301f74d97ae68aa53b988e8240677552a |
| SHA512 | 45ba8b617cbb95066f1cdc3f2751a009744bd84279eb6fa878a9b714ec32b64263cc9b10d61191ced223cc5b54515033bbc2b8287eda85e17c22547b4857d9bf |
memory/316-260-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FsoQgMgc.bat
| MD5 | 4eea5b8ed7e69933df770134dd8a936f |
| SHA1 | c5d4127024e6fd4bc20d65bc865c9c3a5e31ab87 |
| SHA256 | a632cbd09b8afcff15b1d308f880b81bf33962c60e64e78de8ca7dfc43e8859c |
| SHA512 | 18d49e47e960c48f08344f2fbd086f661330df48b779c83821dd32dca8b7ccdae324c34dbce47d9e8fd1ce046690e3f6443c95a5f520156778f660e974409256 |
memory/1688-317-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2340-362-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EKsgYUkU.bat
| MD5 | 3f436732f7336fc519d51423279ad24d |
| SHA1 | 73206679a26839be303065af871dd55cd749fe9b |
| SHA256 | b22aeab8a4e1fccaf770e1a4375b9e65db2b1fb6408c918418c24c6d3d6cc0c1 |
| SHA512 | 01c23c9326f1490fbabcf46bd214bfc4ca3afe1e6ff0aeda08e107f2b2d05378df61b53bff7cb4b7af85471afa5872741b6110773504d828a0cd72c5c3f26d3b |
memory/2144-387-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1772-409-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\NmkcgsMc\UKMsskQE.inf
| MD5 | 60367153f96a3fcd7ae4c97647850f42 |
| SHA1 | 0a34e45651216139fc8f4ae840bd7b0bdaac792c |
| SHA256 | 215c6431a943fa3926d03ea748f88b317bf1b8553f9cef343eeebae8a1cbb169 |
| SHA512 | a519f9462d89cbb6b45eec56f8a3decbc7b434fe7a50b412048c8111903f54798e9415e7b738a7d008ca129a97c74d4e2c7c29396a9bcc7e2dce84138215c650 |
C:\Users\Admin\AppData\Local\Temp\NUkoIUYQ.bat
| MD5 | 814ba63ecba4ae0cefece61b0cc8f7b4 |
| SHA1 | fc484fedfa726e2bcd657d77dd50ca13807c66e3 |
| SHA256 | 6a3d121c606daeff2028870b785934e64266cdfd013f5da9683bddddc1ebc750 |
| SHA512 | 8e060db8e7e1bf7b0c92c69870a064c8771b124cebc2aae9da0232f31f612f11ebcb52843abf91c0df9343c724f1c74353f5df543a8d32948c71084e776b7b9e |
memory/684-549-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2928-569-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\xOcQMkQM.bat
| MD5 | 926d65c88fc1ccec3387b9d91adf01f3 |
| SHA1 | 545f4a79da77ecfb20317430b91bd2f373fe49ae |
| SHA256 | 2c892e96171bef328062fb89ba1699a53aac215fe3f515fe1529336b84233fb5 |
| SHA512 | f17b703f1421125265abf182b939418409bdb24f6adeb31910ea50b13cc3519d7494458a988248b5607efe491fe6a4702fa557d8cf7d9053a0b28ec9384c73ff |
C:\Users\Admin\AppData\Local\Temp\GIscMssY.bat
| MD5 | 1e7a0d68824964d3b1feeaca67c95487 |
| SHA1 | 166e1e4abe9849d72e1b93efab9469382f85a1a8 |
| SHA256 | 02fd91295475bee64b34eb2c7fc6e85210bcfe5425426dea245401ebc6db56fc |
| SHA512 | 6786dc90f88eba712b540a3d2a5d47f9b7e60e8bef22dba07163f21426949f68cdf5beb9810f86b57fa9d9ea9b39b94debf715330fba5f7ffbd9d94ff78f9c16 |
C:\Users\Admin\AppData\Local\Temp\oMQMUAsM.bat
| MD5 | dad9b6776117510a3e10d52d10689dcd |
| SHA1 | 2d45efb887e896acb3ef54eb18b86395b55538c2 |
| SHA256 | e0e58f647a069821c486c25fa53d22d8cf636f0d9c7b6ccda699ebee18b8eb9f |
| SHA512 | c7c6164b4ccd66bf0c96a387a5d2eac8304447ee791616909de550ac3faeaed703d4c69d5c1cbb3af02092192cf22adcd8a34274cc7ce8cbdcab70ab590ebebb |
C:\Users\Admin\AppData\Local\Temp\kokUAsEE.bat
| MD5 | dffc656d825a03448da6038abd5ad7b1 |
| SHA1 | 0f2c3eabef6980c093ebbc06ca44744d04a5ffab |
| SHA256 | fc364a6837988df2cd7e953ee3f85839c7156867659b48a65b3d1474855195e1 |
| SHA512 | e0bc645edbae129578e3a55e684c448b204dc467c7aa9c795de6e5e49de47b8aae13f7a6995e8319a68d4c0fdb2d31d999972b47490f763bb2a830219311acd8 |
memory/852-744-0x00000000001B0000-0x00000000001EB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\twUkUcYE.bat
| MD5 | 6cfb3028e215ac529f67de6bc7cf052c |
| SHA1 | 81baa7b995236b49bc67231792f4976e37a97421 |
| SHA256 | db78d6939b521c4b9203d8a453e1cb760ad30a7d0d3e445d457cddeda56dccc8 |
| SHA512 | 597011a3cb92b41053b693b4a7450d3d0b4286d8b996fe1697fae5185cc541894ed38cbe5bdac46f72f7d2d2ce905c49da2976e2e11157be3aa4be7adf05df87 |
memory/2660-802-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FwwUkUgU.bat
| MD5 | 692dddcfa8cbcd215c8c72e64a8351e4 |
| SHA1 | 672a8e6d4e9449c70e4bddb413be945be9bf9c4a |
| SHA256 | 3b0b72ce3523e01a0913e87bf42c92727ea18bdf9955d42f2e02e8955ba908e5 |
| SHA512 | 04b76e2f9c39f7854216bb288bd290d788e34422fa273db7105a1b42f247b7ef567f225cd5121dbea9f9e3614144fb3adf8fc1014b60e6356f88b9debfd569c1 |
memory/2776-850-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3012-861-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cmcYgMUc.bat
| MD5 | 44db67abb36dc3e740dad2878fddf9ec |
| SHA1 | c3f9eea34b31ca3098c89bed78ab66a101240d24 |
| SHA256 | aed37b20f1bcf4119b24acf680f2ec783190da41a5d9d2ba0fd41688f871b568 |
| SHA512 | 4d6234d3e447c8863613cfec067c69b74cf4d7ad7dc6905352cbcbb71865a20ff44db43298de1469fe7e2763557b86ac491d80bdf000bd56e87c3c322f6669b0 |
C:\Users\Admin\AppData\Local\Temp\wccY.exe
| MD5 | 04cf509e94ef70efa3d8d6f0f9ce36ff |
| SHA1 | c7b3cea12b3c5dcd1a7582ac01daf996a4341375 |
| SHA256 | 0a1910302392070db0cec541cb324b29efad01f7eec86f8c9dd5e7cdaf0f47f8 |
| SHA512 | 37747d2ec2ddd685430054cb9fd6e3a100e9700fd58fa54086c45cece6930a87af55b3a307952454b1a2b93824ca244b76c8473c2154498cff2b2225d2b0bc77 |
C:\Users\Admin\AppData\Local\Temp\Usgq.exe
| MD5 | c871ff3f9a8b84f4275055bccb2d6ade |
| SHA1 | fe7f66024bc95c654846e180b52d985c549baf62 |
| SHA256 | 88566c2973a2462a28dcc82e8ae5f837323b2070fdab1900828f8f912ab2dd83 |
| SHA512 | 41c29ab6cf90b8e6eba6492254cab6c466fa6dddb37388bac2c34269a2df904f92e4076784db48a960e3db71e31d31fb65a4c20e18b538372466044ad5e2a7f9 |
C:\Users\Admin\AppData\Local\Temp\eMUokQAk.bat
| MD5 | ed74dcf3f4da39f80d9e560ef2d5c9b4 |
| SHA1 | 01198ee59c9ebc5fb3c49017ac2ede6b7d087ae2 |
| SHA256 | f85a386f2f923734225c43556288b41183b0147bd9cc386aa5e417a315eaf570 |
| SHA512 | 35e48cfc3576835a3e75f7dd82dad7c90efb3606ba02522483ca03dd845023553c7fdb5c50ba6dd4216cb4dc7f846dc8f282a67cd754b6634c3a9b7cba5728f0 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile11.bmp.exe
| MD5 | f2f5d4d1d921057ec11769a37157c3f0 |
| SHA1 | 4dd3f9f0216d1b1f559a4d64c3cf001cd2d28514 |
| SHA256 | 88f8603c332a46f114d9d460c59b616eca1c44d1df3f640b6a2d0c7e402652f8 |
| SHA512 | b6a1ef5c4fcb9771c17c5f882f40b0e4d6fbd894b07974af7294ed58d96cf19814208cf86ff1bde327b6e9edc59c893ac5d1254f7dc4316101fca73cbc78112a |
C:\Users\Admin\AppData\Local\Temp\IEsw.exe
| MD5 | 41b18b81e6b4fe09ae06314a5348ca01 |
| SHA1 | d94c00b722b8d52f922c880c84be7d5ccb2ee204 |
| SHA256 | 6deb31de7643676157b488f6b35972a1222be2697046624533efe6a252f54303 |
| SHA512 | 455d1f4216c9847db36fc626ea292add9d3c19c456d6b8fad144e866f604e5473fb45012ef188d8f37a34852240120f49b8f2169899ef653c18f1ecc40ba4367 |
C:\Users\Admin\AppData\Local\Temp\acEc.exe
| MD5 | a97cb9dfd2dfcfd6af988b77b273f13f |
| SHA1 | 084630a0ffbe34f26d08d0292827406e3e40e57e |
| SHA256 | 869615ee65e159401462dc0eb4114e933c55c33af4fc08c5ef394e98caa06bc0 |
| SHA512 | 1b7138b1c755e468c4a419523566fb0c9decd5ca01c60ea5cae38b3819bbd5c1ca431840b1ce13261c19ef7b8a528f7d21a420bd63a9d3f8cd3f7fb1bf15c490 |
C:\Users\Admin\AppData\Local\Temp\kcsY.exe
| MD5 | ca6f37fdadebcc83999c35deab41200f |
| SHA1 | 8a73fbf47f30d34316647feffda5656e01be9220 |
| SHA256 | 247046daf3dcb30675625360d93016d550e0460cf225ffd755a4b3e6c009a002 |
| SHA512 | 02dcd5a4f4f346bf2158876d4c200bbcdabc39695411c0f1754525653a1551421e91e32663788aaf6dae8a166aa355896556a44ead7e9d01c86424213b163666 |
C:\Users\Admin\AppData\Local\Temp\Ykkw.exe
| MD5 | a7f6bc53ad5fd6da8cd3a9f89906ee9c |
| SHA1 | 827c7fa02dbbd5190eda092099e3a09e7b295fd8 |
| SHA256 | 8d445bdefb78986ba2438781d6bb6ad4318206409f487c595f247cb6c0d5a3b8 |
| SHA512 | 2d348ff5c4a2880e9a53fc40bc90110055ada82040f5b88d2d20bb0c88ca05a5fa38993587875a3dfa98a23eeea31af1485dc1ad0f35deae024a6980fbc43e1b |
C:\Users\Admin\AppData\Local\Temp\wcYE.exe
| MD5 | 41d2f29214f151097b6c667a006179b6 |
| SHA1 | 14f41e172c43d1970f5b74850554a108750e4ec9 |
| SHA256 | 86b4c536ab0b0971566f19a3bede1c4cadbb20da3552de57f3d7136db9752e23 |
| SHA512 | 89ad40fadb7c4d8fb9908a1f752c6eb8120f0e70b15a34f8eac5135455cba7bc0a4d225ab52c502f2bf4d0c46d4ddfd33324b9a8adef69f74cad73dc1508a7ec |
C:\Users\Admin\AppData\Local\Temp\GQsc.exe
| MD5 | 511828843eee812201f475416e20e95c |
| SHA1 | bff782a1dd78028bff98cb86454dd2c321b35e87 |
| SHA256 | 1d452416905d9b4315235a3dcd95bac0696eace6ab12ff801c0723db954ca9ca |
| SHA512 | 951b95a0894c75a7f7d0bd242f40d93363c176011c3e7d68ffd1b9c3798b9a20936608c38ff5748a9d69c9e8734f1dad757c3d3e7cdb36eaa367d23ef84b1c38 |
C:\Users\Admin\AppData\Local\Temp\uIwu.exe
| MD5 | dc83afe9a1d09249ae473e0538003928 |
| SHA1 | dc2cd16d716b6a4a9b5c92dd70b3a566185596c3 |
| SHA256 | 038d7643770b8e596f4f20613082fc00c95ef262e5b24298bc5ee73cacbf770f |
| SHA512 | 977f081de34855fa4061331337a17d6a4c416e4393303d636e577ebf605fc2dabe572a7dd5f55308b153f51af446c3a94d5370a086f0e07dca875021cd28321d |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp.exe
| MD5 | 0439972ca6504b1b74152e1f3289e14d |
| SHA1 | 3dfd82766979613634a98490bc1f5cf1f09c8276 |
| SHA256 | be90b9e7cd72fad989670d7bd8808c27edd898b31e43f462d19ab0228f3ff765 |
| SHA512 | 06cf3761f72cb2ad33e22f93326018d834ce54dd9235e2ac2b48fdff8f858f6cfa421eb833c95a98c6f39e1d273934d7e71bd36d76b157687b3eb0892f772b40 |
C:\Users\Admin\AppData\Local\Temp\Mccg.exe
| MD5 | 0c9fba6c3a5e997cc83fc67de3b17d47 |
| SHA1 | 3b321a20924eac2960aa0082ea121acf14b10ad8 |
| SHA256 | 641f4208d6c5f8cb038b572e3ca3edcbcf47937ba03d05498fdc68557063f20e |
| SHA512 | c1a285afc62f83197041091a9729d67da6a380ad74911e1c2a57cb755785dad6dfb84c94da695ad8aa14b10949323cd96066f0b5f521b4b90b9dfbdfcae73ac8 |
C:\Users\Admin\AppData\Local\Temp\QoMQ.exe
| MD5 | 3c5769e1e4794b731a262e40a63d1e14 |
| SHA1 | 7ddb1c173b9087542f8e9c4234ce9dcc4afb1d60 |
| SHA256 | c766f82ac8b30004823c47fc795c3949b2c495f1579af5413424e966f250a7bf |
| SHA512 | 1dbef2876b7367deef2067ca18a8b041bff6066aa6dd9cde482cd8f0cf83ddfff1e64cc379e224ecc719552bc8e71886b77eb5ff794c14793824327612c1b2f5 |
C:\Users\Admin\AppData\Local\Temp\QQso.exe
| MD5 | 1186ce244ca50edb8fb744c6e83d297a |
| SHA1 | 18f30e72d6b693322d16c2fe608e816c9e85ab40 |
| SHA256 | 476bc431cb7dcd4861c0d6cf8ff49795fb58d4e1466c14827ce8752986e0dd36 |
| SHA512 | 46ad9281abaaeb7d96ef76fbbfaf4fbc49d7b2dfe356e2804d9d272a612259b82d3e13b6e60782ec9591d9f3acee469bdf0ac3ee2a2de5769be4d0d90c94f176 |
C:\Users\Admin\AppData\Local\Temp\Ocgs.exe
| MD5 | 32d3c7f802a13c97d464a7525e79ff54 |
| SHA1 | f66befbbda382677feb1b6d203ed3ddea6ab0fb6 |
| SHA256 | f4743940f7dc6c361c4b2dbbe6c983538c894f8788aa6215b998b8e8dd478e42 |
| SHA512 | 11d5aec8e45c66c056d274154bbbba2c1892d4320baba1fefaba8d7124a947597bbdf929e550e94752537eae6deb6c79c401a98bdc3dc741bb84741d43a72b17 |
C:\Users\Admin\AppData\Local\Temp\QcMO.exe
| MD5 | c7f6038445b49ca2115a70f36497c26b |
| SHA1 | e498e249c06623c222b9ba17cfda56b986f6d055 |
| SHA256 | b78a03955699f67f5b62b0408c8d191275df671ba490f1966dc5c648a9184d0b |
| SHA512 | 8bb1ac56bc3d92b5c9b8ed4af28d583e83b5fc7d8a960dbee1727be4bea79135a8a4c9c7fc49e01855ca8552bf7c55f8f6c30868eee5db20cfd6e8ddcd32f156 |
C:\Users\Admin\AppData\Local\Temp\MgQY.exe
| MD5 | 58e24fc3d481cac896ca1d44a1f74528 |
| SHA1 | 347d5ebd791ba84a442e5daef955137c2cc8dc8b |
| SHA256 | a03908ce1fa3d59cc4f6855cc12543fc624c33cb50a229e9e4519d65a0d2055f |
| SHA512 | baa1506441f76a04f612023a109ac2d729c04e15ac08a6172d3db6d339edc9c11833435cdad3e181b8096316a93280b12319816f23c1092615e82b348d31440c |
C:\Users\Admin\AppData\Local\Temp\oYAk.exe
| MD5 | 136e82401bf8c325c8f33202452cf4b4 |
| SHA1 | 367cbb5389c28707d95d0955492c967bc936d258 |
| SHA256 | 69b37b76b85f114a192588104efe7b64010939ce3bc3fcd415e23f94184d2c78 |
| SHA512 | da22dadedce2ac65cc77906ce23efae4c35545991108613a1ffdd6a2a560fe7a56e21ce4ea626637dcd92e6491fc1d5a286a5349b83cd72e0c2add264e9258d1 |
C:\Users\Admin\AppData\Local\Temp\cIoc.exe
| MD5 | f9470e5998f801ae146afb264080aa82 |
| SHA1 | cf19c79044e98e1b30f24739526f39947e139b18 |
| SHA256 | 3affd99bb2302f66e9563dc3c3e4f157835afa0c96af0a3524a4a541216edf2e |
| SHA512 | 9ae30def9599bba50c8119744b77281c0b3e34514c328d7faeb1382a3b032791a202806fda98d0497c40874f51951991b62ec6ce854bdb8602d9024ef261bed3 |
C:\Users\Admin\AppData\Local\Temp\nWAgEcwM.bat
| MD5 | 5a0c33798f9a3f400f908461fe455cc2 |
| SHA1 | 3a7f8725f72efd7821e9e807c1c2ca6e0cc609d1 |
| SHA256 | 7dccfd2ba60f8220e17a8ca171fd3f7c4a59c5dd70da5ea74c9de9da150e4ec2 |
| SHA512 | 523e46cd9cd8dc037e054e5c90a5d9f10a5470a54a12fbed38617dba091515afa1abf5d8e7c44ddd0a268774dc31a6fd5ad3c9055387365d1bf5ecaf01d44251 |
C:\Users\Admin\AppData\Local\Temp\laQQMwok.bat
| MD5 | 612ece5821d3812193836f07b84cf8b9 |
| SHA1 | b680854230e7199b18e9e20f665de5452042f3f0 |
| SHA256 | 1ef54af84ece4d5d7550514566776741f7c5ca0ad364d1b1337da7fc5bdb8457 |
| SHA512 | 30eb717ea2427f27a90641a4288b6abb29029a20548ac6436e29c23c40ac775fda6c4c7d196ae3ff528e37300fcf4f250a906e79081da92bda6808a82ef56477 |
C:\Users\Admin\AppData\Local\Temp\KMIkkMgo.bat
| MD5 | a2052ed1542dfa10949e66170a73fdd9 |
| SHA1 | d4b3035d4bcfd23a00b88297ba3562418a6aa99b |
| SHA256 | 0a396d41460cde0c8143418ae61d1af420783b4c5b73a47889f83bdd0e6510db |
| SHA512 | 952d9508673bcb8d709cb566d92cb780b87eb7e4fa9fcc6c77de15533cacaa937bc365bd56f6d4d7344f2e191d9a85c58b21465f5801e473f6a75c897bd4a526 |
C:\Users\Admin\AppData\Local\Temp\gQUK.exe
| MD5 | 969d2ade0679dbaa34116e6fd81ba28e |
| SHA1 | 49eb2b14e7bdea0bc7cb26cd05b1c64f364b1649 |
| SHA256 | 4d00aef2f01cd7bf0514ad9d827709012f4817cf4ea49e111fbd66537b544a29 |
| SHA512 | f3b23ac11934d9c23757c755778e8b3b4e973c8b138bf4c58e64a66f69428fb7a9afab6116ffc94cb52ae8d97442fc8ef103b45886d671540370b16fd168a181 |
C:\Users\Admin\AppData\Local\Temp\yEoW.exe
| MD5 | a87d4f369b984c10770d04e9b9b9b0fc |
| SHA1 | 17698ff414900d9b26798faff5ad88840ad6fe0f |
| SHA256 | c9530cb01ab50cfae2afba293b70c1e09bdbef03970e0f3ddbdd12e87bdc7303 |
| SHA512 | 805a8802a9af3e6d9795cb37922dd5d0aaa0b623008f59f836735cfb31c1e7ad90dbf34e5cbc12938de4d40c04be19533fae32411a69abde9559d3fe45b1ee69 |
C:\Users\Admin\AppData\Local\Temp\kAIw.exe
| MD5 | 75af85ddc3606566f0a09af2c7f2b314 |
| SHA1 | 1c2d6e38d85d322123ca0e3208a349f33c30172c |
| SHA256 | cc39ab816b397b8a1bb875a61d67ac26736d73d25dfb27409ab6815f3efef09b |
| SHA512 | 259c25e3a14ade2dcfe5a692c1d3973c865d365abdfa1a94aa18dfa3871def734e253cb34cf3f88e9f90cee9e22e453905a019365c948c4fb51414836e2c7b17 |
C:\Users\Admin\AppData\Local\Temp\yYAU.exe
| MD5 | 7fde54fa90da6d60481999e218e2b1d5 |
| SHA1 | dca80a30b880ec2f4b8d660320e9d40e88a146f1 |
| SHA256 | 448207e1b3161d70a7c522921e37c016724b411d8de5a3adbf010f4a8c6827e0 |
| SHA512 | 1054bdec7ecb4c1e11e79abadda62e08dddb1ca713e2ce57f47843a9f7abb1fd4c10279af4f3a8bfc3ef226f6add6a3c49e2440bc6dd70b1b99b6a7a0947e038 |
C:\Users\Admin\AppData\Local\Temp\eQMW.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\Kokkgksw.bat
| MD5 | d7009f7a01d26c59b135e6b16fb99808 |
| SHA1 | 7bc634f20ceff2359ff9d6aeb9db3c49f67abd2e |
| SHA256 | 8de7a7ef6ab30c7484c42f37266c75ea13fd3278916162c721f813b322cf4c7d |
| SHA512 | 0f3bc608dbceb865559461ef8d14c660dce9890151d4e468ff5083f65102ba5639e2e851f02178ef056c08cf0cc978757d2984a06b252aa41208de0cb42f69c8 |
C:\Users\Admin\AppData\Local\Temp\sQYQ.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\AppData\Local\Temp\yUES.exe
| MD5 | a77732476e92e2c688d957bae1894b10 |
| SHA1 | 5b18d09eac6529ffad680c6b6832ec6800f34b54 |
| SHA256 | 468cff961a7e1658453273a4fc9c9eabb03a9857f895954d55d1064f161f406e |
| SHA512 | 7e57265b2d368fd6a2ba67ad1f4ea8918310e181aa6af7b5c674e05637be5e0d273917679e97728e7bae913b66f77da7abfda78c2fec089975a60b4912516b53 |
C:\Users\Admin\AppData\Local\Temp\gQAS.exe
| MD5 | 4493ec490dfea77a06ba92b96ef9a6b6 |
| SHA1 | ba46f504482c187dcace793b74c17a219127fabd |
| SHA256 | 85d7408de9fb265fd68a2c45b3c1b5dbf20f9af924e40b0d691e75ab332280d2 |
| SHA512 | 623c481bdbb3e48d22cfdf335bb89da5d520d5e9352f16b38d3686ba04bb46bf7fc1856d470b5a61159feb8312d1b148c73c03316341ffaf7da0562de70e1afb |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe
| MD5 | e77ab5169c0f45f8539564d23530a4e0 |
| SHA1 | 6ebe8c3b620cac3ee46790014a37ed91a82bb421 |
| SHA256 | 74edcc9b49f11de6ace8cad6211a6f414ceb4e863ef91a0a15f0993b48dc5f15 |
| SHA512 | 8b17431a0f12d3b2b9d562b9d43585fc735fbe4cbc3c088726bf1c91b672142e8619b37a270211ef251088366caa406ac023a4bd606a7f4c10ee708481163abe |
C:\Users\Admin\AppData\Local\Temp\HKQYQkkE.bat
| MD5 | 5a4600dbac1f80175dd8383cdc15a878 |
| SHA1 | 29705d5194a7bf58fcfa6005064a471dc6319ed6 |
| SHA256 | a2e14ea7a16f2695f10a2042bb0dec1360ab30db413162ba058394ec23cebddc |
| SHA512 | 058eac8d36c2a936744f5b954fc79b7dd0f60ca4bc8646a806019d317156f8e2626d9c2edcfbe5958db22e54ffa4966cfe1e5b073a35e58b9f2b9f3a75da32ba |
C:\Users\Admin\AppData\Local\Temp\swAm.exe
| MD5 | ebf0721e035c3fda09e2320d408d759b |
| SHA1 | c1f2dd824ac0a5037fb8dec0b49bb68fa5b1d940 |
| SHA256 | 537f243845c1d972d6fbee89b1beaf321df2560f851839183409eb45e8900012 |
| SHA512 | 2e97fc51395045bb174ff0ed40f84ce7111efec2db34d509d60a3c8f0668ccd4afaec97b01de65d049cec99d731824339b40413b11f53d8bfdd52a442a61b78b |
C:\Users\Admin\AppData\Local\Temp\AEAe.exe
| MD5 | 2de636b48051e2e0ed3801ad1ddaec77 |
| SHA1 | b084085d96055103283ac63ed45872fa3ae0c28d |
| SHA256 | d3cd79882aa73145dc96f3591d5cf7b0e5aaadb058b14fb64d3554553c796deb |
| SHA512 | 8d9f42da12e2239771cd68e3fdc442323f91b8aab8ce912909b8dea530397a7922b0162af20f60cf7a97aa9ccc8a8196e8709a212f8dd532eaf4a33691e0fe42 |
C:\Users\Admin\AppData\Local\Temp\tQkIMcAQ.bat
| MD5 | 08cdbeb1044ccd0e7cba1e5e93fa2b4d |
| SHA1 | 74c658b3df7178bd6825138b8837b7812d2409e0 |
| SHA256 | 24e22d99b62142c98aec2dda6f874035e51a06600a75e70f76678e509e296913 |
| SHA512 | 867280f69c6391009b52ac41e6a27aeec15039b9304247c96773c3dc4c2a285b24db0bbaf11b1d622d8e54b8729b0b5f7d155751d5c7018c0aff1b6816f27059 |
C:\Users\Admin\AppData\Local\Temp\soYS.exe
| MD5 | 555fc2bd261c549b29820c3ac97a067f |
| SHA1 | 8578001d8e8e68a10b172b4a57f4f79757cb0f23 |
| SHA256 | 3956d0be1744f4d3589388c1d8fc137f05fea69b017445cec59ad827bfa7f965 |
| SHA512 | d22636b5cde253f9993901cae9df78360deda1f2826bb6f898c77ff3764ac951a473f60ce8cef0b88aac3e9696ca241211fbca14eb4e95bd86794f97764554a0 |
C:\Users\Admin\AppData\Local\Temp\sMku.exe
| MD5 | 4e366d2bd3d9f254380de5c918979d6e |
| SHA1 | c650ab728ee972fbefe222132621ca432e1d370d |
| SHA256 | 822ebb84b237e890d9209e668bb8b5d82be13f2ad39aeeb29ea7b11cd0922b03 |
| SHA512 | 3f38bc8872e381c62a523ddc6ac1e3c46900c716fe8e17c7aa35fa57f8711e528db8eeca262832934238a04d042450be1d57fe9cdbd20eabd41055bc20f344a3 |
