Analysis Overview
SHA256
9e5b495ca615441e41664c15de272de18ba033eb1285f9b374fa28e90e1df353
Threat Level: Known bad
The file 2024-10-20_81ab65298a81d207d0561795301cbc83_virlock was found to be: Known bad.
Malicious Activity Summary
Modifies visibility of file extensions in Explorer
UAC bypass
Renames multiple (88) files with added filename extension
Renames multiple (59) files with added filename extension
Reads user/profile data of web browsers
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Modifies registry key
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-10-20 01:54
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-20 01:54
Reported
2024-10-20 01:57
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
129s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | N/A | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | N/A | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (88) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\lQwMsgog\SCkwYUks.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\lQwMsgog\SCkwYUks.exe | N/A |
| N/A | N/A | C:\ProgramData\vAYUwgkg\XuUAQkIE.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SCkwYUks.exe = "C:\\Users\\Admin\\lQwMsgog\\SCkwYUks.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\XuUAQkIE.exe = "C:\\ProgramData\\vAYUwgkg\\XuUAQkIE.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SCkwYUks.exe = "C:\\Users\\Admin\\lQwMsgog\\SCkwYUks.exe" | C:\Users\Admin\lQwMsgog\SCkwYUks.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\XuUAQkIE.exe = "C:\\ProgramData\\vAYUwgkg\\XuUAQkIE.exe" | C:\ProgramData\vAYUwgkg\XuUAQkIE.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\lQwMsgog\SCkwYUks.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe"
C:\Users\Admin\lQwMsgog\SCkwYUks.exe
"C:\Users\Admin\lQwMsgog\SCkwYUks.exe"
C:\ProgramData\vAYUwgkg\XuUAQkIE.exe
"C:\ProgramData\vAYUwgkg\XuUAQkIE.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YAQgkcgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HKMIkgQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PUYssYAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JyQskEIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oukAkkEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yUYsMkIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oAAIoUwk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TqMcoMMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bkMokQMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lqMgcgog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aMIckUsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iEkgwcsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ueQkUAsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JWIowMAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xuQMcwks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xOgwIUsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\paIkkAsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\icAEUIoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sQYgcEsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WUEAoggQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GYokUQsk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fGAUUUcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jIsEEows.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\POgUsIEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bmsMkAIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EckYkEkY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iYUAEgkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cSwEssIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yeQYwswE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lOEMYgwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\takskEww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hwEwEUwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RkMYoAgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YkwwgMAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\geQQgQAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GYEcYsgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\akAEQcAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xgwMEYUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NyEEMMwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XKcYIAsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lqAIMEQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QEQcYUUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AEkEkkUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EuYwEQwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EOsoQMMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fqcUwckU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RsooIIEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LUMMkYoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cSEYkEcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YoQgkUog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wKoMoAYQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gmUkoAgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zqMccMYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vUcAsIUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LikMcEYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XAwMkQQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sEkwMMsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GAcoAEwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IGYoswgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rEsMogIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZQswggsU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bgkMoYIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yScIIAIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QQQgIUsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YUckcgUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HkEQkcwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bCMYQQIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nCwMcQow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BCkIAIco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iOoQwoEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aSwgIsUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aCgUUIIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DIAsIocc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HcUgwEcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RuwwsgEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lAssYQAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wcQkwIwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sWcQMUkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\smwkQQYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uOEYUsME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hagYEgUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xIgkoIsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pUgEMggg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JYQUYsQU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gUwIUskY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ACwsMEgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WOEAAsoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MQsQoocc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vygsAYkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZsEckgUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ruokckkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fgkwcsAA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QUYoEAsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SAYYkcEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sKscwcwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iGUIEYws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TiEUEEME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JuQEQUog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XWwIcIcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LKEwEMYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MokocMkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GmAMMAYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QYAUgAgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZyMoEocg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\sihclient.exe
C:\Windows\System32\sihclient.exe /cv 3koMc1jjHUGi/dKsLeMgZw.0.2