C:\Users\Admin\AppData\Local\Temp\CUEu.exe
| MD5 | 70470690e7e13081b95d75e0ef4b4319 |
| SHA1 | 21047eec5112d323b3ad037b67986bad303df1ef |
| SHA256 | 815e0185b84f59b95977e3de05175d56a29e73a1f82adbe7041f70d8819c763f |
| SHA512 | a177908e37d2a5dbbf74c9b80890cb38305c86ed68d34ea1b60c0e97d19de05dd96a308bfa755cf9e35cbecd01a73cc7e6d79c4087269ddf60233ea60164f77a |
C:\Users\Admin\AppData\Local\Temp\YEEE.exe
| MD5 | 02e7d66d09a6b80e77884131157d9e97 |
| SHA1 | cdfbcf0aec82bf24803d2c501a836bbfafea63f8 |
| SHA256 | d88168c069cb969222fd313c5dbc56ac54b86c9a42f1cc89428ee26b99397092 |
| SHA512 | 95d3b60ebce4a19347403e008c3c5e9404ed3fd253f2fbfcef15fed53f7091fa06c478b45460b7ea18f48233805dd8c1089a926e7e8ce6ec43fe992a6fd87f85 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile27.bmp.exe
| MD5 | a436a5fd70e346215f85554998525fbf |
| SHA1 | 8738211c1b3ca0b78a09175ea1ea915eaf4cd5f2 |
| SHA256 | 08e183c5586b5a26a572fb76e2853f388226e92bf02e0c5756c61068fbe330bc |
| SHA512 | f2e73bca20dd8cc80207fdd8e0828bfbe421b044c8e9ee4c66b50ef05f0f3c0b40c2c5fc64e71734c79a78cf3ead8da377ef4d6be9009a2a6cb98cae4a09f56e |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp.exe
| MD5 | 75cb75dda8816098ba776771017adf8e |
| SHA1 | 0d53f93cd476fca77f9871bb7f356b0f1890a3b0 |
| SHA256 | 177cb5ee1f858c75bbebe7d576554d2c8b3d3ea8312f076d34c8afd566c09de5 |
| SHA512 | 8327a95c4f0e263294ee28e8f88b6208ec62294fbca7c5fae1dc867eb29670ef948bc11ce8c6dd735a9cf0bb960126247d5ecca7650274181dbdb882fb4b4345 |
C:\Users\Admin\AppData\Local\Temp\QUAY.exe
| MD5 | d09216e6a8c2518a629986a582488c71 |
| SHA1 | eee51f35359a2644682dd9c3bd4063599d61d2d6 |
| SHA256 | 1fdf86c54210e7f97474273a4775e6d81567592e13b7eed1a85091129d4a75b7 |
| SHA512 | 4d71e1ee9fd98fba5ec4af6ba0a0c0487aa8c1482659a047ee803759b481866f868f7abde3a9114fb35cbd9d5c264acd0c265d6fd06cbe61f98526ecb8273ebb |
C:\Users\Admin\AppData\Local\Temp\sMos.exe
| MD5 | beb429b03bf82d3c50d2335266f4ff07 |
| SHA1 | af534166f81810c867f39772c1226e9156dadf21 |
| SHA256 | a7ee0e1ffd62fa3817b35aa830b803d661b819cd654944c47e1461c3ca7489fa |
| SHA512 | e600aa541bacdbd9063872984ab845fafe74a1f6d8bbf8a1c5b4e6dfb1b21c05cdad0854ec424e58d9190abc6288ea6472650897647fee24f3d13d210aad438b |
C:\Users\Admin\AppData\Local\Temp\mwUK.exe
| MD5 | 01d90d86acccf05252c791d04b1a5574 |
| SHA1 | 6d4d9ce45b77d581a6aa7e7ce306f151e898cf37 |
| SHA256 | 3234dec20a2bd96deca9b5aa152ff9d617b72fa5bf455d3706b347deb1f2fd3c |
| SHA512 | 4082c30d3bc5d96acaf05b66ab5698779e00b3f9ddf08e36f9f0ba623fa6c68f2b92919722b1a105eff0585c43849810a1b4284090d0bebb77ace380ecc144a1 |
C:\Users\Admin\AppData\Local\Temp\aewcEUcM.bat
| MD5 | 37ed79c0415e7edd894d0f6c0b2dfe37 |
| SHA1 | 2bd485a088e9dfc89ddbb988cd3715fd7637a983 |
| SHA256 | 84ef3a9899ecaae619f6c7e80153ce283000a4b2884dc50e9d0dfe63191aff9f |
| SHA512 | 5414d9c09a18a500e00a4b8daa62c5a8bc45a388ec6a3e973ddbfbfba953781871f07b6aa43868281eaeca5b47bd5d08de904e353fa47a6ba421aa9175d2cfbd |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp.exe
| MD5 | 8b816c57361daa1b20016af6aebd665e |
| SHA1 | ba15ef9198aa1b78550a639f89dc9d8173fe7a3c |
| SHA256 | 374250a00923bb05512b1736a6d639f2da70651a56f4c138dd0dcca85e93756d |
| SHA512 | 17f24219cbf13f3cc33541a64a7b7fbdd76dcae4c594c2a696bc1dc862fa1c5101da4bb46fabba008c3ad13f7873b4292dada7dbdeb8d6fb673cc825164c224f |
C:\Users\Admin\AppData\Local\Temp\OMou.exe
| MD5 | 1117ccdc38b88c6a34def3a7238b7de9 |
| SHA1 | f8eeaf3ff547b33b74a3fdb155dda9d8c3289c41 |
| SHA256 | cfea6f169f45be4e6b8386b6f6101cc081f2aabee54117fab1830ece681a75e0 |
| SHA512 | 53711371e1d6b91ce462d21f4916a52b45f6c2ec424161650ec0bb93e387c2342dd7f3e418ae18f0d17c7f0d10433072bffb373e2297d1888637e3f589981156 |
memory/2280-3161-0x0000000077600000-0x00000000776FA000-memory.dmp
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp.exe
| MD5 | ae648665028abb9b5a807ad74803c29d |
| SHA1 | 032e8cc164f77258f7caf5e9e7c7497718778c1c |
| SHA256 | 5a18ac9fdaec9e3193e8f683c719707db02fe53f189178590057947330ef6cae |
| SHA512 | 24008f219c6cbb3afb38494ac83140e0d2b37ecf5a6ff8dc86d0cd4e32414a1cf16d928900073a86d2d2de05bbb6af64a5ea8bb3d2319b8fb7eec1e4546c59af |
C:\Users\Admin\AppData\Local\Temp\SAUU.exe
| MD5 | a27d1e80d239e4b9a830b0c22f8c6dd5 |
| SHA1 | b7f365b842acbfdeac34ac566e9000322e10609d |
| SHA256 | c6463373041925bcb913381f538223f4b2b5ad88641d1e3a801354d047604df6 |
| SHA512 | e125a400ac658df48d696018ce01406089eb992d67340199c62c0314278722db24bbe94024685458ccb5f77b38e2ba2dfdc3e781e9acf77bb9ecaeffce1345f6 |
C:\Users\Admin\AppData\Local\Temp\sMki.exe
| MD5 | 8d2a94c303edd4d96d794ccc4a806aa3 |
| SHA1 | 91f2c2b58a269232808c72cd87739f14bc96ad82 |
| SHA256 | 61fca948b527107e3f4c6e9f3b3124e0b0f16c1aa5e402fd4ec26e7b8f15d426 |
| SHA512 | 80f84146e418d92073e70a662379988b0a8728361e9ed34198e0b58571fcdb3edfe6c3cc764fc40234bd8ed7ff1b5b5f56d41015b8a7c6bbe7ffe7a227cdb5b7 |
C:\Users\Admin\AppData\Local\Temp\mMQq.exe
| MD5 | 1b5acc4375076ee4dc545b84a9b7affd |
| SHA1 | 64374e1cf525921bc5dd291c6474e2eb8b94147e |
| SHA256 | 1ac48596bb3f909d915f7e32c7f4de31e32de8ee3e092a6c46bc736904960c4a |
| SHA512 | 499014c0ae640dda7597bf9069de8a02ae8f19daae006d7940899afe7fdbb945a149053ca5be6df2a08a32a916c0956934985a163e3d4d3bd6dc128f020e0b2a |
C:\Users\Admin\AppData\Local\Temp\Kcsk.exe
| MD5 | b1acf8cab2401a650b8caf7658abf761 |
| SHA1 | bc3d7582b40fdf349a94c60dea3175f736ca82cd |
| SHA256 | 2a26ac710a290745392317bdef62059c139e3498c390e41a0dd68d17ec15a7eb |
| SHA512 | c00e21340817bc3ee3b430df600fea6c0e0a064d082169f516332f01c30cc08a10bb59e402674d0fd5c0a655ce6318f5acb4a4992ba39350d74b34a4024f80d1 |
C:\Users\Admin\AppData\Local\Temp\MUMk.exe
| MD5 | 39d5ccf3ca45d26a1162a2f5a1b39db4 |
| SHA1 | 7ddb721f14549361190e98e4be20470ddd9c1f71 |
| SHA256 | 406808cfa806e079ed6ef19dcf0f4d924238d31089494d86eaa72452bb4fbb28 |
| SHA512 | 914181bffcf26157629d9340dac2785593f5402ab1b058c0bae10d022483102708cd7e14e233bf2df6b9668d3e8c37408748f947e56073f864068ae5d303492c |
C:\Users\Admin\AppData\Local\Temp\fWIgwwEE.bat
| MD5 | 07b9600d79618717d0fc4bcc3a10685d |
| SHA1 | fbf84d24d2e9ae3ba8294c3f908ef7479b931191 |
| SHA256 | dcd6c69261075ab1532eeef6e2b17565fd86c0782fe3b4aa7fd178cef9ceb3a7 |
| SHA512 | d871829c4be3443386b1098a91bcc8fbcc40f94f61292ad764eca645df19a117c0114595ca992bef7c9eb578bbcbfecbb9f40ff419511648cf97e9109d57c9f7 |
C:\Users\Admin\AppData\Local\Temp\osgm.exe
| MD5 | 387038f79bfac872c249fa18c34e9a50 |
| SHA1 | d865910d085573f9029b2e952f6a54d62d74364d |
| SHA256 | c939b72d0b9d1199555abdf6886aeceeebcad49dafac311da9b27d32438e9b0a |
| SHA512 | e7560a60547684ba4dc4dc6b092946aa3c8abeed8048d4d00055fd2e2ae2e255adccb13b370f1ab80e6d2327c8574689960fe453fb034c291cad657abd29f120 |
C:\Users\Admin\AppData\Local\Temp\MkwA.exe
| MD5 | dccff277cd751c732bbfc8c4fd8a5eda |
| SHA1 | d9cf705d69ec04a9705ddbc6c89df87c28ff74a9 |
| SHA256 | a6af5bed054b03b7ff6a53161cfd24326f4163a891128f5abbdca53a6c263f0c |
| SHA512 | a1fc021a73386a525f7b885b32f1dec6724c65306f92531729f63001b51f8f17ce76df5cc41be54879c18696d3188795c6d8090f022cc4eefbb75cb1824341eb |
C:\Users\Admin\AppData\Local\Temp\EsQW.exe
| MD5 | 2077268bf4462662e150f964945fabb5 |
| SHA1 | 3ca3244572fbf1421fe23af1e469fe2c4b63296e |
| SHA256 | 4f9d47400184f4965200043d5b3b65db16b89744efb7db1bef820147799a72b3 |
| SHA512 | ced59595e879aad253616b6954b9ea8c7eda11ce49395e81e8d65aab5f52f345c0f9ce6b2f13dd0785f0c006d38098cea5f033b9f9cf081e681fcdd5e19117ab |
C:\Users\Admin\AppData\Local\Temp\MGAMkwYo.bat
| MD5 | f1a2fe46f0974d791b1ca795eca2c812 |
| SHA1 | b0bdd0fc5d4b0f1226107096dc900f2b9778a02f |
| SHA256 | 03a27c2d2ca0d7f955e3a9296af2700a23f4d04978a55f7dfc6a9c5677907b92 |
| SHA512 | 68e38de0e28ef88645edf43db1f50906801d3712ab6f8718dce4b1a9826f70a58fc7e74a9ac325927a578657417f6581a922afbfd212c02218d7daa6a11afbfc |
C:\Users\Admin\AppData\Local\Temp\uwcIcgsA.bat
| MD5 | bf761360545d5f57776d44c8281d9d3a |
| SHA1 | 7d2a63524122a0b243d7b27dcfcfd56a550d6cd6 |
| SHA256 | 2ab280be437a6f9e18be6f7e6e49d646e5559f2c51494f71dc73c95bcedc2b4b |
| SHA512 | 525d652ced7938eba22b64d08d6e39ce1c95d87a300f031f6d587cce4ee71309d1e697afea6e75ed16bf5dd6e065ea8c4f310df3f6a34058b516f29c84833555 |
C:\Users\Admin\AppData\Local\Temp\BSQYEoEw.bat
| MD5 | cdf80906e712b4f869ba681dab05a706 |
| SHA1 | 5c86affb6ab7ef869454ba55ec26d6bbf2300f37 |
| SHA256 | e27241c8f7556db3817a64945d4c9b474a40ebfc0f9fec902634cf1033598919 |
| SHA512 | c0a1c4799fe66bd9dcdd2521c1fa27fb4d1098b1eda05776c2c296d7be5a1eb57cd17cf3a082ee2294c3f64d809ce5af223fbe5d02261701010b69af1d23ed7a |
C:\Users\Admin\AppData\Local\Temp\hSsQoogY.bat
| MD5 | 4439d6e5ff28ff293b67612d91fdfe8c |
| SHA1 | a3c03543e6c58bc8d8de259f5b975b4f2a98ae29 |
| SHA256 | 40ee4c9bbe48e59a810195e023fb00c1bb0416632e65fc244ba00b1c7bc95fe8 |
| SHA512 | 8cf38b4f86cb5727905b529326fc0f2b0598254ef9d83a09911dc2264828d6a1e4a0a8d30232306062f3244421a032874e34568fba9154268df34b7ff3bcd56c |
C:\Users\Admin\AppData\Local\Temp\laYMAIAo.bat
| MD5 | 40c659510dfdab4541d1a511a0c74476 |
| SHA1 | 4531ab7437f5997e42a34d10b0fa565f9068efdd |
| SHA256 | 2fa1dec7f0750bb2aee7704df538daeb402f78d7a35aeb4948e23c77e6e234ed |
| SHA512 | 2bbc43fd08bf4e10f0a6446521858f8e9b2032a7c4e3920e7a8d45a7cb45beb146bf57a12aa7f111c96277c3a7391e3d85960e6ff0cf2936f32569c011581138 |
C:\Users\Admin\AppData\Local\Temp\nOsEwQYI.bat
| MD5 | 5c16a5ce4b1c456bd610140fcb82ee10 |
| SHA1 | 2aa6a68e6884e53119b7ac237e1ccfbef4919129 |
| SHA256 | 432926d1a31905456ac71c268024b03b58563a15370e8ce6732a39146efddce6 |
| SHA512 | 069261bb8e070b84bdaae0be5fbe5b4e61ec39f33796a39ed26dd4b7e6f7a200a83fa4c466a44ced1293457e7c84812f7cd246b57a6180623f9ab3a5ac6c8f16 |
C:\Users\Admin\AppData\Local\Temp\mkEkwkME.bat
| MD5 | a028f038aee5f385a1bd23b4e8715e5f |
| SHA1 | 34c1bdabdfaefcb25d1c7c4132b70ba1564a0871 |
| SHA256 | e40bdeae86d213f25caddcc736eeaec622acc9ad3d630a594182251fbb9d12da |
| SHA512 | e9398a71e542440e1a0bbd922835e87b1cbb9838ed21f498793340574b68866ba4975139aa820345220dd91d14a9ca487da84f5d6b16d2570b9bab39dc4de698 |
C:\Users\Admin\AppData\Local\Temp\weEsUcII.bat
| MD5 | d805756feeec4f57155afd65dd809680 |
| SHA1 | 154bd68ab2fda46c1d281c90626e5e2d256e85f3 |
| SHA256 | 1376b240c9493656fe693e77b9cc4ead25fcfc4c428c62d5f54d1a8e74bc8693 |
| SHA512 | af9194db01a9d4de0f0b1a44f643b826e70ab8015792ce7760568ef7d0c5679fc69fa1a2cd153e62f201c3f1fadb053124aed7ff0082e61336bc1bacbc29738a |
C:\Users\Admin\AppData\Local\Temp\Qiscococ.bat
| MD5 | 666111c171cbb9795e3adec6bdc24a32 |
| SHA1 | 1225ff3dad47864870325492386f36e5b64c2a94 |
| SHA256 | 6502259fae9103e2fdae67f32b32ea4a7caf7f9df35468afc4f590126a19fab9 |
| SHA512 | 71595d8ba23f77a2fa4f82541a686d894d707b5c507897d7a2d2c77ac8cbbce3c97cd111e75d1b70a05bbc736134d11522b910e9ae2d90880c8388c65341feee |
C:\Users\Admin\AppData\Local\Temp\aWooggcY.bat
| MD5 | 1a4c75822d96c75018572f554055044f |
| SHA1 | 0cf0353d3331821d663636c7639349fecafd632d |
| SHA256 | e908efbf3220745db84156a09c06cf2b922675763be1e4664d7b070264028162 |
| SHA512 | cff029d5c56147232a4b00c3384fbb11db6a1af314af17bf20a795a80eb561042a2eee1945263514af25c0692857de99256fbda2ea0c304fc6c242fd7d8f5ec8 |
C:\Users\Admin\AppData\Local\Temp\OOoccwEs.bat
| MD5 | 6cef1f286271923d4e4852e87514d11a |
| SHA1 | 271559b3182533480e5cb79005f9b5c80b20b332 |
| SHA256 | 010f6ca01e3c1be499fb8ee6dcf04116501f8caf3c6b6cca3e7e877204d4cb72 |
| SHA512 | 0e37f7104fa0d189323beb6a488ec16f5238b8ddfdf2380d78a0d28e5b842e735d1c59986037384ef14d0fdf2409530406bff150a9bebda3fe079cbca3f54d0d |
C:\Users\Admin\AppData\Local\Temp\QuYwwYoo.bat
| MD5 | 399398bf79801cd2199f932e416c1d43 |
| SHA1 | 4fcf7098e7af772f121c64475b3bf396702ead60 |
| SHA256 | 404e7d949e516f79e2a18a22c258ad3b63a0a90ed6c3c39229bda40a84817a13 |
| SHA512 | ef152b9501bed48d312aecd842e996fd669e64323649b26b905883ecd836e9e4f1e34bf1cb4b0537cbf824262b3c82c326a07a131693b0ad68e2f575fb85449d |
C:\Users\Admin\AppData\Local\Temp\FQAIQYIg.bat
| MD5 | 076ecb7dbf375f4233585c1eb1a840ef |
| SHA1 | 378f0e696ae99fefa462f496d0d28370969d6e09 |
| SHA256 | 93540c99e551a0e28f7fee4ca6be8b7396f5168a118bdd87ca1d974254cd77af |
| SHA512 | fdb7dcaa98aea85d7f415bec3bb0f27397352302cc831b23760aaa2cda7e572380b97438b8bcdb5c55aac883fce25d22b6032df82ba5a67787f94eacf6d769e7 |
C:\Users\Admin\AppData\Local\Temp\lMAUEIME.bat
| MD5 | de201ea54df61f208ebf55c983df2824 |
| SHA1 | 46dd0ac0071f447a0276e6c6d42bb05507bbdea8 |
| SHA256 | 270a942623349771ca2ac67948b386aa5c284b16a49412f90e98f1c5659dbc34 |
| SHA512 | 22adae4afc6f60be1057eebfa228c4952706622011e9656333d36ce46f92062e72ade6ad997b5923ca057d411d52857a26a35c6b8bbdf134c9b6a737ef24cc80 |
C:\Users\Admin\AppData\Local\Temp\BIIMEUcU.bat
| MD5 | 35f56ea43c9452641a42e4bcb6825a7a |
| SHA1 | 1fd3d8eda39112104adc23c7ee4f00ed256b3144 |
| SHA256 | 10992dcdffd4f49bfeacb8867bc34c9ce316663474d4c3028ca71a4bbc7a2b2b |
| SHA512 | 724b7d17a6da439cf5942a6c50c4a98cb526e61d4a0b055cf238ce34eedef2502fc85cdf759552411f8cde1e759e89c596dc69b8fd0aadfd42427fb724a9fe40 |
C:\Users\Admin\AppData\Local\Temp\lsMUgoMg.bat
| MD5 | 47804439a3e1094baab9a133c93c046b |
| SHA1 | 6b305ed9ed059a16f5d1f82fe36e3213b1cac5ad |
| SHA256 | 311204954b4c2621025e531e7f55247e903371446b81a72d8472ae519e0e251e |
| SHA512 | 4c34b66c002f2d83b85a3266432a344bf47fecbb44fdbb73c13b526fd9e57c62752c22ff90221134e351b27717bdeea7fe2faf4dff05d842f03f5db9d46a370b |
C:\Users\Admin\AppData\Local\Temp\tGEQcEss.bat
| MD5 | fea9472a54f8cd9bc7ee5e696d5c2f5f |
| SHA1 | 03e82d5d633e217f7f2d4126081fc60d1e70d3fc |
| SHA256 | c9f077a8cfff945ae87de5ee78f131b3e8966b38dd92e81c6c36a5c2795732f2 |
| SHA512 | d4126a4de26f8a9f43df2e609efc745b86eed22e4ce89385dfa1c845c3f38c9238d00a1f49662a1390eb00a3074a0da510480a527c7ef54c8138f7a334946805 |
C:\Users\Admin\AppData\Local\Temp\TooYUMYk.bat
| MD5 | b825f5f5e10a6ea88e751994488fbddf |
| SHA1 | 5be28c34e73ece7a277f34b62d9370e89839edaf |
| SHA256 | a20f9dbd1084556162d712204e2385a26ed8cd1d54dd7e9bb3431da79a75c8fb |
| SHA512 | 2ebef5eb32fc67c1feafcd8783f81ec610d37f7260ab5d73420c951a699f182b6cc3ff91ada7d7866cc4bb35d60778a1811364479dc807845974827577170b6c |
C:\Users\Admin\AppData\Local\Temp\WSQUMQAc.bat
| MD5 | 9df37d3c4055fd0c2952b459446666ee |
| SHA1 | 03e945dcf7784bb911ccb63f0f7690761c4ed36a |
| SHA256 | 0efc1f1bf8a659f3fd99cc82f066f1d665dcce9234279605dc4c3aecdba3efcf |
| SHA512 | b9b5277dd6b0edb6836f01eb9f7cf1007ecee0c4450c8c3d8ea60ffc4313c7f4f7ca05269073c8a3a8109a3fa6b31650a72ebb17a17d63b49aa59bd0cf3e3626 |
C:\Users\Admin\AppData\Local\Temp\cOIMQsUg.bat
| MD5 | cd626d3c873ed29241e8ec073adcf899 |
| SHA1 | f1a8c7bc8f15b0a00dbbd5b80f46af588beb27d9 |
| SHA256 | 40608f52ac4dcbd8b41757a1405cef73046b4e59077e9671e8fb46e90af60b21 |
| SHA512 | 7ca3491c6cb8d427ed96edb331d9add530f67e372535fc62c0b50d632c523d37d7bcf3a9c6973e425698cfaa819dae7a2545ca6d0ddacd73d91380414cce724e |
C:\Users\Admin\AppData\Local\Temp\GOIAUwUI.bat
| MD5 | 78e3d055d9b60fa2d19efd0c86de6bf5 |
| SHA1 | d591e1ba59d74dd6f6cead2725b544b53c5375f6 |
| SHA256 | 2a8beff32b5720d3e0f2133bdcc1ddff3a5cabea6e6d8980a427dd812d0cdc4d |
| SHA512 | dd229e46d00c3755109d8a0dd788598e369015e61066439697e3620240511c60796f00cd83d9162eaf0fda4b9305309b2ac0e7642fbff455ee31c4d6b61ce09a |
C:\Users\Admin\AppData\Local\Temp\DiwgowIU.bat
| MD5 | 5619f772544332c285b52b082646759f |
| SHA1 | ae94fcacc8bacabdeb840218efab53b56fd069d0 |
| SHA256 | 50a8770927f83991aae51f215ff3e9bf62fbc71cd9c3b264b37b4d79a7343401 |
| SHA512 | 62301f21ea43919b279867f52140c104f826619b8b096035a3d3e0ff5ac5fe1cb4c38e9ee6249199e8f5901de6956dbcda5a636ecbce37a17575b466dc7c88be |
C:\Users\Admin\AppData\Local\Temp\LowMsIws.bat
| MD5 | 46e29dc0fd196772c85fbef1590e0d5e |
| SHA1 | 048e6e4ae58c83ba436e0a2cb3dd8df0c75cb3ed |
| SHA256 | 5329582d613439a189a77b293883bde4c1e2154f012782340580690974f736a4 |
| SHA512 | 9a5ac40e116a014f7f1b8d1b06fdcbbc27c8c12e01b3b9209a323f28a7c5481f4ed318418c49f11b7af02d824a55140f4a66456ea68457dc87ff510e232cecfe |
C:\Users\Admin\AppData\Local\Temp\rcwUUEQU.bat
| MD5 | 9fc0123990598c4eb632d5071386d931 |
| SHA1 | ce478bb620dd2f16828af5a0b0d17163415f1a9e |
| SHA256 | 1d5bc31177554b50327815a584f9515f7c2377ca0459c976fd01a87cc7aab538 |
| SHA512 | e95ae50d2f845aded4826fffed823a845328b39dd6d58655467aa2d824c8a8b258f7a5be0d7cebf4305cd648467f2d7f80214bc834041f1889debbcd5e2e0ec1 |
C:\Users\Admin\AppData\Local\Temp\HKQUggkE.bat
| MD5 | 2b986aa7ef5019005cab95268d303722 |
| SHA1 | 7925bf0732bc109bfceb946bae6e135d008124e9 |
| SHA256 | d590ecec83eee9fe7f70a6879e66bb4b95c3af43a2636df3f2c6ed719216b660 |
| SHA512 | 201b4e7933460e0f9ad6dcc300ef5e5a1dd83480d16cd3ffa81d4f6811f09f7a469174afd9a8f78f94a9044dd6aa973afe3ac9b44e57dadede8682221809a84a |
C:\Users\Admin\AppData\Local\Temp\EUkIIIIk.bat
| MD5 | 08434a83dd35f253d476ad933a77265a |
| SHA1 | 38eb4d57ca8f602d452c743fd226058cd9fb5953 |
| SHA256 | 94d54cb48451e86906826f73f4204c16b3ad40219737995349ffb45be0fc842e |
| SHA512 | eda5d8aa1c32e10e9512f019f9fd06d59d924f0ce2cc0b0780b982bdce59b9b86a5a1bd4c17ae019c061a4d74bed6405b83456eec8a57d80c06634023465b95b |
C:\Users\Admin\AppData\Local\Temp\MMMS.exe
| MD5 | 9741b74cd40d47475550d1db84f23b22 |
| SHA1 | 732fe40aa528d32666843eb2a9794ef637156c24 |
| SHA256 | b54ede4539c81e555e9bd71329cf2121e10daeeb306d89cdb93a14999729cf7c |
| SHA512 | 144cddda4b7a1d9fc779216d1fdb3fe3e9fef964ecac44da609f49bcb2a3bd9480d02d39954191c235e4905df3cbc2643a08c711dab5d206ae98d29030a57ce5 |
C:\Users\Admin\AppData\Local\Temp\gOcEwkQk.bat
| MD5 | 9111b3e048986b78de195623e42a072b |
| SHA1 | 7a138cf9a1d9f231e5d53203db8eb961f9955508 |
| SHA256 | 23e6be7163b8ebd1f8e46e145785578b4f8532d31e6c67c9f9a58fafd955b20f |
| SHA512 | ca3243f99a9c0c5cc9b05a84a0b3beec11f588a547926f0e0a02f7a7ea1935a650a6fa2b989348568fa5808631d765e5583dff519893dd2f94349d4fbc9beee4 |
C:\Users\Admin\AppData\Local\Temp\gowe.exe
| MD5 | a8d258f9c9c71e749381363501f9d053 |
| SHA1 | 6e4834b996dfc750328e09d515a4a3a8811eaeb6 |
| SHA256 | 19fce8bda557828bdc73ad2d659a387ce0e3a92200bd1b3094e780d4d99360d3 |
| SHA512 | 829bf17a238a5536440e5a58273fc2a667c0c6db9320bc7b18060cc2f4405bc915a8b650b9d8ec72c860e4c9a48d7c4b6ec560947c0726a0378cde94ee1ed191 |
C:\Users\Admin\AppData\Local\Temp\Oggo.exe
| MD5 | 9c57ce235af0ff86bd1ee6f6bb6be8ac |
| SHA1 | bb08d5395c0ffa2750a017aa8fb7ed7257acca86 |
| SHA256 | 08096ac0e4a4ac0ccefe465670d2315ab0f7c0bc04b0da9aea1b22c110a3f8ce |
| SHA512 | 605701d41f249d320a610ebbbc9db3ed6eb4fd10411d67c9ecdf9c787ebf8b87bdcb96eeaf00e4406ca0f220355abc875e53dd8b4072437c4680ba5cb92d8070 |
C:\Users\Admin\AppData\Local\Temp\kAYYkocg.bat
| MD5 | f311aeb377c75b98fe24d9b4ca72f5f8 |
| SHA1 | b9fadcd5d045981d942a0128bfef2e73c2e2a690 |
| SHA256 | a5ef954890b8c404bf8f2e4c13cbbf184f166657d8edfd157899becf737f08bb |
| SHA512 | 4ac5e4bd22cf20075cdd329aeaf2178549b5f37293d74b0fe1d8ffb3e5047315ea911310f809ef7af2336d3a1c5fa39a4db69d3f45680866fcd7b923be60241c |
C:\Users\Admin\AppData\Local\Temp\sEoe.exe
| MD5 | 732b0783f23e949617690afde96374d5 |
| SHA1 | 0d4fdad1624014523627b1e722aa791ac864787f |
| SHA256 | 14d66034f3750ccd27b86967e2b938b117215ba999123eea971a486ea5fa8811 |
| SHA512 | 611472e3831f2e432eb4f1f8ec3bcf3f958e780e203c5bf5e3e0d97e9eb556f8fab8aa9b7a0d89758a38bbfc5279c6a7419c502763b0159f8b574587170da1b6 |
C:\Users\Admin\AppData\Local\Temp\MYQY.exe
| MD5 | 5671a788708f5cf35ba32cb0d83a456c |
| SHA1 | f3ff60a178195b0747586888e4cad9ca2daa27b3 |
| SHA256 | e18f772596cc63313a496fe30d7cb81eee804138e2201bc3e4f7e7a73fd6c29a |
| SHA512 | d15cdab211da9da307b05588a9f13c23e66b0d80c17ae784ba1aeb1d83b47919be8774a97ef89002e456b1cb9760365c780a3714c0c93a4ceb83bce7949fc423 |
C:\Users\Admin\AppData\Local\Temp\QIcE.exe
| MD5 | ff2461d7774861eee4921c09f2cfb9b2 |
| SHA1 | dee8389de9b0b78d8a056f8ebe680e9c07b725bb |
| SHA256 | 2f75803beb825b87329d05acbadfc61aab517a438cc1f32f162b43081dab382a |
| SHA512 | 3edbe65365c005ee3c1fc5f360b17a9a630ab1d248ca3572061885bd4affe28246052fa879bf022be239d492c53c898a47abd68e720dfc7437da5acaefc941ba |
C:\Users\Admin\AppData\Local\Temp\csgsoAko.bat
| MD5 | 9b20e7d621ffa4efef5def9e49ec5fbc |
| SHA1 | 6d388ffe07ccc4d5fc4964e28d2b4eb7ec967ae6 |
| SHA256 | 33af3bea4fb4021f1488f418c3e91543d2b42a890a36eb5c8e131af318b1d1c6 |
| SHA512 | cfa54fc9d100414c530aaa6c9cbe3aa22c3050a8768e68b8bf8741ad2b06972930274bf546c999c86aae5a15a050d96e0daba94b7cccfefbcff6b779dbfcaa57 |
C:\Users\Admin\AppData\Local\Temp\WMcG.exe
| MD5 | b5173ee33f62ddf9effd072921372aad |
| SHA1 | d0a23e05f97550d615ae49d6ef4868cada0da013 |
| SHA256 | 7915124a682c2a3e366e30d8721c6cbb75c064d80e47abac0b99e0c201cff832 |
| SHA512 | a3c2ba1ecc10196010f4e773ad96044db8fe8dc981419f0494837dbb0380176fe930cb3b859e379cb269187983a82c6488c71e38205c0e37120bcb836fec8685 |
C:\Users\Admin\AppData\Local\Temp\fYggoEkI.bat
| MD5 | 97af462297fac9ae1388ad382ffb660c |
| SHA1 | ab8a83a6a7d6583dfafbc88b4f33068ae9c3755b |
| SHA256 | 6a232f5466e6c8ac3c0e6f85dba96655d6b3746e8ad19d938f1aa98893f3d181 |
| SHA512 | 0c454d13eb5528b0b15dc10caabc299d56d031be6134df9890c723366151341301b9216297054090f0d2b752994df710603874929a4d628e5c85ab74cdbb9ec8 |
C:\Users\Admin\AppData\Local\Temp\beMsIYkU.bat
| MD5 | 389da6a644cfbb2a91c5d2c450be69ed |
| SHA1 | d360595bd5066e348203af75485b7b0be20c7782 |
| SHA256 | c98f48dd7903f313439df95aee05a6a6a868127102b3b011e9723b0573ddc1fb |
| SHA512 | 84229ddc55d53da3718b55c6e74a6fd98fd79e181e77f33f0a651583949b2e52dd2754c03f49df88a2a4b54385d9e432c8087745e958b7ebb8125becd3156195 |
C:\Users\Admin\AppData\Local\Temp\DckMYUkE.bat
| MD5 | 945e91e2ca5554ee41f81f08dc6de4a4 |
| SHA1 | 771e7ce5ec1f2b826baa81eb8e00e4567f63b33c |
| SHA256 | 77afc6f5b947db0f3f6bde72e27f64f885fdda144b9a9048869981bde9b373d0 |
| SHA512 | c52e9241bf6344b842b462446e08b0a98235c8e7eee91617a57270102386def45060be4174b9948fa26c9ad1da370625b1e422136d78981b9ddfcb803279ab8a |
C:\Users\Admin\AppData\Local\Temp\lUMYEoYs.bat
| MD5 | 95188c862c84aa2e79c40046b59a1274 |
| SHA1 | bec9ae39826dda6303608f8d526423660fe67dd8 |
| SHA256 | f39f0a384934954544f3da737a73caac160b88a7299a5720e22696ad24111dc1 |
| SHA512 | ef4169b74f7979ebf2a8f66a1332fa2cf6623f80c0effbd41e9c35ca9147376d4052684df73f00dcf88112a25e6fffcc7ba582b9e75f069dd624d575df2429e0 |
C:\Users\Admin\AppData\Local\Temp\cUUI.exe
| MD5 | b1a3567b621a02cd7cb36bfdf31754d4 |
| SHA1 | 20b56d6e90a73a7f7d6567ab058781fa77260d9c |
| SHA256 | 073ea46ef0f74742da6250a1896a1fbf98dbc450f0a84364579f69fd8334a6ff |
| SHA512 | f9b4297f4f9e58ba61f661fe772a8cb46e99700300ca28dc909ac533ef8ebaea6bb7d3d34dfbab5f8bcd65ab590009423a527ab14f29e78b657d179b1f8910f8 |
C:\Users\Admin\AppData\Local\Temp\msoa.exe
| MD5 | 2abd5071d6f2eddf544140e8c7e4467c |
| SHA1 | 2998626d6cbf5d7d42dcaed46e76e36a1515e894 |
| SHA256 | 4db45072aad12058f9233f5369dd3576a5ba6a6ed06b604671169a30eed86ce4 |
| SHA512 | 51b16cd4873ce2e09e8ab22fd49079b3af13a83d54085beb715977c7c44d4af99bf4297e610083504cb2c05fdf45f7316429253062fece4280aeaafc81cce3c4 |
C:\Users\Admin\AppData\Local\Temp\HIMoQwQw.bat
| MD5 | 3535de303c6883541b203ec6f729f62d |
| SHA1 | 4cbf7f93a5a5dd40a47e45c63c0b0e52531eacad |
| SHA256 | bffb86a23f07b586398ca556c20176b8e100dc1eea59503d9effbaea8302e776 |
| SHA512 | 56f07b9c458a35f05b7d84c1d05db9cedd3d66c1ae8deba4b6be0f230dd44951007a643bf890327bba952b1c374f8fa46ed7279ac9660a5693b3e58bb679a225 |
C:\Users\Admin\AppData\Local\Temp\YMQm.exe
| MD5 | 6359b00346528325ee6351cf2937435e |
| SHA1 | bf7ba1bda4d6e3cc89423f409a045c65262db151 |
| SHA256 | da42fc36290374d266bbb31aff0cf798eb14ef61139c447ddf2ff9d9c6237f94 |
| SHA512 | 1c7ac4be9a6fc8c332089398940cbe11fe1e603a824f753c3660b795fe8873e5c8bbbc927bca58c93ddb9341641535e469baf008bed301f15144d1f02025385b |
C:\Users\Admin\AppData\Local\Temp\oIEY.exe
| MD5 | d7f17d26d4e74dcde68ed50c1273350e |
| SHA1 | b5c4df4f4f0817187dd631ab94cb51ed65c180e3 |
| SHA256 | 6e9d119dd8c83787b3a067590026dcb95cd2d2f4e3a2db5ded16e6305b621fac |
| SHA512 | ec7900df716f3cadfb7c29e3b04f9ac71669f48cc625397368b6f733001a3f9830d4d30c042cdf2a98c68af1bee41169d4757c6b9e4a3d8086958a6185d812b0 |
C:\Users\Admin\AppData\Local\Temp\gQcMgEog.bat
| MD5 | cbec945d38c4ffe51e6b56fc136ff5f6 |
| SHA1 | 79e2b762ff335f1c9ded3501b9dbe46d1b5d3990 |
| SHA256 | 4ac7ebac2a4b2376ad1b1561b1bc2a0ce3fd568b3237cc7a1a6b9fc3d4fd530a |
| SHA512 | cf83ff79040cfce17733c1924b5b0c90fe37ffbe584598cc0819861fd2e09c189857584589d2b3b7831350992ee9cf32019745aed93d54e979adeba39a108a93 |
memory/2280-3160-0x0000000077700000-0x000000007781F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\oOcsEAQw.bat
| MD5 | eaff2f27ffdd02ef59d55878aea7aa80 |
| SHA1 | aa24f6fe873e0b8a94ad70e4f60996c645a78678 |
| SHA256 | c9f484a30b520cee19bf7f64b3e5e0956ab4846bd5fabd59cdf05d533bb7bfd4 |
| SHA512 | e504a54deaad9cd4ee65dd75da72cf507657956897199139788d0d3b715b36e266faa8e7289ebe7c7f805213016bab28ae016ce230bd0cc27f8a8d2eec1568e9 |
C:\Users\Admin\AppData\Local\Temp\eksQ.exe
| MD5 | 4f378128b2a4a55c33f789b741f71b4a |
| SHA1 | 6b45eb26a5e23ede317439731c1b89da02d04ff9 |
| SHA256 | db471c3a133d55ab079e03a358cbf060a65714ba8d6eb671d968af894ef1c827 |
| SHA512 | dd73207048b21ed11e69158caf2ad7bba8c712d63e18dc78e81683ab33c656c48d784a7d8e0627b2789cd4affe7bacacf2b3b3ce37e5a8c8625c22f922c7e177 |
C:\Users\Admin\AppData\Local\Temp\mwYO.exe
| MD5 | 24483eebe8ba425d433a8fc19767ecfc |
| SHA1 | f02053f87a50d4f7a25881eda4f9545646a50b4f |
| SHA256 | cd1614761d35436d375d0a1e4d66e3c4d0c1cacfea2f3f8baf0dc1758371356d |
| SHA512 | cb6a259177714c1cc27f83ce17a81afeb09749da7253a73c733c2b03cadea5b81cc648f628d58dea38828cbc189e98182262ba3be4ee86571400d83e3cbf8f40 |
C:\Users\Admin\AppData\Local\Temp\AKoAYgkI.bat
| MD5 | 6b860c66e8c31b0d12acf0cf5f69115e |
| SHA1 | c8f595d24d25e8418c06467533b31794d922206f |
| SHA256 | 22b85a14b44bbd1292e742449810f95c74457992f46fdf5a7b86576f6b154c53 |
| SHA512 | 26418cd0fb98f3aa607151bc5c03882de9b73bd8edc6285227dc8b309244746afa9a8c88c3d2363674b6b8fdf54172748f0f2c39fb22434c4b728800f36c789c |
C:\Users\Admin\AppData\Local\Temp\uwUq.exe
| MD5 | ec8cc6151416723ca27f3c8669ea4231 |
| SHA1 | a3c74dbbf646bf6501e67dd409da52f26d053eb4 |
| SHA256 | 952c6e2b9b78e5dc421c0925e29e697574c6042fd3c183195d563882120fc6f0 |
| SHA512 | 6bfc833bfbaf0fd11259f8c75ad288c949632c8e424569989f08999173eed86474f85d8850df5cf71cddacf3a4e19fdca5ddf04fed466246c59664ec9cd406bb |
C:\Users\Admin\AppData\Local\Temp\WgEwUwQo.bat
| MD5 | 410891afd81bb9604d58e2fa5e338a91 |
| SHA1 | f4bcf0b8cae798f7e846b8d11e8de24156683004 |
| SHA256 | cc6c7b74705bb96eb93a55521790b8a1c54954bcb37a0fb6a69c0f4e32797eec |
| SHA512 | 7114d31b58a9b7b54e4e2ca45ce6206af749292ce185912ad67d59e7d5cd9e9e8fb8cbd87f4eea7d248149e3dccbee0ff4697bac875a610c254422fc984af364 |
C:\Users\Admin\AppData\Local\Temp\ygMu.exe
| MD5 | ff2499ede227b06d07164709c64baf64 |
| SHA1 | a4304aff124e5d4ad902c59c5f1e9c43674cd65d |
| SHA256 | fc9ce5c23113806bed997b847817982a2b121549f82f97e933171f6ac17817e6 |
| SHA512 | b390cc763234117ff5aa523e0a3ea7b92c9e2a8518a80346908d4a6fb7809f164f58145a383696e7544aef91cbadee5083d94977af76a654fede09f6b16f87a7 |
C:\Users\Admin\AppData\Local\Temp\CUwA.exe
| MD5 | 6ed857f060622874e0aeb6d3586f7dbb |
| SHA1 | 1120e62393df04f1103f9631d9ff391592f35065 |
| SHA256 | 1f9e757c6a188afc66c13734b2ef464a0a47bfc7b8daf294bdc819d168b9e4a5 |
| SHA512 | 219b4f165d7ef933367933e48227294c9171d6f928b7e853c2901b664db986b6bf70682ca16a771f1cd07b3f2c091e8fa563195f0923db0fcd0a4e67a24061cf |
C:\Users\Admin\AppData\Local\Temp\Ecka.exe
| MD5 | 56a3f257da89de368f55f9b790ebc038 |
| SHA1 | f7a54327d097b6b3b50ca4a003eb17a7e285dadf |
| SHA256 | bcc61a276bb2f97a5073b80e8c0f2f2799bd26f47dd74263ac0b2860ca7e29b1 |
| SHA512 | 4f34e4d0b15bbc4223fa183f35bd21d623b42abdc3423cc0174e2a506b43885360654943b0cda9e71107b349518a7f029fc45b6307b4cb472e4df2b59b97ba0d |
C:\Users\Admin\AppData\Local\Temp\quQAAQwc.bat
| MD5 | 53facb99fa730cf16e3d55a3fde90cae |
| SHA1 | 869cec17d3f7152bb651d6983cc9f964634de11c |
| SHA256 | 81cea0e05b78f768f9b07f41135206b799bbe22d02e199c9c02499eb1d18e56a |
| SHA512 | bf3b95421ad59b7adcafeee8bd82b0ef1b05125a36d6c3c94da23b404892c962e4fd4ad5a698cee0fcddf9def9a124b0dbd6130f558839aae745f150bd1cd786 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp.exe
| MD5 | bdb1fae2ad86ee2ce311b578dc472f57 |
| SHA1 | 06c42ea239711bc79d710a1ab7bf4af9037a14dd |
| SHA256 | 491f062461b90d2dee936b244dfe041b4955985c50b542bce222156ada6aa9b2 |
| SHA512 | d9a793d1374b690f40595332dac77b48b0bf2e44caa67db3385913fe266286cf0be3c0c0334793ac1e18891cd631799b5e1a30acc0ee266e85f05f4335b18988 |
C:\Users\Admin\AppData\Local\Temp\SsYy.exe
| MD5 | c15d36f8961edb7157f18f56671b7a27 |
| SHA1 | b4f2f64bb952a2df2b839bc1eb2414a6cf0aa3d3 |
| SHA256 | 19dbbd97d3b66248f96c71ba304a4a8de1789333c7c1d46f5080c856543331c2 |
| SHA512 | e25b735aeb83787a3dd6d724d8b3411850cea750de7ed43ff694faa19442177c5e89c1775c0cb845e7a0e7a789b250d18e30f201554f88cb79f599dac27a31c0 |
C:\Users\Admin\AppData\Local\Temp\XEgEcgow.bat
| MD5 | 0db8ba1efb6e2573c7fd5d9d591b2d9a |
| SHA1 | 823d5656ce50ea7a58dd34f8e76236802e00cc63 |
| SHA256 | e1f8518bfc73a61155b6aab2c19a7cc9eb383c1ee127974bcac3d0a930721305 |
| SHA512 | afb13deae619a2cde10f2f154c71ac4bc78f2a0fc68678d658208a2a63b7d5e4a1bea3ade5d8a465e1e1e258b1b7b98bc2c055ba42ca517bfde596a5fee522bc |
C:\Users\Admin\AppData\Local\Temp\Agcm.exe
| MD5 | b1e9c29dea658be30cb0a5c848049bbe |
| SHA1 | 0fe547bd259474ad48034003e51237f848dc2007 |
| SHA256 | 6df090f777279677d6b4d6559e6918a6a28ecdcbb31344c24cea7f64b24157ab |
| SHA512 | d7b5fb31551cdff782cc7d384249a57c265f531283569c32ac699421d272bf935106c4ffd8ce12ec5c2586629355a9199283594c903d3cd715bc6f6b24d2944c |
C:\Users\Admin\AppData\Local\Temp\oAcY.exe
| MD5 | 5982b18f9f53e696638afa011401a0c9 |
| SHA1 | 72df3a2d4fa3fdff14eeb6e632f649430382b106 |
| SHA256 | 4689232f51d2d7d54a374ba4d0376254e5ad057ddd3578735e62ca11c209a2c1 |
| SHA512 | 8c38121ef4afcf75fa49401b12bfd7211d768dfa1ade8f9cc9992ff4ba096b9835591ebc8007475526ec2f974703ded151c5b1b02ebab0e496067269884119b0 |
C:\Users\Admin\AppData\Local\Temp\LCsowwUo.bat
| MD5 | 560ff313edc587110e096e95b9667a7b |
| SHA1 | 27711365cb700e4160109651a7ff7b7a9b42e43b |
| SHA256 | d0fc9fe10b064cba4abb9ca2cd9cd349c802b30101d3f8daac008a06789fc0de |
| SHA512 | a8d196909b16c2179be5c69634bc1681391227d8dd23499b1c25e533b31c754c0cc0e632ad2dd0ef083264048ac856bb4e70d25ccfd10e40883ef733c4a793f5 |
C:\Users\Admin\AppData\Local\Temp\KgsK.exe
| MD5 | d96d713be376da044c6784a877e093e5 |
| SHA1 | b01f2b28f9dfe81f825c427bea0cd4ad7996e56e |
| SHA256 | 94f8f6fe9ae53aac04215d18cf50f0456768ed99121ff8afece2f65f296d7e95 |
| SHA512 | 10039647ff902e76395e90484c449eaf20187a097704126e281ce6797c7bb14e8779d08a484b1ce54bae34c677281fc7c7adb6bbfaf963a6e392606615f23c87 |
C:\Users\Admin\AppData\Local\Temp\MQgK.exe
| MD5 | 98e9c24d533ec9190ebc77e349e5894a |
| SHA1 | 56d8878d88f690ae9d5c3cf85a4ee148a666fe1e |
| SHA256 | f6bb456aaa74fa0f7123dee935dbd3dde548933276c56d5a73d087b0024c9acb |
| SHA512 | 7c3e637b57bc153f828a45165d67e4f9bae6bbf61da84d184889f4171985e8d49fc27137cb9c7d36174ebca48c518a5f3be9c1e9a692afdd28e663158c80ae29 |
C:\Users\Admin\AppData\Local\Temp\hoMkUcgY.bat
| MD5 | 166bb28c5b28d1ee6df1110172237d41 |
| SHA1 | 4f8988b05e6a775fc559cfd40e5ef55d79188be5 |
| SHA256 | cd80c26a8e1b6c73ab5929166f19a5b2161890fcaf2efc6eb950df7bcacbab68 |
| SHA512 | 14459bee6be62d4ace7ed9cdf2cf66b35f3bc38441ebf99fab1c3a6322c757199f834b86e317eafe325d3953431e9768adc9ca8665a7850ca3b256a32460d20c |
C:\Users\Admin\AppData\Local\Temp\ygUY.exe
| MD5 | d80495684f7a93c855c4f3bac5b7b6cd |
| SHA1 | 5e3f9042383950f313b4d7b5476dd10eff087725 |
| SHA256 | 788af2f0c68d56915100a21d6117edde71650480f10cb8095c745014adc8d93c |
| SHA512 | 27b39196ac7a084c65aa16acbdfef3728a35b6b76a1963461786d7c9247399a8b863bcb107330cef48151aac550c387f9509930af5b296ee10cfce656ffec32e |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.exe
| MD5 | 9d88f3fb395042a9e39955a6a612e9f9 |
| SHA1 | 51fa33f24f3f620497b02a05f6e816e07d783fea |
| SHA256 | 6bc7f99172606843bf8d2c27f632e84c4afe2bb5b9f7495b51c6b1d82b14a19a |
| SHA512 | f0faf7e2df1ab4e1ed5abf35a1b4ba702f04a9e870b8e62f692139fd1a4999dfbe6b77e8c370fae534d650e147493bc5d293ac9d44c5fbe284e5f6bef76dd2db |
C:\Users\Admin\AppData\Local\Temp\OoMM.exe
| MD5 | 360b80131824b1f235790017b1796b35 |
| SHA1 | 53d3d7b88e0fcf160e4a55a89119d40d4329a9b1 |
| SHA256 | 09ab2bddd1cfaa7aa594b62091d28972362e6baf2ef89044b6ed78b0acfd3425 |
| SHA512 | 6489d1571e1602843a6c7c0be18b0f6e7ad4dc34476f8768e76d3f8ac0ef0c89edde14c07d3acd8db5ebabff907aa259e1d6c5492e93b0bf02ef2009af6cb4fd |
C:\Users\Admin\AppData\Local\Temp\acoE.exe
| MD5 | 65b8d3caa2aae88d810fd912a686bf0f |
| SHA1 | cec48449f417fc9fd4f71fba152cdfad24232d63 |
| SHA256 | 35e91b0695e00faafe05c03e130d0246e0083b1d59b09847e87b686d30d8ef8a |
| SHA512 | 1f538b2e31938f2f87b8c854aa7437e26e0887b3c7612693b3983900b350d95b39f5d5990ecfffab07e7d37202aff865bf4cda00c03ad3b0f573bab66556c60a |
C:\Users\Admin\AppData\Local\Temp\tMAsIksY.bat
| MD5 | b26dc0a5ba536d2cf2c4253f17081f50 |
| SHA1 | eda190855f2ec1dbd816d90e32ae73c11adde344 |
| SHA256 | cb9e5cb3e24680e58a15cf9a4ff994baa79bfd93fe49d7b0454aaa2c19d4ef26 |
| SHA512 | c2cee2f31cb7a87a75d804c1e243f592fef7ffd412ce7b1c5a98f0a421ba1ce6c7af76eb215cad0fa4bb26f54dda1167e31e431bd62b79a88af432e2f5eaa7ab |
C:\Users\Admin\AppData\Local\Temp\Gwcc.exe
| MD5 | b6fd2b0a4b88e6b930fe4ceeac32bd05 |
| SHA1 | 037c71b8cd1f362fa2608e3860eb5dfda661f20c |
| SHA256 | 223f1b4714a6cd2b19bbfac15e39a2794d9cfd1cf5e11f32306851298b6580fc |
| SHA512 | 9d43b42a3fa6cb2185025ae2fa030c705d6ffbe437cb7240606a7ae79440c5f7e3af92357b573488ed94407317468bb09364b10ad133144ffeee750b8a0a0280 |
C:\Users\Admin\AppData\Local\Temp\kgMg.exe
| MD5 | 96aab7118e6f65428f794c72c641e2d8 |
| SHA1 | 3c082a5f23496d738d74cfb5978da57ca586f9e7 |
| SHA256 | cd491b8e8f93d509b01ff5a6ffae59d377842247eb85ae03f96793fe408b3f63 |
| SHA512 | eb6d7db224c9337fc64061e94fac95925eb1a5b7e4e908a7700bf99037f6d5e29d64390d9ba06dc8b6431dbb28e5733b7783ef3269f2c8bc13f60a0b83f9ac15 |
C:\Users\Admin\AppData\Local\Temp\YUcM.exe
| MD5 | cb0a228e7bbd6bd3ee37b6f9ce56b24f |
| SHA1 | f420cda7545ae6ec2979712da0af9adbd7b0fcdd |
| SHA256 | 816780a6ec5b54c4166b952d8b10127e44a3c57c31fc51384fcf7e9da7a09a93 |
| SHA512 | 4531424b7b708991ade7e93f29d7ef382a756fb511f06d17d02ef6614661305f801a7a8a0e6c0bfd7a642ab5013926840f3bd4a47cd97ea6013dfb1880d1ebe6 |
C:\Users\Admin\AppData\Local\Temp\emsYkcYI.bat
| MD5 | 5ad9a4251bee4c4c28165b06c12aff39 |
| SHA1 | acc194c2c659f92a2905bcdb91041cb9e71df03f |
| SHA256 | 57ee87c808a3464dda8f1550328a30730dc26e9e4b0db59304d26dfc30d38d70 |
| SHA512 | 6548c9a8527806735d9cdfc1645a74deb33f17a82911a2812d872a4908d3692dcb06ac63b79ecf3b5eccc359823489fed6f3f85f1736fd3c5059055de5fde913 |
C:\Users\Admin\AppData\Local\Temp\oUEC.exe
| MD5 | bb69f278ba2db6c63b01df8e886c3d8f |
| SHA1 | ccc89e31e7c6ba1a5ca2726c6befc00ed99e8562 |
| SHA256 | 45f3c7aeba35526a13ef9401867d1afca4510a32f481a34fd75557963bac9325 |
| SHA512 | 3da1df77d4f2605178830b5a09e8e7c54fcf299e06e9adc4e0bcdc9da732d11a2f34a2b7b9ae07764a7db250a85242d5582360c9a63d9581dd796dd7dc5b6657 |
C:\Users\Admin\AppData\Local\Temp\MAUg.exe
| MD5 | 7dea70f010e1c3eb2756990a395582d5 |
| SHA1 | 548f461ca1a9f4e8aa44397bf8d194fdaf916910 |
| SHA256 | 99946f8aa7797cd5d3abdd256d6b72863d7fdb00bf0d85783708e0a8aa3ed670 |
| SHA512 | d1aedd2428432ff34de4b5e143adec88201823bccd0c25ecd45091652d7071ae4f01929a440cc41760448ee40e3509c3e3ba2b269c0e580913532e0545b83692 |
C:\Users\Admin\AppData\Local\Temp\GCAgAEEY.bat
| MD5 | 1573f75b0e273238f6c1834c35e3f1ff |
| SHA1 | a226aa80074508698a2c01d037464f1a8537b885 |
| SHA256 | 5742fa916348a79c46bd7e4a011cf027dc6a95da2950f6832028ac7d427ab6c9 |
| SHA512 | 51c42a60132d06ec8147f41928552359284133f01ffcf52d46d84d999b42c27c7c40e34ae2b01bdfd9bd44bd4945ad0ae101f09d607973c9dfe2a0dcaf079455 |
C:\Users\Admin\Desktop\LockDeny.rar.exe
| MD5 | aada4c4c5c322b0d958f38d86060f76f |
| SHA1 | 238146976591f7032e4aee8a6baeba30d2cc5818 |
| SHA256 | 6a2e670864bf245e80eb23a09510301c45adbc827934ebb49f4a61dbf702a1ff |
| SHA512 | fd664187ba4ffda56322057feb930ca872f7620492fc41f1b0b89517676469cdce5029e29f10050e7d570984717c9d4987ace9ae32817bddcb1e2d11d3abdb38 |
C:\Users\Admin\AppData\Local\Temp\wAQO.exe
| MD5 | 5166cff28761821d48663554b2227dfc |
| SHA1 | 4af7fa55c5653fbb3d9c71966ed6b9016f861ae2 |
| SHA256 | 9124b9623e84e4a13ef8ba01367ad71071f5459f2f0b73adb31e7743d962e8f9 |
| SHA512 | 47bb73ac5482bdc1f44e384c75658a0034009f4a279edd2a82f2b895c40d969869aeb187f3879318420c910ef89aafbd11689649e41f40061de93ceccad85963 |
C:\Users\Admin\AppData\Local\Temp\UOIQQIko.bat
| MD5 | fc46fa65dc7cc87b1f74a13efc7bf990 |
| SHA1 | 278c9021deb4530e68c6394ca048117d53cacf33 |
| SHA256 | 419ffdd441920cfb01120414d5eb9ad800549dd1ca2ff589654159d7e69867d4 |
| SHA512 | f309f5429eed192280f7b76c2d36288c8dfc8b42307c6b8e4ccbb97179e205a80cb37081185574068c4cd87c363c77a3da485a49c6bc6c8fe17f3754922ffec2 |
C:\Users\Admin\AppData\Local\Temp\cYEYckEw.bat
| MD5 | 1bcd971939de50313bbb511abb01982c |
| SHA1 | b1dc1de44902d6e692acc85778d9b255f2d7b071 |
| SHA256 | 5705dbd7a94a441d29ff3c6d3398516588ec9778bf7e1b101c41b5e57504930e |
| SHA512 | 98d862cbcf9a009189c5603ec326f7c52c765712cf6e4a4758e81d09b4ac83d1bcda2001b2a5678d424650f0498033ceb2d133e3c14f935d3d5a988c9a7f265c |
C:\Users\Admin\AppData\Local\Temp\KmYEoIko.bat
| MD5 | 7c1c45f6ee94b91490835efeb14188d5 |
| SHA1 | 6c1099d80712b04637af356bdf80e102c88216b7 |
| SHA256 | d61ebefbba42688648598b3f9b918626508a8e46e0acdc1fe5ffa9c045f688c3 |
| SHA512 | a91517038cf4d4c3fbfccc9ddc93461798fbebb7681a50df6443ca8f661c0c1d2cae5d279a96dfb76f867827661e4489994035ea3c9fc1ed20fe41a3c795c45c |
C:\Users\Admin\AppData\Local\Temp\HcUMoYso.bat
| MD5 | 69156a653c26e141a3ca997fa80d8d41 |
| SHA1 | c4fd02c3f16e0f00c6fd145bbb121859b7acc9cf |
| SHA256 | f11f21c04922b4be9365083cf0e070920d859d312f1e183a1eb393b28deee9d1 |
| SHA512 | ad133c90007dd98bf3c23a0008f529de5016a5a91eaf141473665c5ab4bcef3c2c7f50ed2a44721702539bc8a3330c8d87d1f9694954cd7126f98af08c304abc |
C:\Users\Admin\AppData\Local\Temp\vIskwAAE.bat
| MD5 | 587f6054008002d83de1f7109a017d69 |
| SHA1 | 12c72ade8d4503e1634ff2982bbd4731631ca14d |
| SHA256 | 02767bf3054e5194c6bd6b4268593fe852ade28ea5ab1383c367e5a8b2d14130 |
| SHA512 | 420c5f21c9f70c55d78dce64f82d25664e7f3cd64617ce38862fb35c02b58a286646e0f3e4696f07a93cac86c508ce1296d9d3afb6882781558fc7d2e0e15e33 |
C:\Users\Admin\AppData\Local\Temp\HGAoUwIM.bat
| MD5 | abda01f14dda11194dde64d26984d9a8 |
| SHA1 | 7657ec5a1988e6b76c5296c3874a311a2d83a49c |
| SHA256 | fc433c9eda935f6d435b466a3185d739284ebf5b5211518cf0551f457bf61590 |
| SHA512 | 3bb9ef3b6e1088e43fcca72dd2d8ba84dbaf2f18c87081636f2108c3ac2a350ae4754390093511ad04b1d09dc8354a2526d0d0d1c442982ca612e9b997afc445 |
C:\Users\Admin\AppData\Local\Temp\nyoIMgYw.bat
| MD5 | f2304d488844e64cc8303a3603d9d3f3 |
| SHA1 | 8dd6312321dfcae27f6cfe0ac5cabc3d25ded93e |
| SHA256 | c97513e1f3b408b7214bcc8382d4789afa43e0342eb6df7b4a23fcadf7c28cc7 |
| SHA512 | 295133cd4679b98283daa23311be12e7c322e102da1d95b0421c98b793565d61e71e8b11f780e91e1461e797a1b812672d92dda21308d40f87b21eecf5d1406c |
C:\Users\Admin\AppData\Local\Temp\zwYkAEYA.bat
| MD5 | 99f4a260d5395cf7b7910b2a2a506f6d |
| SHA1 | 8000b44be5f396ff21eb4c43c51d515283dec61e |
| SHA256 | ebe76d246fa9971df6c6aae69c85cda096ff37fe8165196aa467ac96f279dbd0 |
| SHA512 | 6f9a44366969a24f5e1b130e2a3994926c7bea54692738ed2340b78a71f010acedda762afbcf360b64006ac88732396707136164f5b99ec5e46fcc762f777a5f |
C:\Users\Admin\AppData\Local\Temp\pAMgAwIY.bat
| MD5 | 3bae971a55134534e01900d36a6dffd2 |
| SHA1 | 8a5a12787880e3bba1d04903a8470adefc3a719a |
| SHA256 | 3ac6dca9576c3505f674b1e9b95cd4b9e64f3f1bd2da775d9c3e6f09f1e88aaa |
| SHA512 | dc9abee3e550a102182c363ff4189ae23fdf9e21362103867b3b12b896f261f412233be3768ed4cbe2138cb45f00889887efb055a6ce20dc211983bfff5a5722 |
C:\Users\Admin\AppData\Local\Temp\FyUowQoY.bat
| MD5 | f70dfd1a413d9c5b2b1839186d183bfe |
| SHA1 | 8e481ab09d3002b2c05cf920aa01feaf3f60ce79 |
| SHA256 | 9735b3c3a2f3d35045a7f8a035660c3011fc06141bdc2c2492cd5e70b5fcca10 |
| SHA512 | cf89682bdc88002747a30277af4e3d53b30b9d6ce732fb53b1157c4a1170f2d0707c59910f2b1da963e5277f302848a20b61071252f65bc8274d4a79c45f479b |
C:\Users\Admin\AppData\Local\Temp\mQEMUwAM.bat
| MD5 | 32905b37a65c1f581c274fefdbd09896 |
| SHA1 | 7383e944daabcdd66aad6987723b11b651f1db3e |
| SHA256 | 9843d9a4a516ed1bd72754e7e04e06225b2a5b96c5326634586b4c25c73da483 |
| SHA512 | 4b25d7f409e6058b6d4266506a40971b96b46cae039346a6879ca43b8ec7d98a83cf5b79ebeee3602630eb3310f18df031647fa5ce6bd9ddb092c28f5d28246f |
C:\Users\Admin\AppData\Local\Temp\aoUw.exe
| MD5 | 9397e18bfd99e880bbf3311036964f19 |
| SHA1 | 01192ccdf70bb048fdca2d28547d75d14633ba08 |
| SHA256 | a981e22020059d6cf05ec10d8d27df2712e784b3b9021a6b72b267881cf221e8 |
| SHA512 | eee061f851ddbc5ec9038d1352d29fc10701aa475162f5ebd8bc7853b3e75561bb40809afd7100192523e684ea0e2f44ecb60962499a53a3c93d22ee78944f6c |
C:\Users\Admin\AppData\Local\Temp\WOYskgMk.bat
| MD5 | b2599a00da5d512a7f3722ad4b8f3bb1 |
| SHA1 | 2e01eb754b2dae281bf40fec716c2da6ef134e4b |
| SHA256 | 579ad3c66fec92779120a979c6d4dc6814e2a1aa8d248e3e2c6f9829cfff0a90 |
| SHA512 | 14440916832d6e06bc4442d4ebcdb995cb3f1a285b79aba7220ca5c90bd5cf1deb3c9eedde7d1a8b733a1103320865464b52c251599efec139b5813f1c08fd24 |
C:\Users\Admin\AppData\Local\Temp\uIgYcssc.bat
| MD5 | 2262d041a9a8321d0be4a6469b3da801 |
| SHA1 | c2c16268065fc77668baeaf161e59c958120494b |
| SHA256 | 358fe81e9dd3b8a4077d9511fef6f4694451ce50cc0977706ba4d0efc1bb07b2 |
| SHA512 | 2931c3c3e7d12741fe3c644f50ab1ad4a436a9dfed3bdec7d410103aacb0c2aafd6a07a0543faf59988e806f936f9184ecf07390e9cd56e0214e29b7c6af7c07 |
C:\Users\Admin\AppData\Local\Temp\mIQs.exe
| MD5 | c31a7ff256c855627783eba9719bf164 |
| SHA1 | 7555a8ebdbb95879d67f7de15fb7e18514635a8c |
| SHA256 | 219e6be0f2bed61b03b13b62fc7ddb392a708da86de3b04e9a4e8a11f4a55f6c |
| SHA512 | 7289f9af9d0f270651012a963bd5d5674e222887651b1ca9a6d1a7673c666148f093d5178ad101ce9887363dc6c8ab45bf1fa25cb36b62600061450af59d2c4f |
C:\Users\Admin\AppData\Local\Temp\akUy.exe
| MD5 | 4fa48feb8e05819c9fcea177ca577572 |
| SHA1 | bdbc710037d522e2208c1aacaf9d1c3dfec9442b |
| SHA256 | 3669ff84365a101435ff01afc3be09093e4c91a2a99591a6907d6ad4a2ec2ee8 |
| SHA512 | 97c1dd7c534657e238507d2c199844c874aea4094b819384d932fcd90fcdf46616d20b962f3b98acde425e512823d970852cb80f8d634e5e30657622464f2368 |
C:\Users\Admin\AppData\Local\Temp\gkMO.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\WYUAQokk.bat
| MD5 | 79190f7af754090f7b2d860057ebd6db |
| SHA1 | 7dbcb2309c7a6036d39c9ed3e88b853cc9aa273b |
| SHA256 | 4833fbe08ecc3bf2bd58586f0542370ebb555822b018f5f226626da7fcf66823 |
| SHA512 | aaee62e4e311fe58cc08cd3f16bbb67975ec72d2f9f59fbf8f69b26191a46733d63c17bf9af5364fb53321d89c723181471bd8dfbcbf8fce2f56589b5fa1854d |
C:\Users\Admin\AppData\Local\Temp\MgAu.exe
| MD5 | 4ce74d660298ac09640218e1a747ab70 |
| SHA1 | 3f30b787633cd6710e20c07cb0a46fdbdaff9715 |
| SHA256 | 43e59474e079b269a4f3c4db714390b91d69cc95be921e5c74cd88c34b921613 |
| SHA512 | 70bd3561e8048c2b2c2ecc7b2dc6fbc32d4fcc2213242045c7a292cfdfa5404fa169fcc5dae88fbe1fe85e00a0570e0df80b42448918bc0fcddbff70bd9fbce8 |
C:\Users\Admin\AppData\Local\Temp\uIYS.exe
| MD5 | 6a671eaccb66610cd3a539d8a55820fe |
| SHA1 | 91ca7d5a3cb819fe62f2db306835fa024bf06126 |
| SHA256 | 6919ce11f07911ec6725567532bb1a42f0762a89c30ba41e0e0ec586349ed9b6 |
| SHA512 | e0f424bb257db832bace50ee49263ce39abd655aa397ea346aa58213f9e93598f85b6be0a39b5230d4db5ed673d5b7a8eaa72dc0071a35f65518c057d8d57e21 |
C:\Users\Admin\AppData\Local\Temp\yAQm.exe
| MD5 | 43e14a8c12e112c038bf1237720e86f9 |
| SHA1 | e4e24e884bfb7caf96f85157169367c1e509ee9e |
| SHA256 | 47ad29abebd19bb4d46f341e518b532b967b179d055da351778d2ebfd37590fe |
| SHA512 | 68cbeee9d4c239bfe93d3384447da4a0fc64951de92f96b9600049be2c0d0ba29fbdffefd37cab25533dc241aa59da095bb7a33f5be848d2ca3dc14d03bd0d8a |
C:\Users\Admin\AppData\Local\Temp\uiosAAYM.bat
| MD5 | 2259ae56c55776a109eae31a6cf4fedc |
| SHA1 | 6faa9663df6e6138a84204a9d9a6245e01e05db1 |
| SHA256 | 39e15270e8fafdb8b9a285938e7dd2d54419e0ad5b18d93051b972563c2a91c9 |
| SHA512 | d48412ca3dd838826101b53c9fb5215e40fc27e4e7420589af6816533b130bb3bf2c52285715df33d64db6454ce9ff78e5a5169f5b7fc1d5b6cc9cb9d3852d1d |
C:\Users\Admin\AppData\Local\Temp\sIgQ.exe
| MD5 | 1f405a7a665f88637924340ba9acbdb2 |
| SHA1 | b09b67e59c0fd581fdba8022475974b17280c34f |
| SHA256 | 24d2c871e41b77a578a983af6d48c2e6e124c38bc9348846ff804b6b280e9dbc |
| SHA512 | 83b3bce5f5fdf2dd62a055c041303f319de1379850af60f7c56260bb90898985c3adcabf4966682145bf55795ab47f8307ef6143b5418b71b217e953c388e69e |
C:\Users\Admin\AppData\Local\Temp\iIwu.exe
| MD5 | 8f9cfd836d80c66c69621d8765ccbb53 |
| SHA1 | 114f1aeeee5691f52b6dd5e1d725997ec7d94d12 |
| SHA256 | 9c15d25169b35d29e63684e5880b4c5a4d7bd432ed10f9160d2eb4e5c0049d1c |
| SHA512 | 141be8d335c99a3450fb65b63e9b33044e2391c7abe065c6fae155b45dc75e4974dfcd053a5ae87b47a773562f788df1f09ae3bce5f5d1f8f8e5723842c4cc62 |
C:\Users\Admin\AppData\Local\Temp\CEUW.exe
| MD5 | 9fd39958c0668a7e57df0c713baaeac0 |
| SHA1 | 5391549223d29374a2a81b92a26dce85b8e86f19 |
| SHA256 | a705c2151f9316650aedb163ec76b615015d6125d6ee2347706d14b81e4bfaf0 |
| SHA512 | 9a20f668e84af27e6d4419e064b05dee525d0b5214122919af6f5614a15bcb76773eb97e730045edd34c6517ce9508424e5d1d5f3019c95ae538c43b40e769ca |
C:\Users\Admin\AppData\Local\Temp\MuAYIokA.bat
| MD5 | cef801266d0c54973dc146c8e71824a4 |
| SHA1 | 87ca0dbcf5c0b6d5d6f24816933d61ed26261a16 |
| SHA256 | bd31f01f65118564ce20eb30c05ae6dd3d5d55f30a5567a17f55297677cdcf73 |
| SHA512 | 97c6e4e1ac65c9245d43ac8d1ec240a622c316a5a509da6b7415245dd5e4f7dbcf3e442bcfda6ab6378655813179b873f9d3fd5b2a9c1984208aa1f10ead18d7 |
C:\Users\Admin\AppData\Local\Temp\wMcu.exe
| MD5 | 1d46d3aa593bbb406f9520647d3907f2 |
| SHA1 | efdaa17c836406b105fe8e4d4d13de87fa0152c2 |
| SHA256 | 93a4d8268ef49f281cbc045b37a8b9c0c9c027a171751b5db6a7ce2b14708951 |
| SHA512 | 0ffea1d831175f9b08bd277585802d014f5baf9fd663e3361fceac9cd8c44de706a67df5267ed1567147a72d28e0de0dbc883715a62a66db4db173fcd44b3889 |
C:\Users\Admin\AppData\Local\Temp\mAEo.exe
| MD5 | dee25bcd1f12433541f99d0dff2b2dbf |
| SHA1 | 45aed4f7e0f50a24981d0941e88fa3b0df0620db |
| SHA256 | 08bfc5f5f4749d70d9a0881058af9621e2a3c6cc97301cf1d507cd4ae3c72286 |
| SHA512 | a6df7d9a51ec4b85b1a4337daa10144f487ca806f9f3a11e2d60a17a016c4de8fa6fa6c6cea8c9efc102ba94cb3d2be5b509259a555bf9b0f19286ee83c669b1 |
C:\Users\Admin\AppData\Local\Temp\EoYs.exe
| MD5 | a5a2f7c76906abea9663b41b139a8984 |
| SHA1 | b7b952427535b922c8de329dea10d226ff96df27 |
| SHA256 | e3edb1fe248f60c0df7f0445b408ac0dc194966c17d5a9d1e69f43c88fe532ac |
| SHA512 | a7b0e6e6aaf064ca42ccf317872f121d4a67085ab90da905092f744c3cbf22c0790e6cf65ca8d567f0f5ace50904e674def91a53a5c26b42505aae5ec0709308 |
C:\Users\Admin\AppData\Local\Temp\QKwIgAUQ.bat
| MD5 | 94e62b5877348acd9b502914367e706a |
| SHA1 | 9cc877160f7a96d2dd1254ad29aeb1d2ef75ad86 |
| SHA256 | 0bae6ec5b3dc903b3a9755e272e7c04258a3dbbe9291ade9eba5de9989fb4735 |
| SHA512 | 263d2dd9cacbe5e73b9b0a5277e02df266045c60af78a96dd33422cf96a0e2c81faa8db52f654a625e4ba26f875d629faa88bd0f6bff84cebd44374a3f5315ad |
C:\Users\Admin\AppData\Local\Temp\kEMO.exe
| MD5 | d8267bb05635e7ac803906fa30a19a9a |
| SHA1 | 194ed6303aadf3132215fd9613cb03941a9acc4d |
| SHA256 | 3df22e9536969f6afabe7bf111c737bf697c35c71817d43ab374f1aa5d739fca |
| SHA512 | 2ce771b20820db68e4648167dc9fd77f52d42be6c51632482eddd63660d8c7d5457f5d6ff7215e2a9cbcdc21ee0684ea26ece394c0f3d5e9b1ba3fde3c093361 |
C:\Users\Admin\AppData\Local\Temp\MoEw.exe
| MD5 | 614a63109d7f71df0e187148f49048bb |
| SHA1 | 8fa60c48bf88fb1303103369c5de993bed0da77e |
| SHA256 | 0ccf12e8019664047b1da966db37de094e49476375729bef37064197d37e94cc |
| SHA512 | 6acab22df6adf9fa8d407e3db6974e6bed6c253412fd4be1168a65dd447f9d0aecc51e86dafb8e04d1774e247b5f3926f7b67cacddf0cf68c82f6304809d3ff5 |
C:\Users\Admin\AppData\Local\Temp\FUocIAUo.bat
| MD5 | f8613224d1ee56e68350c3f933ed482f |
| SHA1 | 2dbc42166c57fea06cbadc688d91b1af76f5b1ba |
| SHA256 | 6227c376a2d29cc0c2992084e97e60f66f5cd88193eb4f56d8650a831070994f |
| SHA512 | 726a4121c27fcfa1f39ea0900e1a54b85332fba3a59e264d1ec9a5fecf2e45f43c307d03aab71a598f24d95df89bd103d1a34cf9705e988ed95730176c94144a |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile32.bmp.exe
| MD5 | a8691b2425ef23b514fe014cd8ae6a73 |
| SHA1 | ed376baaa3cf57a3f676a609b168babcfb427269 |
| SHA256 | 10cb63574d02dfbaeff55792a2f1bc06d6435b10783abca27793d47fbb76deed |
| SHA512 | 5b486c5aa6a067bc25eeadfa5d92ea6c968023e45dcb69ea7ffffc89e50460d9270ca490f9e8dba2003df360791ddd682792b285531bd816b7df7a347b0dec09 |
C:\Users\Admin\AppData\Local\Temp\qgoq.exe
| MD5 | 57c6d02e7ac790e3414385bf6705bc1e |
| SHA1 | 957cea3f6afda6338b96efb5a835862f67825eda |
| SHA256 | 4731574fd2527f79d54a69ddcc97665608dab807df49ed0af29339171b7ad130 |
| SHA512 | f689098be68d985f3f9031725c7b9c1c26a36b2276c51252a3386c3428637e62a1b04defe3bb69a3a07eeaaa71d7555fb4d4b58507db9b7dc866569a4cb6659c |
C:\Users\Admin\AppData\Local\Temp\kUUg.exe
| MD5 | 29d37efa826725f80178f7a4b444fba4 |
| SHA1 | 984efedce6d3a8df3093b92362f4101ad866aed4 |
| SHA256 | d264c8541d1822a9488b11534753d7a87525272305ba63f8f905be1db9cf68c7 |
| SHA512 | 8ab4bd7e64ec2b0189553beebec0d543a4b6bdec47734e937f64e21e0a8cf9b9e274732354b2608e9dfcd3e1092cbfbd3941883d0a57005221d18f86ea601794 |
C:\Users\Admin\AppData\Local\Temp\FswUYIcU.bat
| MD5 | 5fc88b99072727502777c4f59e677aa9 |
| SHA1 | 80d9dce392eaf732761eeb09f22aad0aacfd72b5 |
| SHA256 | 15a05f95d9ec8c9896e2b03604ec708d73e938c3b36e666a11a35addc149856b |
| SHA512 | 77f86f838237cc49fd8ef1376b5ec48dbf2f4303075a2760e045902ee26e99bb386dbb32ab1114ee681f7b673e856ec9eade15be846f101dc9107d0554c07586 |
C:\Users\Admin\AppData\Local\Temp\TwAYAoIc.bat
| MD5 | 11a34c0ef1892f1e882de861af71d5f8 |
| SHA1 | a07e7769f1b8be34d546c15a3fc9515441426cbb |
| SHA256 | dbbe41eae02f4f3de54ce5fdac94eca47316c3ee923ad2d20f963cd6b2a8403b |
| SHA512 | 5b657f1a056617eb9bb2d7394197b9581d7f3aa4cc94bc1bd1a9bdac03f63ed9dc68cfd76eec4cce24aa9f102d54a27c16642bbbf0f2b0435158b314d4e4777e |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile24.bmp.exe
| MD5 | 1b5e24fb0714e8ad524f2ff6620ab90a |
| SHA1 | 5eebbf64c2c17c88d61b3890fc6b79c502775213 |
| SHA256 | 30197b3622f5b65cb756ec80ea75969ce574e8362fef8bc32a8a31518d33183b |
| SHA512 | d53eda5567d1713b1cae208db14737ba039d5075d396512c15cc5ca76ebca4f0fa8fc3d43a2284fa3b8dcd5401553a1b16f2aa3f3d3bc9d7c3e331e91d02d103 |
C:\Users\Admin\AppData\Local\Temp\ecAs.exe
| MD5 | 119478caeac45a77b9abd6d5c06018a4 |
| SHA1 | 004495962d54ea9732f59782b37e51f6de1cd722 |
| SHA256 | 132bf6fdb11a6e8d34aa2d97ebce19d5efe0545b308578e11acca892d55a34b1 |
| SHA512 | 75bc0561ea9683d8ad8bb4cb0564599e1213d968e86659ef3e9df19938fe10d810f5bfc438a93f92798005688a8d4f9974f49032990697bb1200bb190ad1864f |
C:\Users\Admin\AppData\Local\Temp\zyMoQIgo.bat
| MD5 | ad725f76bfc5265d28648b1416ef73b8 |
| SHA1 | 5b7b5ac29329cb312c7cc46de313418dc56cee2d |
| SHA256 | 4ed08b01cde64c5b3f59b4891306c99ca89161861372f149641d7f378c28c0b1 |
| SHA512 | 94ddfe2a5546b521688903caf7805d4fc7b3ffd22fcf91f7853ac891378d81980b86a16c70341f467c2ec9f335d76952e89003cea328f090e1861d50a98514d9 |
C:\Users\Admin\AppData\Local\Temp\Ocwo.exe
| MD5 | 50a3a8a9b684893f6b5aaad80ec11d97 |
| SHA1 | 721a5ab95d4c97e5cd3123293a7c8b2e9885ff7a |
| SHA256 | 37538fe466833f3b6d464a2a37edef2063b95dfae3e6ebf4b043228d277f9605 |
| SHA512 | 4cf8b5ba4d19c8df0c0db614f8fd23fd29e1dd60f01e1940fee32251d6461872c30ba183d2f6e70eb2235b552943ce76bcd58e4dde1ce0cc864e565fc5c3b2fb |
C:\Users\Admin\AppData\Local\Temp\rAEckkwM.bat
| MD5 | 0d17d231bd2cbcf99d8b640fd16b7e53 |
| SHA1 | 0376c2a6629440e1c78414a6fe9f1ac04dde2663 |
| SHA256 | 1707c55b3506727ebfa876e11266275f63454593d442fa37406159f11c337aff |
| SHA512 | 577ce9637edf6ab0b20c95e01c159818a7ea6cbc8dbf42fce8f70cc275384437c3b4b8bb43d832b742832e97f086cd144f1ecab3cd557be1beda5b0eb80d08ab |
C:\Users\Admin\AppData\Local\Temp\qsEW.exe
| MD5 | 7be3b1129c6fb4d0c167db2e8030a298 |
| SHA1 | 8459b32794189f705514e79ffdeb597bac4cfb96 |
| SHA256 | c9d42ef744dd3d4220f8fe2ba34d175c929bbd77d864d289fb4f44c4eecf01e3 |
| SHA512 | c2a3669ff73830e3fd8c55f9221a09106f8d2837b7a2f73c798c2f6afebc0c5010c2a0fc14509af676bfb97fcc146b7d43ca7d28b444dabfed338775129bd212 |
C:\Users\Admin\AppData\Local\Temp\WQoO.exe
| MD5 | 3443e67dcc212ac7152065562567fc26 |
| SHA1 | 5d28ca3c9df71ef4987c61539ce741e442dae21a |
| SHA256 | b5fb289c9fea419d6b8427ce951ba7b179996b3b4243e0c1e3d41a0f10079278 |
| SHA512 | 7fbc9dc504def4b91d8af2db14e7f77fe06bccb14d6fc5512ddc42fdf7ce66fc187cfb1bb45bc5391f78416cf2570dd6867f131496f77928979018483bb61793 |
C:\Users\Admin\AppData\Local\Temp\MEIY.exe
| MD5 | 09b1c6741e9c75b1f7ec9d0465dcda5a |
| SHA1 | 15ac4c12b5526832564da71b4e0542013d68872e |
| SHA256 | 89174da6e59e118076fd93f305ffd45b81793b4eef999ac26824f4f3d4e29401 |
| SHA512 | fa75c336dde8f6a29f1bc57b275e6149456475c59f094065f4917afee399f18cc5965dd481ae72eb73c7be926e5dfff2945eb516c57399e29e6f67ae65c66473 |
C:\Users\Admin\AppData\Local\Temp\vQUIUYAE.bat
| MD5 | 3a3a7538e5b9ab1cfe3d8c084770ad20 |
| SHA1 | fb6f82118aed353dfb38fe22a488aea46c85a172 |
| SHA256 | bf0839cdc726fae7dae37575496ce883506921c0e9320b5929b74443433f8902 |
| SHA512 | bf65634d9a493c7d45c1b457d4af4c4424bdfe7c9e97c41f9b76a9daa7a28bf695f2f9453119bb7d0eea5f261b1785ba90bfe409add615280200950b324575b4 |
C:\Users\Admin\AppData\Local\Temp\Mkwq.exe
| MD5 | a54d45e99c99bda11ac9250bce204074 |
| SHA1 | c76adf85e5b1bb503d63f6224bee696fab6753fc |
| SHA256 | 99ae2a02f8f72aa6bdcf4f6769b95924cbdc224e87625c9d67c4704f4bf73166 |
| SHA512 | 134235470de52696870572cc87a3d90936b1f21ff12e38dd05d2480716483fe2e1688da83ae2ad7784f57f9d363c0e0a1167a93352ae3ecdfccc96c44b6bfc4f |
C:\Users\Admin\AppData\Local\Temp\MQQc.exe
| MD5 | 826295dd85b01be25fb3b6ab95fb6989 |
| SHA1 | e34dd4a4994af786e9c7eb8c9f5030a545f7db20 |
| SHA256 | 065cb5fdc84ad84b8c1b87ed30047cd1b916c5418353f7c98540adf5017f3772 |
| SHA512 | 6b14e3f6c5db159bea426551ff0a91ea3dab5abeeb411b41b726129eddd1abdf44d6ea79bc9795d7fb532164dd2f28474593468028fbe6d1575b06bde16b3472 |
C:\Users\Admin\AppData\Local\Temp\KsAowIoA.bat
| MD5 | 540486151b989f5dc9670342bf54b6b2 |
| SHA1 | 47e4a53e8df8fdd351a7e4f0d0d4a4e216a7f53e |
| SHA256 | b06b59419a7cc1ad23e41ee70de74ee6389bf45888d99faf2862679c5adedb20 |
| SHA512 | b92701c739b9c85f0636359a675c145dbfca095ded44d3a71cb2b6a9339ced62a3c9c2e8fdf6a57291228b545c7b608e1e234f5d1fcc1cf0407097417a839889 |
C:\Users\Admin\AppData\Local\Temp\AIcY.exe
| MD5 | 79f3d28a9d5349d6a6b4c91fbee0bf27 |
| SHA1 | be99b0d9ad04e3127bb487d7ed3033a7dd55f720 |
| SHA256 | 0efcda8e17f9450e8e9536e8e5992e80b891ce7ec72956af1cf94e4cfd7d44a7 |
| SHA512 | d75eaaff1dccd2bcba819ef10b33c96244696a3bc932141985b13c4b7fd62f61c7183ad14bd2ebfb8c85b989bc0c2f82e9d4d8ffe342de19c477e86e0e61070a |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exe
| MD5 | f97df07494dd333d2aa982ed0205e552 |
| SHA1 | 39183fe9d4e024f2d96325350055eed2e5772798 |
| SHA256 | 5c9ae4bab3ee3e4b416057829667027d6bbc2e23c7867229dad8c5c5929433cd |
| SHA512 | aa6d528a0052727b23ac09fc388adc8a58a88edfececd4058d784436cc7623c4780deb4f156a0456e22a0c1baa198c15a552470f395766d0c3ee2a96fd864867 |
C:\Users\Admin\AppData\Local\Temp\ooUU.exe
| MD5 | 2db63c08461bf99f277d5a617e1ced89 |
| SHA1 | b489a3d7d0838f53fb78ea5038a18cf00d60250f |
| SHA256 | 7ab1a88dad5bdc3dc7058dcd8370d0ade1bf1e4c7f834a568702b338810ac759 |
| SHA512 | 2704331c5277139b0fb6e09ef8b2784a254eecfcf7bbb31cebaf5bdb4e478456ced2aea56f0263584bab3ba49026c7fce87a844e0bf6187b3480ec9ce5ea706a |
C:\Users\Admin\AppData\Local\Temp\aoca.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
C:\Users\Admin\AppData\Local\Temp\IMww.exe
| MD5 | 73065aad056b31ea83a72cf65b37b8e1 |
| SHA1 | 28226b4a1e12910e8adc4dc28dac4e4f9c17416a |
| SHA256 | 9d9ea6a9eb6a8526758a3476c151f4737fddcdb2baa4164a4f0b6853d84375bc |
| SHA512 | 3f6e9db2ce7723dc453d5f0855af192d9290651e5592f9220768188c9feb285963c1bc152e77635719002ac8b7ceae2005095738ae3f831cf7391abbbfd5ae15 |
C:\Users\Admin\AppData\Local\Temp\WogAsUQM.bat
| MD5 | 383b4eba748c215dc04e8e10a05e51a3 |
| SHA1 | 396548e92bb526947bac4b7089783284f58efedc |
| SHA256 | 5411942aa91789d12bc0131f91f7ef16b6d3a1b508e95e9734004b45e223e96c |
| SHA512 | e6dcd1def55c6f9b4ab4c37a8750213497979e9f93e10936d22090467d4238ac81d9e29c548b3069fcf766a1c72b63341213ccf34503871a8ba7d329ae386766 |
C:\Users\Admin\AppData\Local\Temp\sEMAwwck.bat
| MD5 | 4fcd4cf6493ba09fb0de15c688f4f83b |
| SHA1 | b93cea12b943e7f00e7bb63cea0b1e71071bb72a |
| SHA256 | 01def70f472d199c8755d68c4fd59b4af077c3748b54e009d240dec28bb6e218 |
| SHA512 | 635f4ad1ca90207819274fb99eda882771088889648ca64f9d403191e0ab1a49be306ed9b0ffaaf6e8cbea9168006ccc0482985ce07ed95550b1abbb5fa5d6d0 |
C:\Users\Admin\AppData\Local\Temp\oycsYUks.bat
| MD5 | d289477b84285bddf81591e2823bbde2 |
| SHA1 | 85bdf68bfe719f0247a687587b5ad96c328d331d |
| SHA256 | 73378d79c442b03962ff34ca213765505f6d8f488095cba94211c35527c14258 |
| SHA512 | e1ae79a00e3fb18429820d1f197cc4ab47a2ef9bde9775b78bfd30d35acfc94df98221e550845d3799a9c31c54032477adc89d13491de98bf42ab6a43e54cb0a |
C:\Users\Admin\AppData\Local\Temp\GckQYAQE.bat
| MD5 | 9d827be2f4246eed16b75518cbd1315a |
| SHA1 | 85acf639abdea6f77756b1a23194523f6ca9bc5b |
| SHA256 | 5e79d45e18f52ac956a68ed2a40369061805eaa20c05181db463409dcf99c633 |
| SHA512 | 8157d48e376d248e4b5d0ed3ba426be74bf931f6d758a262fa571943395f64cbf32a9787d2edff72c685a2b01d8a7c8507743121953e285dce98d2c0bd47cc44 |
C:\Users\Admin\AppData\Local\Temp\JoAokgss.bat
| MD5 | ba1c8bd722789d6f83eef2f638c5dda3 |
| SHA1 | 568b71c1faef2bf38d3ed87ca6f81fc16fbf5089 |
| SHA256 | 9c801c9d3cb63f094e1ceb31e626c32e7f944879d57c8e090823f2894f647748 |
| SHA512 | 4803dabf9fdf79336542eabcc54c95c5ed30fb2c6f3dfc0808125ab53f13f08f71fc6342fe2bf95eb9d55950cf3d77fd349900aebe8564ab341e6ec8a3ff63d8 |
C:\Users\Admin\AppData\Local\Temp\ZuEEckok.bat
| MD5 | 143fc62e349586ab8d7c838e757fb3e5 |
| SHA1 | ba7a5b2eabfb6716a2e329c59e026edc8ca5032d |
| SHA256 | 518fcb1a23dac9ae20316b85cef95fc629190d122719daec3ecc318d61fac676 |
| SHA512 | dddc69f22b65f4fbfc779abe37c916d464a7c2be6f9ae65b28fc25d7b6d3bb4b34c4d019696b7427e68e3e8cc8635b815ac7c7de12deb2bcd2911e163f9dfa48 |
C:\Users\Admin\AppData\Local\Temp\FeYgQoAk.bat
| MD5 | 5bdd846fab12eb0dda72ac59313ae5ac |
| SHA1 | c0d46a7ea36a571a94cb7f76f23d6468c6a60f39 |
| SHA256 | d2377512bbac73d5a3639a9ea9011ccc77633038a9bf63b2fe8e9fac344f4096 |
| SHA512 | 17828ea0a3997b7d6b08eff595a1ff6f127cb1fd4d883c5741bb21ca309e30f27edaefb554344b803987a601e4ac7b8dd45c55c5e0da267918c17a2c385fe6a0 |
memory/2560-831-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1692-822-0x0000000000160000-0x000000000019B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ROoAoIUU.bat
| MD5 | 360ec5f3ee1b026db47ce975ae64dba3 |
| SHA1 | fec066f52f2d75019668e3cb843dda8c13471a60 |
| SHA256 | 3d447160764c7023c6cad8ca8f90ad5be8b28c07ac45b4df8669d9f81e47dda6 |
| SHA512 | f3464dc3acc2dc243082da39a7b631a0f4b6b22f32dad5add6246354932bb62b9056fb3050ad75a350141933b7625c4be727bdeb07b782a3069e6968026208e3 |
memory/2124-812-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2560-804-0x0000000000400000-0x000000000043B000-memory.dmp
memory/936-792-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2124-783-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TOMcsskQ.bat
| MD5 | b576b0d0fbf03e0a7615587a69a899bd |
| SHA1 | 6153d3269cf47864466f165f1f6a506170c6e3a8 |
| SHA256 | a8470db8a2e094dbb9fc5906234483d44f21746e4dc3b7b634de6fda4ce2c3b7 |
| SHA512 | e65bfd99b45003d9d5a8115e2fa5a83030a13590c20fa0a5e392cb8db5435100e70c5aea67e4f7fb9b5b2afcf0389c26f1943a2fbcb758347fd5323fd3486cd9 |
memory/1744-773-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\LCcEgwso.bat
| MD5 | 3b6852844b129438c8b9d6cb66ba845f |
| SHA1 | 50bb797e2eafcc746e3494c4de23c45e093a88e1 |
| SHA256 | b8e6f3e6f3ba3e6e18953fce761ea9346dfaeb854c7176b28e74dd7f918338db |
| SHA512 | fd08293642288d032876e20e0bdbc11520bbb853eca97b06603a18876534a9a41ef1ccd8a8132f331425e815810b753eb17f9abc8a5f51dca173f26f9bc26804 |
memory/1352-753-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\aaEMcccU.bat
| MD5 | e99df6e97f598aba5fc648ed4540e935 |
| SHA1 | aca9dd717cf5766e0d7c4cb659cf5fea9d8e981a |
| SHA256 | 109eab7466bfce6d6f50eabc6c4c38bb758f9d90ca63001fa8c30d831c03bf86 |
| SHA512 | 925f5034f2b9baa881568ba972c4477edbf83a3b0bcc90103c125f9e811e6e4c218d268fb14ac3fd27de48f7129c5d389f049f1704be2c6be514c58b640f0ffb |
memory/1700-734-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1268-716-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1388-707-0x0000000000180000-0x00000000001BB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ocoUkoIE.bat
| MD5 | 0a03a7f65b83fc050b549d7e93c18583 |
| SHA1 | 180b2e6f5bf45bc09db7efb2dfe7098cc4d9c7dd |
| SHA256 | ef5bec06ee1b2687a86805e194106dde27f9532b82fec9843df0272ad996b8a2 |
| SHA512 | fdc26595693e4fedc3fc8044f1dcb0093d934ada5d14f9288ed12f72c58528cb9c3ba92822415faa589b40cbceb3e64b09e6b4bcab278cd9b0083a6c536bb6c6 |
memory/2836-697-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1268-696-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1636-695-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\YykIcIgY.bat
| MD5 | bb6c49c6cceb1a0960b17777a69cb2cf |
| SHA1 | 41d8e6094a617f4ee57851546a5ef8773ac92daf |
| SHA256 | dc7f7e6696cb650dbac4f0dda5e5132fc36663c2d0270287df8d8421d5c8068d |
| SHA512 | 503e84b5ca569d821802dd29c94238027c2be00b874d04027b5ca8f18d5b0747feb505866d3fdca0d0195db91999933ce8cbd3c7be967661b748b2c64cc247f7 |
memory/1836-675-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2836-666-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2488-665-0x0000000000300000-0x000000000033B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\UIgQosgM.bat
| MD5 | c03f964af055be53273f7396fc455093 |
| SHA1 | f20657e9acaacd3dcad02f51f1a60ea77e676e9c |
| SHA256 | dd4c5049ae4f7ff972dabd0a6929fda092bc224c582d3340cfa3299a3a217dcc |
| SHA512 | cd4630d95b00ed6403acfb3c5fbc1e5c5d04d0507cc57cc8f8c3186f897f044d6df00072c7c06a1dcab0f6b89fa1658a89a8bcdc83767f756049633a38e61005 |
memory/2040-655-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1300-646-0x0000000000400000-0x0000000000431000-memory.dmp
memory/2600-645-0x0000000000400000-0x0000000000432000-memory.dmp
memory/1836-644-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2852-643-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2380-642-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1948-632-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OYss.exe
| MD5 | b191860cce25f382c066aec0f7ab25f6 |
| SHA1 | 4f88f275abaa5c2b5a60e708d30a0fcfc0b09904 |
| SHA256 | b82abc57e0f1d81704c69dc187a3794d2dc7783f282649b31901961d7d346d3b |
| SHA512 | 5ef52edb389b996e5e59dfdfb25fd870f764af80f2528aba4a741d00a29c587ef6578f6d94a0950bd924fd6d086f59df9a44708f658102262d383dbd2077f364 |
memory/2664-614-0x0000000000360000-0x000000000039B000-memory.dmp
memory/2928-598-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2840-590-0x0000000000260000-0x000000000029B000-memory.dmp
memory/684-578-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2652-568-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nAoIoUkw.bat
| MD5 | 5859008d52e6340a423c2791f68fc05d |
| SHA1 | bfe768a81473d60b2e91e28bfe0721e688d3e975 |
| SHA256 | de3cfa233c9a0d6f52ad5041129948622d2119d8d6a7360eecb15f3f08a47748 |
| SHA512 | 5b92dd6d4a8eaa4a95be86c024b5035cf2e4ec7eecae0250047fb1e4e8d0e64d2039f1df8371ffbb299c1983f8f7b1dc3f7dd80ebdd551c60deb09615af108a3 |
memory/820-558-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\peEwkoog.bat
| MD5 | f932d696015fc1f25e350de4a7393f14 |
| SHA1 | a29e6a4974a8812c50222b66201eff807db29c5b |
| SHA256 | 014f1175e48170aec17d005b3d52c79695759e338decd6f8f9924d00ffc6c451 |
| SHA512 | a0990359e2df81b1c35fc7c1169b63f173752a03342674da1adc5c2eee12e445b36bb619f1e7b21d13c7865640805c1b1e57f1cff2ff13c3a52db890e997ab6f |
memory/1528-539-0x0000000000400000-0x000000000043B000-memory.dmp
memory/820-530-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2316-529-0x0000000000180000-0x00000000001BB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vusUMEoM.bat
| MD5 | 35cc8da365c92e237978c45a9a4d0f0c |
| SHA1 | 734a85acc847553c8e5385195a4f61d1f98c5272 |
| SHA256 | 585912aad0dbf155e6f753685592942b3c5fb6fdeb73cfd007c9041168564870 |
| SHA512 | e5ffac9badada4ab0b10c51ec876ce318fd818fffda5ce37273a9b43cceb040cd77eb336a5adfb44220ad01f352a499034719bfbacd57bf5df9edfb842d6f6bc |
memory/1860-517-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2412-508-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tAAUMsIE.bat
| MD5 | 17af6fd66dc53b3b4f48175f85678bf8 |
| SHA1 | e2d06ff168d627cf77e1923d0a4cf35ab7169f88 |
| SHA256 | 9c5d26e7f7d060f2de47615e23b5cb8dd424ca0746bf7033d7a1d01591b8edad |
| SHA512 | f94bb7147abe138358d6ab6a9f30e72017219ed4cf9f89f2311a4f6b5e1218ffcb7207fc186443004086f6ce31c2472a751e59a2f97b2ff60da6cf3e5309d8e9 |
memory/1140-498-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2296-489-0x0000000000170000-0x00000000001AB000-memory.dmp
memory/556-479-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1140-470-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PygIYkUo.bat
| MD5 | cc0fa48be24d6ef890aff0b7df684561 |
| SHA1 | f3541ff3ead313509c3105508bb230d959ba04d8 |
| SHA256 | eb620ff74811c39fdf278e7fa220c0fdc793baf06083806f03a71af76f48702a |
| SHA512 | 9367769b109042752520e0cebe852b1a52c19a5095fa5ea6c6fef61ab7c9e20ab7d4ae3e79fd77ab47afec6e64089c64771e9ef2aaa4b2daf7225286ec194d4a |
memory/2564-457-0x0000000000400000-0x000000000043B000-memory.dmp
memory/556-448-0x0000000000400000-0x000000000043B000-memory.dmp
memory/768-447-0x00000000001F0000-0x000000000022B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MmgsUwoM.bat
| MD5 | a5cc0f2bbc9058a6dd11904273a3eab5 |
| SHA1 | a9a31746709701b35aaff576060739b538688575 |
| SHA256 | bf85c4004450570d36c84f629dd836a756e32b659d9f4e16ff5254ad4862405e |
| SHA512 | d50f8f83370e31200369813e26fa5b2d5319009783e42e4674ebc4eee9f1eb59cfcc300f634c050bbc6fb51b69f4034f61769403892dfcc29c350035f9e09d3e |
memory/544-431-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2508-423-0x0000000000160000-0x000000000019B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uSEQMAsI.bat
| MD5 | 549d4d696ce56bdcfa1d9595fa26b44a |
| SHA1 | e7d66110a63562e4cdfb134b8c5a38cee8e59b21 |
| SHA256 | 60a39fb56975e64c79b88dd903e33c2e7f979d23f89865f72e4e65274f80f600 |
| SHA512 | 16e72eb0947fbed2f3d67758d9b2475969c34f3a02aa8afec46ee4099c81f3bb8dab9e67d9d1c4b05dd8f7679ad4a327c566898c36daa72e422cb7cd1dcc4f28 |
memory/684-400-0x0000000000440000-0x000000000047B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\wQUkkcAc.bat
| MD5 | 229b02de018748cfa8a6ae964097eb07 |
| SHA1 | 9bc80365a096df1620fb9e7526ee44e9fe7ce4ab |
| SHA256 | 56e85e3a6f5134c3f62fbe64ead25045881c4f80564e643698059d135e11318c |
| SHA512 | d36c287bdff31c03df7336139a7ea79ee79afcd297e4b2aa8383c389a34a777ed897395a4afa07247217e1d868c325ebaf247ae6f3879e1fc08b95a4558df16f |
memory/1772-378-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3008-377-0x0000000000120000-0x000000000015B000-memory.dmp
memory/2144-353-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2816-352-0x00000000001F0000-0x000000000022B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\yIAMgAsw.bat
| MD5 | a87444e96364386118c08c31f87809b6 |
| SHA1 | f31457730890500cc3d8dcb448a5120b0e964e62 |
| SHA256 | 2865bb14a0ccd11dd11b1100677724e1e16dbac1a23068593847fa9d59ffd2b9 |
| SHA512 | 7442616b1ecce62834ddc3e3106a20eab00516e5d05935153db35282d9a0491ca55445b8f58164b62782843ee24664cb133bf71ee9a1b2f61693218e1d34623d |
memory/2700-339-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2096-330-0x0000000000430000-0x000000000046B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WsocMkco.bat
| MD5 | ac7d1a1ba64ed34f1413bd026bfdff64 |
| SHA1 | f2e4f8c09f7927eb8574e8dd568ca7d0c09d1af3 |
| SHA256 | a47f9b8efcb61baf9d808dee2f319578caa5a8be249ff7dd7d2b9745cacc56ef |
| SHA512 | 535d96f9ffc8b492a70c6f5adcc473fe28f509c938873b505a94c045cbee4f9761fdaf454e9208145a055ed0f152cad1d2626cf6508122b36db809d9c544b778 |
memory/2700-309-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2128-308-0x0000000000120000-0x000000000015B000-memory.dmp
memory/316-292-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1688-283-0x0000000000400000-0x000000000043B000-memory.dmp
memory/888-282-0x00000000001A0000-0x00000000001DB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\bAwskwYA.bat
| MD5 | e9f2534c8b491be418c641ed37e488b7 |
| SHA1 | e07838a6340c9a9acb3ee0dbab5457ac30d68a7d |
| SHA256 | 17e3ba860677f718eb2b32546c44711e4f1271d719503d520d1e32c54ead91e1 |
| SHA512 | 5b5eb15f97afcc40e8a2f2b206cfda6ad745ca291404a3dc5c859a0e0f9eac4d3222c7da1633e4a5734144d40b2a1b8bf8aa076db7a06d8c91738841b6c06a20 |
memory/684-269-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1476-259-0x0000000000310000-0x000000000034B000-memory.dmp
memory/3044-246-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\VicIEYwA.bat
| MD5 | 3e257108514a7129f1062d2afb5eb1ff |
| SHA1 | e8f04eb58ca2c836e9ac64db44bf357d5b46a37a |
| SHA256 | 0813defcc2a5fd028d6a5e68070cace0c0813586c3c9b70dedfed3879d551dc8 |
| SHA512 | f23b552279679f127dd9d06c665242bf621512b78cca7b42f50f2ce610c2dd57b352cc39784db9026bb69fe395ac3dcf218bdb3237c38614403786beacf2f2c2 |
memory/2808-223-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vQkIIQoY.bat
| MD5 | 01031e7ea0e13e3a5835351c1656c29c |
| SHA1 | 8794474f9da2c9616e7fe9759dbcaf8b19cfa69d |
| SHA256 | 35a46429a7ad6884c171abb9c8661e94394ba104be66130816a5f4630e2f1643 |
| SHA512 | 3d7b8bd0d0e0e70ff5a50fd059ea3a02093712d1b1a10c083f5a98a4035c7ac5e3c5963f61ccafa9399b6d5153f7b93a014295819c2247ae3ae66a5272e595c6 |
memory/2904-201-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2092-193-0x0000000000160000-0x000000000019B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\deEMwEgY.bat
| MD5 | f0d54334406e8617873869a6b5011eb2 |
| SHA1 | e82f676c7b9a1c35c668fe4392ea69d68d72e3da |
| SHA256 | 5069e6530447a590432dda92968735a78a6fae89b7f60d239601e1b51dcef64c |
| SHA512 | fdaae4f6413d121405315417b902d66ef061ca9694844b847018fa14d07eb6578fc8e09ac373a16727822fc41a335c123338b823d00fabaacffff5225df36697 |
memory/2268-179-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lawMYYgs.bat
| MD5 | 7d8dfcc14eb5721b515de81b8c9dc38c |
| SHA1 | 982c48732b1dcfc658a0c8f50f8dbce3876916d5 |
| SHA256 | fbee475f6614c445d312f8422df25cd617afef50f2e6595d82e50aed507279dc |
| SHA512 | fbb21c51b053f48e13580dcf70a5c4db0eed79361fb76bbfd5fa08ed17cea7b293ba33b14f41057f1da0644fd8d86a86edd24090fa623c92a9c4b661a85389c9 |
memory/888-157-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2268-148-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IoYsUkQU.bat
| MD5 | 462127b6a24cd15c864d82450d4d0666 |
| SHA1 | 093a5dab81cdeef55a17c9ed9d1fb7ccc3f896cf |
| SHA256 | 567c489beff1ff13a4b0ec23feb28eb51f797bbd049c892b0cebc3db940f8bea |
| SHA512 | d59e05c62fea48ed3c8f14cbc661b643d0344c937471433aa2dfd7f751f2160751546ebbd3a301ca4698978a19274d980567ff4cf03f24d83daa9ae0bd26ecf3 |
memory/1708-134-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cgAcsYIU.bat
| MD5 | 324161356b5dc57c371913f77c802de1 |
| SHA1 | 6f17a3f0157f59841fb8820c6f298a56d8a7026d |
| SHA256 | 27c0a8e129825b80d107c7963bd76b5d82d93fff784e7f3d6ebd51ded249b30e |
| SHA512 | 277ef33e229cc43f5c1091feda46d1560089ce1161d76fab7a4b745c9ede745fd39d676801a7ba891a197b5788d84a7fc79042b7b172f0437173af58a0f52c0d |
memory/1964-111-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\sYYgkUIM.bat
| MD5 | 7c2edf74b1d704fa47b2750c711d7191 |
| SHA1 | 0cd2489b7f9a15ca0dbffe68eca5101806bf442f |
| SHA256 | c7863abfc9b92bc55bedd206bc84abe5ecd099675a549297d3744a2a011ddb67 |
| SHA512 | 6fd21acad183f2d04bdb80045f13e7d927e25bf6d491aa3eb1b8579dbeb7ed25231eb7ad49dda63b681045b90158097dd2491e1bc6eab7ad7227d76dc9eda07d |
memory/2992-89-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\yuoIMMAw.bat
| MD5 | a85808a7e1355e62bf97c512541ff547 |
| SHA1 | a4d339c98de91cfc1ad7f89a95a801e61a497914 |
| SHA256 | ff66d5c8e8907eed76b8cc11fcf8620f3f096ae4268e8a45201ef468c4791108 |
| SHA512 | c5c7f869581042af8238bd2b9d1ec93007ce6ba756d3cc3349c1b70472f7bff04576a0de41527213f7b0df0dca189c9510477edc2045d9c49680da42ae4b8e2a |
memory/2440-67-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2992-58-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2648-57-0x0000000000390000-0x00000000003CB000-memory.dmp
memory/2648-56-0x0000000000390000-0x00000000003CB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\eecMwAYc.bat
| MD5 | 76ed3dac7ac22b5577446edf4783ecdd |
| SHA1 | 774c735c89aa45a53de3f8edaf8e48284d10f4d9 |
| SHA256 | b3c9761603ea2e229db932ab8112e4ba2a7358e73741feb1f0332cca31799002 |
| SHA512 | a8e2909d4591ff35672b18c4f8559df3ae26e6294ef483348961e0fe25c2f98487c89c6e009a0e7b7c8f0c6cd668315e80b831245fe4fe27511127171b01a92d |
memory/2016-39-0x0000000000140000-0x000000000017B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\UKAcsAUQ.bat
| MD5 | 2e041a42549e39372df84c936d9fdc25 |
| SHA1 | 5812b6185ab8a20c426f073e20537d24f44c0c5b |
| SHA256 | b01dabb897ded32e4d62640680e3605f6515e0d2fb509c1caad9c74cc087d8d4 |
| SHA512 | 0ea97521f087ae312ca0d89de7ac7cc935a3dfa208dbbd7bc4a0fbff741aac54827edd61ddd4fb8d60839c6874b3ab24376a69161259e44a9e1c0e047e63280c |
memory/2380-21-0x0000000000460000-0x0000000000492000-memory.dmp
memory/2380-16-0x0000000000460000-0x0000000000492000-memory.dmp
memory/2380-10-0x0000000000460000-0x0000000000491000-memory.dmp
memory/2380-5-0x0000000000460000-0x0000000000491000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-20 01:47
Reported
2024-10-20 01:49
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
127s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (78) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation | C:\ProgramData\tUAIgIYI\aaEkAYcg.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\vysAIMoE\xsgQoUEE.exe | N/A |
| N/A | N/A | C:\ProgramData\tUAIgIYI\aaEkAYcg.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xsgQoUEE.exe = "C:\\Users\\Admin\\vysAIMoE\\xsgQoUEE.exe" | C:\Users\Admin\vysAIMoE\xsgQoUEE.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xsgQoUEE.exe = "C:\\Users\\Admin\\vysAIMoE\\xsgQoUEE.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\aaEkAYcg.exe = "C:\\ProgramData\\tUAIgIYI\\aaEkAYcg.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\aaEkAYcg.exe = "C:\\ProgramData\\tUAIgIYI\\aaEkAYcg.exe" | C:\ProgramData\tUAIgIYI\aaEkAYcg.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\ProgramData\tUAIgIYI\aaEkAYcg.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\shell32.dll.exe | C:\ProgramData\tUAIgIYI\aaEkAYcg.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ProgramData\tUAIgIYI\aaEkAYcg.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe"
C:\Users\Admin\vysAIMoE\xsgQoUEE.exe
"C:\Users\Admin\vysAIMoE\xsgQoUEE.exe"
C:\ProgramData\tUAIgIYI\aaEkAYcg.exe
"C:\ProgramData\tUAIgIYI\aaEkAYcg.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AyAgUIQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uiEUkkMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VKUsMgAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BIAsMEQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KAwQkcsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CGMYEQck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WcYAcwQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fesYYAcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XggIMYQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fSgAUIIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NKYcQwAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sYscYEIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oowwYkoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kwkYEgks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UWkAIEUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VsEkcAMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NsQgkwww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hSoYwMUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vuUEsYMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yYAgQMcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gEsQEQQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OUcgwQIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IkcYYwEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BsgIkgwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NkAowEko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HqoMkYgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nEwsIwQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eEswsksA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WwckYQcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MMMIYYEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\luwoIkYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LMMYkAMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XiwsEUsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XGosIgUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gOcUYsAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CAYUsYAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oKgwgUEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YSoowIkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZoEEYEwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZUMoMUok.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TQAwcQMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MKMsYwAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oQIkYgcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\icQAEYEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mAAUwYsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\leMksssY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PCEcEwIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pQoogYIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TcoYcMQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GcMEIcsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\siMYgwEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YKwgcwoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZAcYMAgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XqYwwYAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HWsogAsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vQwMUcAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SeUgcYgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MwoMMgQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ccYkAkUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WKgUskkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JsYIsYks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HoIMQQEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VGEYUQMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TAoYUwME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CWAQUEEw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aAggIIAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mgUUEQQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YYUMoEMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TGQAQAMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JMAAMswU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nAEgsIUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lWUIAAcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MQgcQwMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AAEcUoUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qAUgcMAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PowgcwwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HUYcMoUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fUQYsgYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aKwcUowk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uqQYUQow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UWAwwoAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YKkkYMUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bkkYAUAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\niMEMwYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RgIMsQwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yyEkUMgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AWEgQwkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eooEcUQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xccAIIQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HqgIUoAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BAQQEIws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NmIIIIoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iOAogQAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mggssogU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KyUkQUIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lyAIkYcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VYwoEMUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xYMwYowk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VSsUwIIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EAsMUMwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kckgIsMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sIksIscA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wQkoMQww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vGMEoAAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PKIgIUUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rScAcMsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\umkIYEMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EKsQIwcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CYoIcgYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\awookwgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DacIIAkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pugQQAMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ryYcsQwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gmsUgwso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AsUEkQkI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KEIwEoAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QEswwAUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NWAkoQUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZQkoIMgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JKQgIccc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PQockosc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qewIEAsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ekUEUYUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AyUAAgEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FYUsEQYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hosYAocg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vMkMcUkw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TUgAosgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wuIAYQAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WeIYYkEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MeoEkEkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wMkEQcwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pOQscQMU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TwQQscEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pKMcYIoQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NMgksAsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IKUMskYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CsUcoEcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YOgQUAIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tSocIQsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 172.217.169.14:80 | google.com | tcp |
| GB | 172.217.169.14:80 | google.com | tcp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
memory/4552-0-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\vysAIMoE\xsgQoUEE.exe
| MD5 | 4345475e356fbfa2bc4346940d1a75cb |
| SHA1 | e62bf444099a6ba66bbe2997bb469fe8312a57e5 |
| SHA256 | c97d3c6d442b1806fdb5c3b32348166292c106cc7e8b5447697036a283d027e2 |
| SHA512 | 51f41aecdd1c137d04554bd049e324b1be0e61e68288d14f655bac3955c5e4ae7c5e7ab64369de47514775ef4eb4b7ad1f2bb55830ee10c209db450af46d520b |
memory/4536-10-0x0000000000400000-0x000000000042F000-memory.dmp
memory/1772-15-0x0000000000400000-0x0000000000432000-memory.dmp
C:\ProgramData\tUAIgIYI\aaEkAYcg.exe
| MD5 | a265c608605495df9265b8c7892911bf |
| SHA1 | 8b7351bdd95b06817488d69a2c4b0e25393e7ba6 |
| SHA256 | ed11ad92822b26f7355a12890b95a2e922447f34b1fa2bd09ba9ea9812b4fa66 |
| SHA512 | 424520177b7b97705fb9f76fc4945891f5a4bd7bad66a0574d3ab7a23edc9188a6ef9a31f77c5e80eebd41366c8c256ed663576767aac79014f6db043a1b4ee5 |
memory/4552-19-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3524-20-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AyAgUIQk.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\2024-10-20_287891c31c75c7a8b313b66742f4bb4e_virlock
| MD5 | 8069e690a23c6c533e7209fc672f9b23 |
| SHA1 | 7c4c896dd84d8cf02eac5f74282a18323a0304e3 |
| SHA256 | e7e85353e559a647deb852fe76bcfeb7e0bac16c43ea107f523ca158e36159e0 |
| SHA512 | 6f37198327e617aef5c0a41bf4e4098ef827aa520d98802ab93653bcbdce0646b370104ffc8feb25fece2593762d9bf6943dd6459f97e1356e602a680759044a |
memory/1636-30-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3524-34-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1636-45-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4824-48-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4824-57-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2020-70-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4704-81-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1628-92-0x0000000000400000-0x000000000043B000-memory.dmp
memory/408-105-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4016-116-0x0000000000400000-0x000000000043B000-memory.dmp
memory/844-127-0x0000000000400000-0x000000000043B000-memory.dmp
memory/180-140-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1212-151-0x0000000000400000-0x000000000043B000-memory.dmp
memory/776-162-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3856-170-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2140-183-0x0000000000400000-0x000000000043B000-memory.dmp
memory/760-194-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4652-195-0x0000000000400000-0x000000000043B000-memory.dmp
memory/760-206-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\vysAIMoE\xsgQoUEE.inf
| MD5 | e58b3009a373c25359b8d86c4367a5cf |
| SHA1 | 7b71de036d8ab5d7766469aeb2a5d2033034dfc7 |
| SHA256 | c5294712fb9eafef52a45a4c3e4966e7a91e63f2ff3ef828c157c37175245171 |
| SHA512 | cce0168fc0015cca879af623c4a8efed26c256781c7b145f466e109842942624f2f20929e46ed5195300f167757d60111c4405579b363f36a180f0fb9e697650 |
memory/2528-221-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3256-232-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4964-243-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4556-254-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3960-264-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1852-272-0x0000000000400000-0x000000000043B000-memory.dmp
memory/180-280-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1008-288-0x0000000000400000-0x000000000043B000-memory.dmp
memory/5084-298-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2668-306-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3492-314-0x0000000000400000-0x000000000043B000-memory.dmp
memory/372-322-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3132-332-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4788-333-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4788-342-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4888-341-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4888-350-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3476-360-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2472-368-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3132-376-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1692-381-0x0000000000400000-0x000000000043B000-memory.dmp
memory/60-385-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1692-395-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2496-397-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2496-404-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3576-412-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4768-420-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3524-430-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2160-438-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2328-446-0x0000000000400000-0x000000000043B000-memory.dmp
memory/5068-456-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3160-464-0x0000000000400000-0x000000000043B000-memory.dmp
memory/60-472-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1520-480-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1148-490-0x0000000000400000-0x000000000043B000-memory.dmp
memory/976-498-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4884-506-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1068-514-0x0000000000400000-0x000000000043B000-memory.dmp
memory/468-515-0x0000000000400000-0x000000000043B000-memory.dmp
memory/468-525-0x0000000000400000-0x000000000043B000-memory.dmp
memory/5028-533-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1932-541-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1140-551-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1388-559-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4580-567-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1280-575-0x0000000000400000-0x000000000043B000-memory.dmp
memory/788-584-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3900-593-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4664-601-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2116-609-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4896-619-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1300-627-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1944-635-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1712-641-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4692-644-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1712-654-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1904-662-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3016-670-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1076-678-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ugQc.exe
| MD5 | f29943412fac83aebdf9f14589448f2d |
| SHA1 | f3d57fdd0f911272ee9929124c998c1432d681c7 |
| SHA256 | 642a2a850ff7f9172e40a7399146f08c456583ad11a827c72023e85ace5c1f3c |
| SHA512 | 73853b385c5bad772547ba5ee9bfeae51b5b5444908b8f564931a146e6499d0f40848f95b3ee3f046c8a9e2e3659a8ecf2e2b69de2a14e094f086384b93b31d9 |
memory/4976-702-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ssMo.exe
| MD5 | e6550e4141f439febad1305fc9abec6b |
| SHA1 | e7344546556fbfc1be3ea6dbd03736bb7e00a8b9 |
| SHA256 | 38a0192dbe65d9bcb58e0a68f5e61dd8033a4adcbd68544a77d48f70acda9988 |
| SHA512 | 3f9273c28c50857a6e507fd0abf69069128a53ecc9f14c00c77236e674cd2616acc7ee627e491d3ae325619db8137bc4b5965caaf12b5990ac93be58914cf618 |
C:\Users\Admin\AppData\Local\Temp\kgIa.exe
| MD5 | b22e9f51b4b450c01edae8cd84856668 |
| SHA1 | 71f1c1f6918f4d7b9ce9a5ae41f45729f50d0f28 |
| SHA256 | 1f5729023fb39024bcb67af56fbb2c06cf4ac1be65b0975978360e71575e07a9 |
| SHA512 | 640fdfe2e6e49415f655d17594d702163c818f3cf2e751a0dfaedfb501bb9460856c6bd666d8d12538d1893b98a3a96127a4370873beb06fb4dc1dd2cbb5915b |
C:\Users\Admin\AppData\Local\Temp\yoIk.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\Users\Admin\AppData\Local\Temp\gMwW.exe
| MD5 | c538d4029b471af7a6a0ca49aa4a1568 |
| SHA1 | 50bd9b6e0e0300daca2c1bb1387919e62ad6875b |
| SHA256 | 6d8175f0e4bac16d94315a4d2614e528167b4991698a4607ed6eea079192877b |
| SHA512 | f77d0e866f4566ca3186369abbf53979cc46327dfa835cfa310c22ab3757c164021deac9823bb3d222d246be2d56c20ad07f4eb029eeb2288e1008cd48f70a4d |
memory/4996-762-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uYEM.exe
| MD5 | de288968a0a891cfa56c89c29f6ab601 |
| SHA1 | 2745218ceab474db2a8a69a2354366642e6e9843 |
| SHA256 | fef6fa75b55f1bf82267e24a2497037b541696a5f84810b2dc227f9cb3b88dd6 |
| SHA512 | 30188faaff61205323f3d560d6f386bbe41f0f93ac237c33c98beeedf75cf5aec4fce65c510f7a6a1ff55436dfcb7e38130d1e049bdb175cbac5ebbc526437bf |
C:\Users\Admin\AppData\Local\Temp\swgM.exe
| MD5 | 602058b6479ca2dba8e5afd403ccaac4 |
| SHA1 | 270d6e6811dd4541dec52e0c51877161f190d499 |
| SHA256 | 580c6a7c9f4e3e9ba6ecb4542755a90c175f5e919065a8ca77c776fded69e0a4 |
| SHA512 | b45f4b744631f1e9d25bf6f1e7b718e317d26061f81ddbbf4244e4227c54f770cd7fedbf22b2097aa79ac7774fde5ac84e531e150a2cd2f7b212d2d4eb1e3ef9 |
C:\Users\Admin\AppData\Local\Temp\WUsw.exe
| MD5 | 1b450356803a7fc9186b0f7d2e17e079 |
| SHA1 | b136b4ecddfc45f9fc2fb517ce89d34a5cdaa4a3 |
| SHA256 | 9ee7064a8f78073661ddd77eef6d5ca61e781896efe5c3e161106b52ffa9f454 |
| SHA512 | b5e5f17ff28afb4bd2c7a4d6987db131bc4422bf239b2d3310594e07be115838c55266eaf54db6c09d9f2abdfe705934b4aa39b7fad8d61c10e0a480fbb7b591 |
C:\Users\Admin\AppData\Local\Temp\YEIM.exe
| MD5 | ad892f8828318720cdd884df7d030d27 |
| SHA1 | 9302cf16312a3ab8b9e49bcdb4b0b060ec342d77 |
| SHA256 | 8e64775fd358be352c0d826f866d265e8a92094f969dd05c46d48360408e592d |
| SHA512 | f7496b00e64d4a7a662be4c342344c8d01e9bfade851b153900f8079e106623d650ccdf25b48a478da2345883152100d6e3243008daeeeb547f234a7287098c1 |
C:\Users\Admin\AppData\Local\Temp\aAYw.exe
| MD5 | bf86b114b7981b2081336c1974da3de0 |
| SHA1 | cae9817b10983378c6bb36e47d1b816e963f02f5 |
| SHA256 | 41f6ab4a05e94115b29ec4680309d41fc18e4a932ac8aed5ffa0209ba2a11fb7 |
| SHA512 | e31b2c73abdc2645496cfe8c56d01766d46c9e61b8cad79555df130518533677c58117c034b0e70519632d71467a3173226f5dc32dda3054c5118030e01a08f7 |
memory/3356-818-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3260-831-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Ykws.exe
| MD5 | 1237aa43f1b83458ce11de9943bcbd41 |
| SHA1 | 986d1525deb3d16d981c389ce0e5827cd2a418a7 |
| SHA256 | ebc02dc3eafc5a6ba6a606702117aada81e997a4cbd3bc1a7b6e53dbf91a4699 |
| SHA512 | 8ee6c370e8c4bcdcf5367827b8b702c32af8861d26aa6984956116ab5d71ad430db2fd10bf9b95bef9903d5824cead80c621e1717f489e63212dfb631c3fa35c |
memory/3356-853-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\sEgg.exe
| MD5 | 02d8efab711f9e63fb639d4fcf97aeb0 |
| SHA1 | 17d1586e6b180d297f78b5262b3a4df24037f8ec |
| SHA256 | 0a8e4af611ac6616cf1189e71811c06acc200e69073f286ae0002969ff296b5e |
| SHA512 | e7a9ab1d35af053484cd55c05d83b81f498a2e858e489c61f6937702613b48ba982882e692c85121126b6a05bc358d6489a46f94b259860139d0ec74704ac321 |
memory/4940-870-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ksYi.exe
| MD5 | 408a89fa80155730b8a08d273fa60c17 |
| SHA1 | ac248de793c01ad65fe2300a84bd56da474669b8 |
| SHA256 | 55ff94f6b16bcbf7ac7113da1d69283d1b61114e736c9ad46dd70d7bc8daef17 |
| SHA512 | ca4f4ae9f227a725b0300f92a2bea2e6eb3d2a8b616aa99a3b74f5d48c73088c30b7dcdc4db108f8f170723ee37db88b30400dc511c078e52fb27844f4406458 |
C:\Users\Admin\AppData\Local\Temp\MgQc.exe
| MD5 | e6b15f81f562930a072bed9c4095188c |
| SHA1 | 0acd364432a2ba9931786cc704028907ac66c89b |
| SHA256 | 3b5eebfce71d5f1ed5d4ea9ef0e16a80aea21044664528c81fca9cbe7e63c23c |
| SHA512 | b26cfdbef4843fa2bff68f2ab79986934e706a9fea400792620207aea875125548d4a074f84d24b71d48658d7f3d59d81ba364721164bd42841ce537b07fe0a8 |
C:\Users\Admin\AppData\Local\Temp\acAk.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\WsAE.exe
| MD5 | ae9cca76d47313f2f2dc19488530388f |
| SHA1 | 2461f7ea6f75bc998dc9cf9bde7659695bc673fc |
| SHA256 | 5d3db48d797e236b0f4f8993251d946cf001e47c79ba72eb2e0f074c411dd4a5 |
| SHA512 | e6f90b15b3ea491a2d4f23cf2a4693c1de0eeb513856639f6c50edc5ba12c4ac441b6d87c20bed225f193d71b98d239c6d90ca269c161a3efd128dd4d5ec10f0 |
memory/4940-934-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\iEYw.exe
| MD5 | 4135ca2cf3c5535d00fd97ae5449764c |
| SHA1 | 06c1c05f89b220f552992734476d57b11ceecebd |
| SHA256 | 7a6bb6456cf72f1fe60b1409af0281adfd464cae298e171abce26f1b4b164f1c |
| SHA512 | e48b671a2d7590d07a3cd89f8632658b3f2d5d95397f067b9084698d495e399b44b560794ea29f11890136c48e79bc9d7cfadf32bc0912f60d0c41039335d312 |
C:\Users\Admin\AppData\Local\Temp\gEAO.exe
| MD5 | cf8614485a890b584712e561cf59a08e |
| SHA1 | dda0216836ab1465356de3834aa762249c25c13d |
| SHA256 | 0730d7162a808932ccc7384cd3e93485809a98712687b83b132b245fa058fb2f |
| SHA512 | 50f5a605e61c09dbe2900b001e743c4a54fdd3ce736e0ea9d191d5aa3ac945a6c98b7069375c7943fbceef523fc462d10227957f7e9cd53987820fdf22240f6a |
C:\Users\Admin\AppData\Local\Temp\MIIk.exe
| MD5 | 9307a4e93bdc47f4bfdfaae896529f2b |
| SHA1 | 52f453f62054c10764bd82dec18f4a27aa0edaf7 |
| SHA256 | fc43fba5b359b272ea99914dd913206739d57bec090ee1ac8169057159939160 |
| SHA512 | 48da59f415f1d1e32753144aa826b12dd9d41ba9578f755ae4215ddde8efc72f032bac54882c6108c4510fd72f0042f378fc24764bfab0eaf9501484ceb22b69 |
C:\Users\Admin\AppData\Local\Temp\egcG.exe
| MD5 | 3f447fb955a0d4efaee85beb9767c70e |
| SHA1 | 95998ff91f521c1ca122b9df15babbf893e8943d |
| SHA256 | 3c9f98d5c0a96f7246e65ac8fb7653c3cff91f59112d8fe71a733d4e2b93b2cb |
| SHA512 | 164c76b851578c2bc5b41b2bec93640e84fac1b3ae4c42e76653a6ccf51bdfbfd86041783ad6554daa30d0c13688d1b472ce3fb463fd5b40896febd509eac98a |
C:\Users\Admin\AppData\Local\Temp\YAMU.exe
| MD5 | 8f51cb77c0b275c824135813476370e3 |
| SHA1 | f049d2936ee2b78f0ac76317dcd4e0d58dc84e9d |
| SHA256 | 9e8cc360db13c972c750fa390e82fa2a3e9cc75b5051b253df835e189a969621 |
| SHA512 | e276f2fd2294028bb6137fe54cf9a311afa06a8f5748f28cfdd08041a1ead334b7e0290933c4f61c11737e0d96e22b478b4f6fb06e15fb7012279f6b6863ff09 |
memory/4696-989-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4196-998-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AEcI.exe
| MD5 | ac6bf3518a1fccd4b263560879b44eb3 |
| SHA1 | 5166192a3a7d8cf69a97ae95e284655d470897c3 |
| SHA256 | 5b19e41e5f5079eb51f398323e4a6dcf81320d7498942d4e070ffdb3b2e0b851 |
| SHA512 | 1576847ec94dcf419e019a768e60724e94590e44fc65cb147efafd31460d5d7ec1f808ce3577b9c696472b3ebd9c891bbb405717f49b331a6684c859a60a144f |
C:\Users\Admin\AppData\Local\Temp\MkIc.exe
| MD5 | 951fe6b3e6ab999d66fbf8334da89014 |
| SHA1 | d9ece62226c3928cd298721c9ea5e66226d25479 |
| SHA256 | 0ad2c8573d844d87d817d0c67b3f05a18e445e82a2e15f678d5b96ad986cee66 |
| SHA512 | 31cec02a5bbabb5f20eb5df5987a1b861a3ed953505bfd19b4712f226921cd5d0367562b1e3eafe368d3eeb5124598f5d776fae24170d19bf32c01cf2801ca3b |
memory/4196-1034-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4740-1044-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4536-1049-0x0000000000400000-0x000000000042F000-memory.dmp
memory/1984-1053-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\agQU.exe
| MD5 | 603a658be244f79b8f3e893faedf1677 |
| SHA1 | 8e26d24ba416f4cab0a392281b34b79506f3c74a |
| SHA256 | ae64df2e797571125fed3dd0ac15e7e8b55b61ec8599cc15e0b1f4296d10892e |
| SHA512 | 6bd7f08086ee77a032dcb785a454930cc75bba6d856f1ef0949085e2bb6fcd8a97eb79e08ac813080c0bdc98df31cf03075756d93961c0765297c1fad9eea206 |
C:\Users\Admin\AppData\Local\Temp\akIG.exe
| MD5 | 3ab1313801fb6d4e462c36660477ba20 |
| SHA1 | 0bd55ccbc0f2a7e7ae4b728ea6914c15a7e74210 |
| SHA256 | 9ebb962c9f7db0e1a2c20dd7ef2b5b462bceb382b48637397a0e1135db43536f |
| SHA512 | f9a66950df1ed4474ecfb14ab839f59a799284d44fc2fcbdfa44662a67ba70e28a2272249dc7952830b31ff198e0173a1d4fbd01a525915f292cb41cad2fa9cb |
C:\Users\Admin\AppData\Local\Temp\WogK.exe
| MD5 | 19c8f3876e2a6f411bfa1e8d5adfca28 |
| SHA1 | b325d9eaac6e8cdc6ba494810f84e8bb65549724 |
| SHA256 | e17be5233f7e079e5a94fd2e9452d3e1b84bf60a0745003b2fc81c423a1269cc |
| SHA512 | 8ddd1b69b770ff76e5345b4a6e3ca18b81f978d6473fe4b04199cb8e438b4914def4e9547b9dbc41fa2fdc823b724a103b7b39c9fc054757ac1d83132aa9a989 |
C:\Users\Admin\AppData\Local\Temp\WYQg.exe
| MD5 | e809c729e7103abdfcaf228ec8bb499a |
| SHA1 | c96520625bd689d40ae0bd6cbd3b386710eb776c |
| SHA256 | 7512dd839f68e6370e6e1aea04f3cd765f0ec4f29c76d7ca640095feab7276c6 |
| SHA512 | dd41df1f5b7dd4ddebd60ec780b454094b5173d13649b855998400b18d2146a69396082c8e85b9de1f75e8b2dbf23e5cfae279622e0c908463ea9b46c2054298 |
C:\Users\Admin\AppData\Local\Temp\sgwa.exe
| MD5 | 9f8efbf58066debdb2ea1e8ef54eaf92 |
| SHA1 | ebc8f7f2ae8a10e052d481526b1b01d54ba30bd5 |
| SHA256 | 7f0fa257336e82ef51ac10601c60d7743639ab2ce58ea6a4e8762aff358b4060 |
| SHA512 | 91efd4bd50e4d0a4414c45768cf07902be60d079e8b7212ba87f62ebdb9cf9e20e810df27cd576a5bee03742a181ff230a4877060f5a3dd71ef187f6abb71116 |
C:\Users\Admin\AppData\Local\Temp\Kckc.exe
| MD5 | 10ddafb1532e821ab5d7cabe53ac4c8e |
| SHA1 | 369dba7b627cc035973ef4079b9169a74d0c036f |
| SHA256 | eb2b4d148dad35cc384fd9161310901ca5e898f612c4f45cf188b3e56793b8ec |
| SHA512 | 16a89537650908545c512605f07b14c2d8ff4ea729e575861bc6a942297c2f204561d74bb5db34569ea8618ec8dc9a769bc21b142678e9e6a76df3c19ed64679 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\32.png.exe
| MD5 | e99f09f3155a843bfb31ca5b09b4fc7d |
| SHA1 | ef6000d9ec73d262cf5b2786704cb6e1877490cb |
| SHA256 | 182e25dd88cc7c70f7f12cffe922e9fed8c839a0595694ae4d9f3a596922f64a |
| SHA512 | cfa0ce6b4dfbad4061dd2b33f575e20c822b293b3089512a05e064473ecde748bfbc9df52b0beaccd154aa44a6cf1f580593d3ada175b5f0c5e41df3c626a7c3 |
C:\Users\Admin\AppData\Local\Temp\aAAy.exe
| MD5 | 7f43d02fb4dce146de10921b62f36d04 |
| SHA1 | ff7f5a89ac4e51cd3ab830dcf4d2b2e7e0bfa7e2 |
| SHA256 | 7caa6ec1f62f3eb905c95a68475902ebad8d35b2cdb2a9fc199017657066a52a |
| SHA512 | 2cdde2df9cd747d3c11b169402473b8d1a13536b622c7d534b0496c22e4139115856cf28a779786810d5afc9354b3267ac62e88b1dfc343304628ce41800b8e9 |
C:\Users\Admin\AppData\Local\Temp\UMIG.exe
| MD5 | c158b43b352a4dbe19608054f31af68e |
| SHA1 | 6548594b97c418b042bc2ceaa036bc77458e2228 |
| SHA256 | dd271c0163cee27b980be089ca5ec84e2fde13b8f2a4bfe5c877b16410dd1242 |
| SHA512 | e80d6e1eaf4f15defaba359efe386ddf04b6afe1cafa47789ad63c07184654a43e6068f47cf1a497627715f274d5b169c7338f393b7343d70764a92c5e8fdf82 |
C:\Users\Admin\AppData\Local\Temp\MMgs.exe
| MD5 | 77057532f4e02c51ce14a5dc8d6889f8 |
| SHA1 | 935ba53d808086e72c0a56ee26eaab337510f575 |
| SHA256 | fdf5e4aa820eb30026b7a0c183dc79ddd253ce8f2c4d84d7a8371c5c836f3049 |
| SHA512 | 4ace8534af761f1042d5a432d512b3aea98f9f947d856efb69bd14c7f90747a41f0dccd04a0b5103c1c87f85e307b4d0b7e507925f4f4fb67e6fd6aba04d1e79 |
C:\Users\Admin\AppData\Local\Temp\gwAC.exe
| MD5 | e268fee10e769e1ad844ea7a30bcfea8 |
| SHA1 | 3a09769f30f0f4538af2d60dfb8a1fdb1868cbf5 |
| SHA256 | 2bbaf537cc939c9b54881092812e2370bb74634cb02c00e9da5684fa0c1f57b3 |
| SHA512 | a09cbf7f6dcdf5d28e642b6d6cabdc9441d3194c6984b8c93e145f5c8a0ce053b3626201bfebd5ed64f109f038596cfa7f3fbbe60e55a7607534f3f3f38ca7d7 |
C:\Users\Admin\AppData\Local\Temp\gUQW.exe
| MD5 | 3ddb10161c7e2846b6b66ec242e9b715 |
| SHA1 | a0da3c4ab5dbc1c6b7cd0bce6593fb8f82b96c69 |
| SHA256 | 008cbdf7ddfccf3e3dd122607f912bbb3cc5ebf1006d3f206b58a638b03e2a41 |
| SHA512 | 3a3096a907b1bf14830a4f4f80d75acc9abec85b6a36b00add78a31695b157924e971ff3edd0171fd5138328a6be23f90102d8567e76d2fb57e28d6b9bcab046 |
C:\Users\Admin\AppData\Local\Temp\egQQ.exe
| MD5 | 78e389933047fea95c8a49ec17cdbc6b |
| SHA1 | 905adefa58fb0c013760fa0622b57cda3f4e451f |
| SHA256 | 9fd045683c3d5e80b3ae0e3da0aa49ea41053c89be759617bc39f52d39fc45dc |
| SHA512 | 810674b09d095d1c568526add4dde59392c2a3397ce77197985e2c9d3d32ad545aa47cc66ca442167b9bf9bda2ef626a98b4f63727c7e5e1635d955688b52e69 |
C:\Users\Admin\AppData\Local\Temp\kwAC.exe
| MD5 | 8c2d764ef7a63c1b2ffb468216f76e1c |
| SHA1 | 41c6372bafa66ffa872a8da25a6475894f340ebc |
| SHA256 | d6bd096af405942126d5caf0316ec8142d7ce93360f3be130a35751a9749f899 |
| SHA512 | c3ab8396007ff95e697261271367e9def5d2ed06a8e0601ede4775f87926ab18436d915023e231213828c63a104e5da9861702238785383471f678a2a927e7b6 |
C:\Users\Admin\AppData\Local\Temp\GoIK.exe
| MD5 | 03fef2d1262519355d4d525ad702f071 |
| SHA1 | aea71b52e5ca0efec9a34da66d5156c57404465d |
| SHA256 | 85394a5f308ee8fbf84566a9729edc7c45707d0eb7cdc930eadc330ebb6d52c3 |
| SHA512 | 00d745dc209dc527b074d26a154263ce98ee341ddca39f0902b646918c6c8f027c3f886793762e720eb68450bbc178d174f61e50c4fd2d5d1ca624991c2ea1cd |
C:\Users\Admin\AppData\Local\Temp\UQMW.exe
| MD5 | a43b7473a525e899304a7d0831eebada |
| SHA1 | 2bbaecf970389f7a6fe823c83c312edfe49fc6d8 |
| SHA256 | e5085bcc53897683f4a6156e645d35630291c6ae4ed375337285ec92bba9d277 |
| SHA512 | d5cf20cd884849ddf44d50b46e4e8c46a9285593fe038477c7f41815cdb4ee23711d845b6e16ca846ed48f373c9a3627c3283d6083b7eaa5cbea8ba6f9333124 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\128.png.exe
| MD5 | 5fc862be46ce302eb01189ec44630ccf |
| SHA1 | 791b920cc120dd33a835f4efa3501304de85852b |
| SHA256 | fb8d8018818b42f28821963f2702ce3e03519d9e0621f0b252cc8a29ace5f7ae |
| SHA512 | d0de12ad713ff11a0fa791d916919786e8db120e5e64f621d8d1ca44a51554472af1f139d420764336d1a277897a86453ab740768217fe97aea2e1ab88ad3be5 |
C:\Users\Admin\AppData\Local\Temp\IEsK.exe
| MD5 | cfdc812aa5f8e79d226f8d92143858f3 |
| SHA1 | 57bceb4a9066f11fe2c3c19971588ef34216d619 |
| SHA256 | bef79a0f55dba3293edd2a32724ca94947b3db2bac32b1bd5d6c62d61a6459cb |
| SHA512 | fb30189d9eddba4cb491ed783ca3e7f995ba0d6664c008525a8469c96941f29dda263b72ba12da67b82a5289cb6eda87bf45ffb81248d78229ec0bea1a9ab8fe |
C:\Users\Admin\AppData\Local\Temp\WIUK.exe
| MD5 | 4b68772e495f4761babcd23cf3d0f97f |
| SHA1 | 46f89488fc96e633aa8c3252c3b3838cbf1577f1 |
| SHA256 | 6eb85b6c9f39f24f925c922d69716936f2a641db357d78d9df0db6a3fb2cb5f0 |
| SHA512 | 9ae7a812437af07d67da0ab4a4e647b2e1d7216b578a8ba7c29fa9d2c5acfd9e635ab9c5f7bbe88f279b3e5e80a6dc1e1d482525920b7447dfe2bf1984308eb2 |
C:\Users\Admin\AppData\Local\Temp\EksU.exe
| MD5 | c0bc7990b0de1c1fd2897e43e57c42bc |
| SHA1 | 5c7d0963294e1af934577453e3bec4999885ff61 |
| SHA256 | 77e979ae7ddf81b55fa9f11db403aa838b91b71a7f1746fa8384e9aa2331613c |
| SHA512 | d659e40f493ce6b56770306c181b9ded9bb8d385fc65f2fd7451ef4da24adb3d5653ead7d3e86d92b73a2bffdb9eb3f30ec8d6cf4c4c5e3202006fafb7fbc602 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\192.png.exe
| MD5 | 323aef5f86a0e3f2fddfabece095f604 |
| SHA1 | c6e73c1b2842de5e5592f03950f0f9251f0f694d |
| SHA256 | c04fcd98542c87202e9d33f4b6b95428cdd90e01fb1fb2b0f45b9a1937c605ca |
| SHA512 | ca77ef3ffd744ba0732d7e84439e2b59189763fde65df3502a9df9f5dcee5e038583d89ebce8117db42e41dfdfdd8405fd669334db4d1629c3e148ddb61cc65c |
C:\Users\Admin\AppData\Local\Temp\MYkM.exe
| MD5 | 42f86e74f370e1b145b27553a5a11924 |
| SHA1 | 5051d12e6096e4885da7fb5ec8e355f293b2d2fd |
| SHA256 | c5ac3da180dd4f69248357e62e7b82ee9785471c4e46906dbc55244055487475 |
| SHA512 | f8e30cfc68df57a2bcd8fd76f97e1d59d541ad16b4567db20af4cb19d115a3659c1bafcac760355b3d38f21b7b50c36eb60fc8dea8a711ecfc6973cb7fc66009 |
C:\Users\Admin\AppData\Local\Temp\cYIW.exe
| MD5 | 160d86e2bc63aefe9a50768de41c2d3f |
| SHA1 | 1e4684b9af3e8caae7db9306f42506cb9030e335 |
| SHA256 | ddf2f3e9fdbffbdce6f6b95482e5672a7ce9fe028dc4e7e90f3eebac2b880862 |
| SHA512 | 4202f4a46fcdeda11286bb9eb184e48ba533b193d32259d3e835e130bddecef3743a71e039f784aca3ed394ec90c4ec01561c7d98fdc36a633fe157b42fe6f4b |
C:\Users\Admin\AppData\Local\Temp\KUcU.exe
| MD5 | 7d6f49f1c76b7911f56cfc62f1442988 |
| SHA1 | 2f95b6514dfbf85a447b9ff70acf45434010c5ab |
| SHA256 | 6d2ebd0e49f32b5fca7b03d2a8993dd8a425b26e2568f1af45ba2839925e1495 |
| SHA512 | f852f5e4735b9d99bf7162ce2ea4a2a5c184b8b68f114d6d695ada83331754f68e31007a9e937ee259e0daff3234fd4a0097d49d1f51ce67ce86a6aaeac61786 |
C:\Users\Admin\AppData\Local\Temp\SMwO.exe
| MD5 | 8cd10bf42a3a428ee908f27a1d9dc94f |
| SHA1 | bccb4ced3379054b46453e3b744b82efa0dc7d25 |
| SHA256 | 206026ab4be30870fc935b72fd3183f88b881fb99305de01292bdad019e2dd13 |
| SHA512 | 2e876196b5daaba3a18afa331e93cc4fb9a398760d23d36cbcabbf1f71c1d103868999a28cc9eb204c24b76c35d76fdc7c9073f36804a68c37e9a31a755b4cfd |
C:\Users\Admin\AppData\Local\Temp\UcwM.exe
| MD5 | e5790a5be329c73fc9ef4dc5edf84095 |
| SHA1 | 6c417f32959616f302cb93be81bba82968c31faf |
| SHA256 | 9d66c3a9b7264f5fc7d1662b854a3b29a54feca6c734e175831e6ae89c8db27e |
| SHA512 | 0172c8fda9f6457fdedaade705ef08878327264bffde35eca5b66b6e0501b26c83dacd6909774ff39ef134a6ab9c6e665ee9b3b845c18550dba38909baf591e0 |
C:\Users\Admin\AppData\Local\Temp\eQAu.exe
| MD5 | bd0a93b3da0726e7150351dad6a382fc |
| SHA1 | 8772c80d94f55703aa9df1d1d5c993cef7ca1504 |
| SHA256 | 85686cf87d9bb7e39a1dd4f7d6e7f217ff603ef3cfead47492e7cb6c94694c96 |
| SHA512 | cd1357455b6c074fe90ce22fa07377fd637cf3e845705ea4494b6c3c830eb2d88eb02334eee60b0708392bf4225a563565129eb46c975e7daa63c206d45a8803 |
C:\Users\Admin\AppData\Local\Temp\mcIe.exe
| MD5 | 69c3618769e7aef37512b4b1cfaad26f |
| SHA1 | b65af4d724373957dfd2428eb699602c8314e822 |
| SHA256 | 4e66078fe92a6d00d7861f0326a31ab337f82bd0d35c144f1e52ce5eb8f112ce |
| SHA512 | 59ebbefb90a77033c9c715f587e4fd55ad46707ff28e2fae2f3bd9e85153b528df400ac706295b616e4277592d2ed39468bd229e3a28bf113f4c3e6a3f47a5e9 |
C:\Users\Admin\AppData\Local\Temp\qYky.exe
| MD5 | a57bbd6c062e84e5309f1fd43a8d001c |
| SHA1 | 8c942c45e10a7b769326d48f1844c4dc2447e0b5 |
| SHA256 | 7bdd5d9ff79e65b2df569a8f1167283198e47216a460a3bfa053002b2f90e4a5 |
| SHA512 | aac4dd1837bc00b23392ff4464391fa51cc3143bcbabfa7ec7bc8b5b3045f12aee30468f3eca8a3e6545ff33a4dc141e243ff90d34d5317a915b1529bbcc4738 |
C:\Users\Admin\AppData\Local\Temp\eEYA.exe
| MD5 | 56a7ea1169e59138f7aa539c76391ec4 |
| SHA1 | 660168f379e2d429c3c17b05e3c12aa3d0b067c1 |
| SHA256 | 11518183a9c5b0e55bfdd9256b20a22cf33e5474220aefb4b8b7e0ebfa400fb8 |
| SHA512 | ef3ffdf92250ccde0766d3663fdaea9b9927976519a992195731648b51a3d021c4e8f86b796e7f3097da796203065e648c621bc5ac6a5767fba951e151d518ed |
C:\Users\Admin\AppData\Local\Temp\iAQM.exe
| MD5 | c8ff07fd57b510d7687c8bd8044087f7 |
| SHA1 | 03cf5998c55a7761c805c0b1b0e0d71b1c5e296d |
| SHA256 | df8f7916c813e7a19f749a70bc123cba252634aef3cc6f2cc2488f076b5fd5f0 |
| SHA512 | 3ffa78f39f0970b326d89fa901b2131fb11cab94de01739cabb97297c3c8a8b7897f1e0cc61fb27503befeb53f9b1be91a04491e6807d2f2847ef66797b22c8c |
C:\Users\Admin\AppData\Local\Temp\aQES.exe
| MD5 | 24357e3f5a32b513ada2806b000b8f77 |
| SHA1 | 057465659ded33c9a705e6b307e4c18b360ddfb5 |
| SHA256 | 0d6c160e6cc30513e2f559b02e8b5fdabce158e79bb2c9e4378606ad90f4d89d |
| SHA512 | b017a5a701bdc3270afbaa7fe826b15e6744e8e470ceb579462f01a705f5f74a8f652a5cfcf5e85e30d3a6afe2d14ff58d46ed7d6ee484304aa98c8bdaf6c27a |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AppErrorWhite.png.exe
| MD5 | e5cfcdeb15262a703cf2c3d40283e748 |
| SHA1 | 01d7bd4d21c6f9ce2c85f4e7544080a2dde64b33 |
| SHA256 | 176b5377f4f1b38a2920725e5c2f892c5f6663843d55fa0c085382d928f11a3b |
| SHA512 | c07e6c2d06933badc6971f345a88360fb86c23e96cab5092386e079f7b48f1154668cc9c26e0395f354bc77c2dcd6de043f5275b5a070270a6c2b3749ece185e |
C:\Users\Admin\AppData\Local\Temp\eIck.exe
| MD5 | 80f3919c9119ff03d82ac5feebc02033 |
| SHA1 | 4703c4838869efc33470edc84f6ef4184233d46e |
| SHA256 | 20b393a85c156623f7ca1cbb0a607422249f13df7b47bf92bb690d9990f4df32 |
| SHA512 | f8080cafe67d62ee1eb4f1020e21f35c87f66ddf09febb40fa07a2b707ab5a11197a21cf42a1fa39d603770aac9f20d4ca0cd2fdacf9a2d5bc8abc60a3964067 |
C:\Users\Admin\AppData\Local\Temp\WowI.exe
| MD5 | 6480fb2f03110f86fee42558f0c48f82 |
| SHA1 | fbeb515e9eee9a688ba67b558f6b5db20df3ee06 |
| SHA256 | 22d2c911a70ca077ff4b85186ddde416fd4601a2a6568f1330a21475eac6c0d2 |
| SHA512 | 4871b0aba296cb2f62a5df8af2df815370450bb5b3b805d34c4e7b81898941c4708c7c0e2fd2e7507c2200a004242ea2cd8a0ae99b4b11e587c3de78170f6996 |
C:\Users\Admin\AppData\Local\Temp\iccq.exe
| MD5 | 075c5d4b27b6ffb61eec63f10bfda82c |
| SHA1 | 1fa14dc84a1b0db3a799697c2b61641a89deaef7 |
| SHA256 | 12508cf1157cd6b6c5e345680b9e78a82a4c058e90179513f818eedfe1442356 |
| SHA512 | aec02c2309d08158985c374b18c636e30c7ca67d6d0827436294b4e75f064c795fca9fc38e73b9a9900ce32b25fad34d594acc0e76cef88c693d2a0897bf7987 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ElevatedAppBlue.png.exe
| MD5 | d8cc130430c30f5450c44acd0b17453b |
| SHA1 | 726fc5379b1877338a7750adc2f2ec0252e13b34 |
| SHA256 | f9c4cf5351d133370d30e917428fe2dc55746a16e28ac347df3c086438b5fe9f |
| SHA512 | 4af2c08dc83aacfe79569f629b294ac4ef6aa42aaa3bc5d56ee48c41df247d11ecba70692e6bc543082a80c660acc557475252752083eb193effcf54361e2ff1 |
C:\Users\Admin\AppData\Local\Temp\cgUk.exe
| MD5 | e1a0671dbcaafde12c25dfa44889ce1e |
| SHA1 | 80fd8d1002cd45b28b85e67a039c84cf385fe1fe |
| SHA256 | aac9b9e5a5abd7446c4f4848c704b5925ef0e7abd880ce3a57799f5563df87fe |
| SHA512 | 35d6662f4614637f315ed33cc758f06ae5fb4d19d7bd67582c19557ea8ed38de410c7489c26edf27e21e7ac19ba8a224dfb9dcef8d880ca0726dedaaa5a149be |
C:\Users\Admin\AppData\Local\Temp\AwgE.exe
| MD5 | 8dc5b2445b93254065676de664052a14 |
| SHA1 | a767e26926eac71875a6a516fbe087d2f6b17466 |
| SHA256 | c78ff77dcd1e076e5062cc86f237d42c03f3543e51aa071d9e8c95acc4a8fa48 |
| SHA512 | 9c00bcfe3337d4cf55b1f35d51b34a8bbbfb407b59370b4a0943d74ac2dea3013ac725bd1cfea456fb8c18f1460c159af22e4ee6bd834266604539f4e68b3365 |
C:\Users\Admin\AppData\Local\Temp\EAwQ.exe
| MD5 | 80d4513b5179de1412343fd07d9ed58f |
| SHA1 | 2a0e2136ed49958183032c66d76e454516e578c0 |
| SHA256 | 55fe291a9f6836eb94a565649e9685cd5948a0e68070024ad22edbddaa00912a |
| SHA512 | b4c657cea9d0268cf02b437c345511ab4b3928f3d470c4673fb591f3062dce514ea8be80fbe7fa0a8813228887d1be66eee3146f4543f7b51531ecf331397fb6 |
C:\Users\Admin\AppData\Local\Temp\gkcC.exe
| MD5 | f9c785acb1a4bc77fafa61ede6c5a6de |
| SHA1 | 480749b713f4d6847886d32b372d31a57a0cadf1 |
| SHA256 | 61b0d4b02aa2f1878fcf99678011679ffa32bd5694e686719b6716c9dc1bac69 |
| SHA512 | 44eee127f097479b79cdd4407a8cf9399f46e64bfee881d455c0da5eeab5689d86567b79933242868a538f0f34271d25f6c5ed72376158e4e6e5663ae7811727 |
C:\Users\Admin\AppData\Local\Temp\wEci.exe
| MD5 | 0cbfe4df0917d4a4a32588a5be39d23e |
| SHA1 | ce4877cfd5fa9bc8105e89ada275f4bff8fb4d75 |
| SHA256 | b953124af2651dbd0c71db689aa9df8946cdc84b795adce6b2b834f5e338531d |
| SHA512 | d66aaa5574854c2224215754f9569eb15d5cc32b1f9d9fec332cef629c03c4a2343b2e0dffd7a9c1510f7b52bb0f010c29ff309f186eaf4998662518b7c2cd88 |
C:\Users\Admin\AppData\Local\Temp\IoQS.exe
| MD5 | 3c96dd903bac05b4a7423d0e4e8dd25a |
| SHA1 | 0d519157457ef573b3aff2fc59788c511c5ddc42 |
| SHA256 | cd9ea54035e635c2c3f1c6168ee1a3b36307b054d59e44ef25162110727aac06 |
| SHA512 | ecc00c6b60a432c2750aaf1b8fca25e2f399d10e66cb9c75b42f596ec67acfc96790565ab3a20cd8dd1deafdaf4e61deb0d6df69daf3c7bf85aca1adae2d6d14 |
C:\Users\Admin\AppData\Local\Temp\GQAq.exe
| MD5 | 5f978042dfa223ca3602403788767bbb |
| SHA1 | d7df4a06836a7e0a5ba05f43d84b36e3975329f3 |
| SHA256 | a54d17f2cea0ecd11c10ada9e2899abf83f898d4a8631f8e6fdd06a089f04f6d |
| SHA512 | 10f37983fa2e38a17bff8656e2fba3096dc1d426bbdbdd6b8545aa8965f151adf17f6e67ff725e1de45d02072fd9f31b7ae955995f8913479f17e5a32fe0ff2d |
C:\Users\Admin\AppData\Local\Temp\wwgy.exe
| MD5 | b82cddd4606e3d13b305eb7faf352306 |
| SHA1 | 71148a376f86a25060db2ddb4c6b78a2470bd923 |
| SHA256 | ee5031ad3a3bcde2750ca815f62d1e91ebccae3ffb079879d66687028d3a495c |
| SHA512 | ed1015b60ca6206c4ba94004847288664eee01144fb7c3d12902d326b82e6c6890ca64a7d885e5695c1162edf2e5a5d8978d2ffe985bfc2fabe63db68b2bd0be |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\QuotaNearing.png.exe
| MD5 | 2588ef553bd7e4cef937fb478b245cbd |
| SHA1 | f6e6388a45d1087f52c5f1e97cd0a014134aacb8 |
| SHA256 | 7278c5c6bce9608d450b42d3cc410c4a1e8ae2983586e1703e728df16ab8e427 |
| SHA512 | 47bf09d0860de7a14defe5b74948602a873a5b38c6e8e7223963c8ff3afb77d97aed163da5a02700fe2287de2f27e3cb9d605e40d0a99618a4359417117630e9 |
C:\Users\Admin\AppData\Local\Temp\wcgu.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Temp\qEwK.exe
| MD5 | ec184c48ab32c39312f70352be027aeb |
| SHA1 | cb3436232d21326b7c8be89deba4f8ff7c07cd67 |
| SHA256 | 271b6a7585affb4cf7bcfc18da5175ab82675d3335ed78c82e49e8f5e521430e |
| SHA512 | 0c96e3e69e1cca2049e69c234cfea91690fb25112944ed00062e5f0321d7c621fb342b32ef11e854d48997fdbee35d700b51f5132e60613421ced3b5f56f2f59 |
C:\Users\Admin\AppData\Local\Temp\osoo.exe
| MD5 | c0103cafffb74707b7a2307c966cd42c |
| SHA1 | 7eae601c76f3260eba6c798a53b2d98ea095587c |
| SHA256 | 9f313fa5da8b2924854967d9a3538524224d64673c6cb5b63fd98af5e953a14b |
| SHA512 | c9fef15c1f8602eb3a0fe9a998c3345fab921fddd57f73b3a8ef720c7165694b665d24c0398ce7fd28dcf41e0aceb3d609676115a5ce253ebad7f4839dac1b0b |
C:\Users\Admin\AppData\Local\Temp\qsQE.exe
| MD5 | d306b004850ba12acd0155b36684505b |
| SHA1 | 42de6f243a51551f8baa3220069859d244996706 |
| SHA256 | ed510712bae6865557069cc2f125328f3c610d4118e5f8d4322475d091148fe5 |
| SHA512 | f4a18f2f0ce160a5de12ad153fd780b7fb0ade608a673bd68a4a31d69c9cc2b7d7402531771c029f5dbf61960803761486d11fa01aa06f00d9868e628e86260f |
C:\Users\Admin\AppData\Local\Temp\GYck.exe
| MD5 | c637e4776ef74c8280df69612221d3b9 |
| SHA1 | fd309b19b511cefeb27c4cba47c8cd2f1ae2a786 |
| SHA256 | 8db4356e0817df6fa2af06ab3878357274996063762e7e4d4f5a3c0485d653cd |
| SHA512 | 74678989714f1c012711e84362f42e46f3ac0893088ed9df19f1840d5d92ede4114d7dda9772d2dd8a807b0a1b7e67def8016c83cd7a9f46c5cc648be61f8169 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-400.png.exe
| MD5 | 10b021d5f8d2e7a0ad87f9ab3d8f9853 |
| SHA1 | cfcae27bb38fc883c4d75db3d80ed93181aeed04 |
| SHA256 | 47bf2d5c3f3d31b21b6d4fc4ea636b346c8995af5a10e44972843019db2c6ed1 |
| SHA512 | 32fd5269443fd1ef27ddccd562f116fc538b575f606a69a5a114f30db219aede946dc81d1e9518c1181d1c12086f5933e3960873dbf67cbf37b95628b9cc7923 |
C:\Users\Admin\AppData\Local\Temp\yAYy.exe
| MD5 | 143dbd27e794bbd5f93e83095d624020 |
| SHA1 | 345ab50320f8b476def921834362061211d221d2 |
| SHA256 | 9f3a6ab7dbb409068fe7ca8524184fb399323cc410d6b2fde911d4ac9e0e271f |
| SHA512 | 1260d7fd93d4b8eb9b20f98a8fba3c8a82d29badfe81adaf9e34186d3a7aa32c5c35576a988a80d31cfd78743c2d5b46be615780565793987d7af4baeb9bf706 |
C:\Users\Admin\AppData\Local\Temp\YAQO.exe
| MD5 | 777611a2162b83949f411e6bd5486f33 |
| SHA1 | 5748c366a73fd6f58b565eacbe55f20098ff7da9 |
| SHA256 | 722240a19030af0c4e44fc06c589c87d0700df13ba0a961910672e2a44a23257 |
| SHA512 | 1afa0f59db6c46df721a0161838ba46fa40ba05f869179cbf3374a3f82b21d9cc90311193e533767be5ec71d43fc5ebd4d73b11d8d993cc89e49ccb259bbc6f3 |
C:\Users\Admin\AppData\Local\Temp\kIYw.exe
| MD5 | 86a864e68b180683a12926c273570c98 |
| SHA1 | 414535763965eadd9ff6d86b6cf9223192bb4123 |
| SHA256 | 9336bc316708a320e2f7078117364463d3fec7cd097efed4f6e637a40bef60f2 |
| SHA512 | ddc8dd46270fcf7b59b5a55c5e2168e35ad93d50b1954f495f989a343b6478b1a63ff00622584ec93dc92ccdd833a23aa5315fafcdb5a6933e6fcea5a62a8aae |
C:\Users\Admin\AppData\Local\Temp\wAws.exe
| MD5 | 42b75633603940b506f3c41678a7a7d6 |
| SHA1 | e81ffe1b8bade3fb67413fbafa0dbaddaf238fcf |
| SHA256 | bd232c938818b65cc95ea7719698a08aee95fb61952cde49fe20fef8849402c3 |
| SHA512 | 5839683fa2e206aa23f9291e9dd4ff163def5284d501fd4baeca41a9523f2304c7ecfe184a11829602e280a3d374220a7ca1a4cd83156df66ce3c8b47f211ffc |
C:\Users\Admin\AppData\Local\Temp\SEca.exe
| MD5 | 0db8709e192c6b89e8abd5f8d659f2b1 |
| SHA1 | 831cc1716a30c28472d3d851f9ded4e84812c5e8 |
| SHA256 | 54a6a1cdd5c22443651c43994045173d3ab2976243a7a9717896695e02268f24 |
| SHA512 | dff33a93078f069d6d11ecd18a472753885ae8f6e4ea8d217ec27b6cba89930b0ef1209b0f25bfb1ff6b5c35512f024c3ab5bb722b27e6d181c04cc0d1bee444 |
C:\Users\Admin\AppData\Local\Temp\GYoI.exe
| MD5 | 23d407e47bd82bb03a1f7c34ad073866 |
| SHA1 | 0149996e8ca487bb740ce8efc89ea272042bb72d |
| SHA256 | b424df4dffac265de2ef9f0fe718f6952bfd3d5313b1d09ff2ab8312b19dcfe3 |
| SHA512 | 26e86624e7e231c8a5b68af1cb82ef4e583c09a3f152a55848dba1ef43812aa80df23d431889445d90b0d24ae54225e588af122a196e79ffc38c18141ae52510 |
C:\Users\Admin\AppData\Local\Temp\QAcW.exe
| MD5 | c1f5b799668439a5cfc27b4b0296a6cc |
| SHA1 | 013075ba2ba5ab85dcc3884eda2678fc09d8986d |
| SHA256 | eabaa36bb583f8f69e5a67bc66900fcd78ad504e7e2c56ae3c102681ecf5e6f9 |
| SHA512 | ef5e0a4c27bd4d70cb28f405be24d966ef860ecfcaa70c15ea4680c0ddddd1a890f6cea7a65066e969f44ce754cb74774111bf292ca8c7e1b6678adafde0bca3 |
C:\Users\Admin\AppData\Local\Temp\iMUm.exe
| MD5 | dcea40688a5e4e1948bd8beb4045115a |
| SHA1 | e1e9e689e8c5e06adde7dc2b412aaf5bc1f13c26 |
| SHA256 | 11df1956efa06a928935914a8c5dacc2058227ed293f5455dc95c57a35c6c078 |
| SHA512 | a97b98554d46cac1957ed562d0cc092aca2cbdb7cb3a17cc4909ffea18a1f55a18b0add98e4bfc5465a3433f92a69fbe66186f125a10fbf289f8dfde353f46fd |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\6501008900\squaretile.png.exe
| MD5 | 9edc838ce66f8993f31199699bf395d1 |
| SHA1 | 4522159b44f551b9f66d6e5195e35aac325041d9 |
| SHA256 | 3954dc15606580913c26cfd8ceb3bbf51c7a3d26d2e7bc4c365ad06b47bffdcb |
| SHA512 | 9c660dc295fc759a66674f2e6a2825b78e783d91d1d9bb26b1980aecec7c291ae8cb9d5a29b83b2ba6f9aeffa79b163bef0fb6466d546aa3b2337e2fe619365b |
C:\Users\Admin\AppData\Local\Temp\kUck.exe
| MD5 | 8c89a9fd71da4decd4804fd0f949addf |
| SHA1 | 41034f769c631337579bb893244449958225f0a8 |
| SHA256 | acca28d910e4f4a550d373d9ca716a7c90452da9f65dffa401d82aaaa4424db7 |
| SHA512 | d8f7f0e83ccbe42a80a840f6e9368b1a9775dd1997df1f1bb7ff0b91be80c2f1405d9a6edb06c5e22a65b1663ae0edbb537ce6ace9588f07c0384f8d795df1ce |
C:\Users\Admin\AppData\Local\Temp\gYYe.exe
| MD5 | de7838ca3f6d40fdd31f2d21cfb2e86a |
| SHA1 | 1c724cd68d0dd8763d150d00df87a6527e7b5dc7 |
| SHA256 | eeaf7a64d7642b93401a54109f111802ba082ccba3419d25eb71e3a3fe7aaceb |
| SHA512 | 1b22cc30db1ce1ff6774d42046b47de9d15813a84d681712c423763c2bed315555058b292f27fe49fed37afff2d59440be4899f7a25004c686c7b92a2bebf39c |
C:\Users\Admin\AppData\Local\Temp\eYEw.exe
| MD5 | 4908867e91061d17879fd304d159aa9a |
| SHA1 | b1a29bda9f0e9f4b3f279bf8ccd004c41ae95a04 |
| SHA256 | 8d71a72604c52a82fe7ac4550676bbb9bc2371ce9a969c9441c7af36c2417a5a |
| SHA512 | 4dbfc14ee4d16f00571a734da17fbf5b9adc4b6217e83d1da1777afe8214e86901cbc3a2031d82a5351fceafa6ed34c0d4a6750bd63758d3f79bea9035db74ad |
C:\Users\Admin\AppData\Local\Temp\EAEC.exe
| MD5 | 0f9f2f18b83088c3e1b7199af6cb70a6 |
| SHA1 | 8f54da175de4b35037e461e77f1b745b7c9943fb |
| SHA256 | 5e9c14ee1831ae74e28625e19853c45e3d3f6a048cbee99c9def47975613b9e6 |
| SHA512 | ba304e806dd1c8d7fb96343cfb356b53620112e12e7ed2c37e5d643dd638b4fb819599b645f748fae6bb5c3738433c5fb142b380f1fe9a033c01b5b44b036ef6 |
C:\Users\Admin\AppData\Local\Temp\awck.exe
| MD5 | 0a9379ee825733b2e492c55af2bb29e7 |
| SHA1 | a2c6a92bae8bab4b87e19fb374f6d6fb9a0ffcca |
| SHA256 | c5c5c1e2b1ea4752b3bcd04c419b5a76a6ef051a3bb4e7ef26674a269fc9cac2 |
| SHA512 | 60001374ccc970bc6295a9063f3b9a5a38c001e58251c275615e4bc890435388fc740c29d933e9c73ec427980baf17ceedfc12a267c98ea73e69ec231c233daf |
C:\Users\Admin\AppData\Local\Temp\sMcg.exe
| MD5 | ff05ba766adbb51efa802b51f54ea3de |
| SHA1 | 2dfd0480591148e9eda1e230e5816351226222a4 |
| SHA256 | 54b449817f98f9a8300db9b79e445fc00123c7fed73e5cf1b88abac42a8f2c74 |
| SHA512 | 249ed5c9e34e506cc2ceee03b8d71893536e07501dc28a50ee159eb6f53b04f58b2ed01df21706bc1d74f112f919106bef48bb4cdb07724f89b9c7198eadf212 |
C:\Users\Admin\AppData\Local\Temp\eMwy.exe
| MD5 | b26f51c9b49d6c83fcddb1e4336afbd2 |
| SHA1 | ce3a41ef2a529e318ff312509b04b399f556def1 |
| SHA256 | e6d8389143ef70b468690e24984de0ff6de09570bb291cdd1129db0a58e99291 |
| SHA512 | 25f5c999e8ed414c5930dddaa67c7b8faa5c548c04fd89ae11313a1602e89d9392657a6075367d8308ffab3946b355fc76d38132412d06e9672219a9e9ac602b |
C:\Users\Admin\AppData\Local\Temp\kwoS.exe
| MD5 | 9161b2fbd013fea15bbc281361c5e370 |
| SHA1 | a0c00167bf68b86059def998e9da61191da42b7e |
| SHA256 | ab9419630b885a0b7dd3c88c8f4ab28cd21bc76e765ff2d1ae0614dcc8c51bd6 |
| SHA512 | be08f998b8a458ddb3ae9c9d19ff8cb62652e6238719bc026075be2b0e4fff6ea1ae75a8f24f8b9e8236851cc335fef2a4fe6a8f5a105066a70a852f40b7caba |
C:\Users\Admin\AppData\Local\Temp\GoYA.exe
| MD5 | 413e919bb15acfc4b3c4e9884ea9ea1f |
| SHA1 | a891e2f6aad73cae57adccae8959fdf8a1de15a0 |
| SHA256 | e4f7edd4f413253c0fc5d4da94cb5115e6c9dd3c0a361cd336dca5e2b44a77ef |
| SHA512 | 92f19f3f247f850f0ff446c429904d0eb276315ad4879de11852fc1142bd7f860c72fd017a5adab835365cc4084004976ef615e58ef7a1932fbf1c3ac99ce7dd |
C:\Users\Admin\AppData\Local\Temp\isco.exe
| MD5 | cff818d721a34251086c941d6ba1f5c4 |
| SHA1 | 8d1786c789dc8c933960b9119d68c0470e25dcb1 |
| SHA256 | 7e982e2c4bba2b70e19e328d2110df174218ed6ae59a6ef84be89bf4fedde5a0 |
| SHA512 | ffe2cdb1a12c3516762c2cb67850a5157a063df671c336b1529ef09fd17f0b25c1b43592dde1f8a7a79ceb99fc3d7a138f08eb10b00e02a5dcf15c6e4ab0da5e |
C:\Users\Admin\AppData\Local\Temp\SMIO.exe
| MD5 | cd7f426eb47e0c8538ad0bb78b6ed268 |
| SHA1 | 391d216302fdc7849f0bfa0d4044a9bfb1216fc1 |
| SHA256 | 14f9a3dfaa15f692be2a73dfcc6bb8fe016a3ed0b01917b28ad6e8c8404eb1f7 |
| SHA512 | bb290140d54bcbb2a0991f03f0d0e0336f5fce918debf2b7197baa73d9491b96f18910304293a9bbdc85d423cd4b45a5cf4f86cd7df96cd06e7b3f3cbd5848ba |
C:\Users\Admin\AppData\Local\Temp\wEAu.exe
| MD5 | 54e571c8194a9e3a25b029dc4e02dfd7 |
| SHA1 | 69a8064019ccc981c6f653436a53606304f583d1 |
| SHA256 | 72e53732162cda97f406c197796a286f37c3dfa286e454c448205217fafdc4a2 |
| SHA512 | ed295685107b566955cbe2816b5d0490a011888011f5d0c34ad158590170e7a07b9303c6bfd14e01a833024b61d2d8cdde5f4fb7608893e08b9c55617fad4c60 |
C:\Users\Admin\AppData\Local\Temp\kwwi.exe
| MD5 | 5d5c91774b9cd623ff7ad0e30d7d0189 |
| SHA1 | 2e1d43c6caba8530f7b311c3f3e7718d3129c653 |
| SHA256 | f69af9f0b951b2f3ae39ba18fd731166e600aff99d95b0225a41ee5e1d6dbdb9 |
| SHA512 | b847b785b68d35bed11c87647e44ab0234ab51a07b053c672dc4dcce89fefac2556a346b575d672b044a192d037a520d4eae9b899a2861463ceef1f0bd63ae5a |
C:\Users\Admin\AppData\Local\Temp\AYEe.exe
| MD5 | e2d07002a2aa56d1190b428141235dff |
| SHA1 | 982ec9151aefc8f753f4c6d3cc1cbd2471bfb623 |
| SHA256 | 70fd04a9c3821a7b564d9e48e30bfc7098ed85187b50420da4bb0d0ff6a0d315 |
| SHA512 | a5fbe7574ff056102bc43b6a76785bff6cd03b9288f72a46b108ecbce5b61e48d41d9f41e8bc567ad071d67279ef60a0f3c9a57639c1e16d7858badb3cada665 |
C:\Users\Admin\AppData\Local\Temp\kYEe.exe
| MD5 | 6e3f301d027e190ed058be785cf2215c |
| SHA1 | 335d8b489063f42322da140a2c3fedfb92cae45b |
| SHA256 | c9c4cf8bbd3695ffa2f1e00f7066eaa1e1c4d44600aeb54461eba588706b0892 |
| SHA512 | 96dd48bd7ff6be1906119c7ee47d371affa25080ae3cff44559b9acc31bee394cce2a19feab615ca60dacec3365fb6b9285cebd3dd9a10ca4260bf6cc910acd1 |
C:\Users\Admin\Pictures\WriteUse.bmp.exe
| MD5 | a8b0523daccdd691594d118d9ec491de |
| SHA1 | c2b09a09a2a7174618d08b6dd99788c7fe4d435d |
| SHA256 | dbdb52d746f35c6873422b349befcf198cb0051ba653ba6d47bf7b085341b345 |
| SHA512 | 34f077df6f25ee43e699f6ff16fcaa4e0c123e6d6ab8df333fcf20ca758286e9261d942b2dcf73e16c92f61c58f6e69b84bc59a9f93005050fa220c406742ce9 |
C:\Users\Admin\AppData\Local\Temp\IoUe.exe
| MD5 | 4e41568abd01fb6d396898cf0f5e9d3e |
| SHA1 | 848f3b61b87661678e12c16bceeeccce2ded7264 |
| SHA256 | 18897c96fca555ae2a0cfb7cf1fbf27b9bafa126c31ac7865e00e2aaed0865ce |
| SHA512 | 0390c4a9caa902caba667facf10f1e231a93a25f185fa2efcbbab26136a1db35c2cd08d8dc720db1cb31b325426b18c2fc5df811b33fdb6dc809512927ec0710 |
C:\Users\Admin\AppData\Local\Temp\mEwy.exe
| MD5 | c614478131c33bcb08872b232f8900ff |
| SHA1 | adf05e520ea251c8e7ab16a3ddf0edcdb772071e |
| SHA256 | 906674d6b9cc3b8df6028badcb50f957fdfe1e7cc5c46453870df29cf9655c42 |
| SHA512 | 53acfe1f082e4d5abbf83b1ff04c6f4906ea15251d437375a65a1421a5761e068cd711f429a7de22ca9a3712e41d9e86603d54bebf43f4933360e2b13bf0a663 |
C:\Users\Admin\AppData\Local\Temp\eUMK.exe
| MD5 | f5290ee42d52acbdd1332f27d51f6a67 |
| SHA1 | 0882eccb3ac92694ac528110de0dee90b1d686d1 |
| SHA256 | 7a71abce49de896b626d2d1409b565841944d1a13615aa497fe332c7410d3524 |
| SHA512 | 77a5a401be93e6028a97cb644e60c1a6078b5ff9cbb56aafbdce4a02fd1c89ad0dee9a4c4bcd0510fdd68272135a077295ee44a7d1c432f3e5f05832846aa1d9 |
C:\Users\Admin\AppData\Local\Temp\WQcO.exe
| MD5 | dd4b24c06af63e17dda60c47248dad6d |
| SHA1 | 0c7af4815967d530c099c5fe4902774941fa16db |
| SHA256 | 7f2fce291094d820687902158d071ddf368d0389765a6e7cbd2b5073052e0275 |
| SHA512 | a96df1ffc5ed1baea298cf5b467807346b83b5c831f13ac79b5baaedf1dde035e1fa5fcdab77009c7e41dce6ea74278b6dae52aa7e3d57641dc50e3b9ce88c1e |
C:\Users\Admin\AppData\Local\Temp\sgQo.exe
| MD5 | c2721629c49a0a9e84329d7f3a759b7d |
| SHA1 | e285ebd5283a54823d9161817741a931d850091b |
| SHA256 | 01a4f46f26354f9d70d6ec589ea5ad261bb6c62cf6fce8676439d06444bb5db5 |
| SHA512 | 3b193ac143f81bd6885ce48dc84eaf8b9264a119c01797f310bb6380c9ba1a5abdc1e1d4d5b3a70891a5a8945353831110dc31b4eddd41373124b7259abf55e3 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.exe
| MD5 | 2ff37e2b82685349a300a0eea41a4729 |
| SHA1 | 78dae3eba96e7961716589d517ca9ff8f9bb7cb5 |
| SHA256 | de01244a281983b37dc59e275b2377ad79b28368e2a8ac89e6a7bc4912414406 |
| SHA512 | 77aef14a7de11b9dc7b7f35d7d073cccb01fc23148fa7019f06a6f14ca9d02e3bec81fa6278d27f7ea157d7b5d00edaa775e7c4374a3c0d674c5e0cdf46853eb |