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HiowAgAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZCkggcMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VuMggwQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ukgMIssY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ScwUQIos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\csEocoMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hgcoIYcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\naMcooEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VgMoscQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TqkYIYIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MawYwccQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GWEockIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oesMoQcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sKIwsgsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XucAkkkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VAYgIkMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wAgcMwUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yagUwcEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CSEUIAMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eSoYEsEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\toUMIsIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fyYEgscw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PAcUYkoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.169.14:80 | google.com | tcp |
| GB | 172.217.169.14:80 | google.com | tcp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
memory/4484-0-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4704-12-0x0000000000400000-0x0000000000433000-memory.dmp
C:\ProgramData\vAYUwgkg\XuUAQkIE.exe
| MD5 | 65f53fbdc95f7ed5cc99117239fc3815 |
| SHA1 | 3ba43bb26403e3550087568808e54e1805b2fb54 |
| SHA256 | 78fa9d190135973a802b5adedbcedb8f1cf34acb7ffeb196e73bd0f73eb71498 |
| SHA512 | 533e4d3c53753d1527b79dcd7b28f642244664752bbeeb855eb69023587b6e647745e01585cc02477e0492029172ad010d70dcfaee1061c432b2e9aac566e824 |
memory/4884-14-0x0000000000400000-0x000000000042E000-memory.dmp
C:\Users\Admin\lQwMsgog\SCkwYUks.exe
| MD5 | 9a2a702fd2d0ab0718a2aa800c38f829 |
| SHA1 | 9457e0d81d8f32f2ea15760850b8b9b7a098fd62 |
| SHA256 | a9e670f7a08f2b859823bf3225a1f402b91945fdf4965219927898fa477ac4cf |
| SHA512 | 4586cc8ffd09763d2bbf1aff55e07cf09c68b045c6b9dc5614801de3da9b3896437bff54c0be9d28dea15f457d5a31eb5bb7e8b363bc0006f573831766f75613 |
memory/4484-19-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\YAQgkcgk.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
| MD5 | a51464e41d75b2aa2b00ca31ea2ce7eb |
| SHA1 | 5b94362ac6a23c5aba706e8bfd11a5d8bab6097d |
| SHA256 | 16d5506b6663085b1acd80644ffa5363c158e390da67ed31298b85ddf0ad353f |
| SHA512 | b2a09d52c211e7100e3e68d88c13394c64f23bf2ec3ca25b109ffb1e1a96a054f0e0d25d2f2a0c2145616eabc88c51d63023cef5faa7b49129d020f67ab0b1ff |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
memory/4432-32-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3468-43-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4712-56-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2616-57-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4712-68-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4536-79-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4976-92-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1400-103-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1992-114-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2436-115-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2436-128-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3464-139-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4908-140-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3464-151-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2832-152-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2832-164-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3236-176-0x0000000000400000-0x000000000043B000-memory.dmp
memory/512-187-0x0000000000400000-0x000000000043B000-memory.dmp
C:\ProgramData\vAYUwgkg\XuUAQkIE.inf
| MD5 | 064db4d89caeff5af8fd704df6fa26b8 |
| SHA1 | 9dd2775d229abcca72f84fa5da65306455868afa |
| SHA256 | 1a3f964a451d727618baabf92adb294f2aa8ad9df34f6e2cbcf642c014cbf1c4 |
| SHA512 | 27891672175bc1edb79e36a013fc1c9917db5b542649f40e5cbae6143f1efa0759ba3f5c267a109838f7d4d6018f0a56e53cf8f6cddd7ed3c79f226363b01117 |
memory/4468-200-0x0000000000400000-0x000000000043B000-memory.dmp
memory/5016-213-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4660-224-0x0000000000400000-0x000000000043B000-memory.dmp
memory/944-235-0x0000000000400000-0x000000000043B000-memory.dmp
C:\ProgramData\vAYUwgkg\XuUAQkIE.inf
| MD5 | b344ca874c60f29e44c55eee39c82d8f |
| SHA1 | 3dd1db6ba707075258b0d017e81a482b49cfbeb5 |
| SHA256 | 09a90bdcc53b8fff59dc4a2940e44bf197299357b170a9432ceb6b08cf056534 |
| SHA512 | d3b63ad20049179609d326258e1f804fef27840bd96da67def3e44f89bd49c251f69325807b41ce73b9ca624d0bb2b111aedb8c573eef152c00d18d4e0e6781b |
memory/2804-247-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1032-257-0x0000000000400000-0x000000000043B000-memory.dmp
memory/208-265-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1688-273-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4252-281-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3896-291-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2836-299-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4228-307-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1592-315-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4000-325-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3856-333-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3932-341-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3000-349-0x0000000000400000-0x000000000043B000-memory.dmp
memory/860-359-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2956-367-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4464-372-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4024-376-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4288-381-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4464-385-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4288-395-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1000-396-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1000-404-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4316-412-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3012-421-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2828-430-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4960-438-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1932-446-0x0000000000400000-0x000000000043B000-memory.dmp
memory/5016-454-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2480-461-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1852-465-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2480-473-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2912-481-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3736-491-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3368-499-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4040-507-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3472-515-0x0000000000400000-0x000000000043B000-memory.dmp
memory/5032-525-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1340-526-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1340-534-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4720-542-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3636-552-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1520-560-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3872-568-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4868-576-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2364-586-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2928-594-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1068-602-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2556-605-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2556-613-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2924-615-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2924-622-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4660-630-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2108-640-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2368-648-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1052-656-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4256-665-0x0000000000400000-0x000000000043B000-memory.dmp
memory/976-667-0x0000000000400000-0x000000000043B000-memory.dmp
memory/976-675-0x0000000000400000-0x000000000043B000-memory.dmp
memory/764-683-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4796-684-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4796-692-0x0000000000400000-0x000000000043B000-memory.dmp
memory/4464-702-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qooK.exe
| MD5 | 80f8982bf514fee730786d2051fadbf6 |
| SHA1 | 2ceedef9ccf7de6bf9c7e31c5783cad3628892a5 |
| SHA256 | 0b028345b73a6b5857b0084060f8ed662c5d8b9b5920c8f6d256314bdfdf6b8b |
| SHA512 | b79eb3d0434221a3d07d3c7c85104c681e0a8526d6b724ea70b5c263b76f6fb953ac82a15feaa18d0ede63b5f0ce6bad5f86086908ac412e20e6d25d5d72c285 |
memory/2028-718-0x0000000000400000-0x000000000043B000-memory.dmp
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.exe
| MD5 | ce61b419f4c2513a84704fb58620d0c9 |
| SHA1 | 2d8af49a3c102b5d84e7108b0bdbea05a1088e82 |
| SHA256 | 349a152086afd63fb7b6305be903f58bd93a1025329188cce811bc9eab2e6334 |
| SHA512 | 5d09a6949f9f2bf5422d3f368a9b90455dd40ada28483c7cc7c50717fa4c22148f4000de93e9a132d82bfaf43fbddb05fb8a746576aadf19fa32883fecf33e35 |
memory/4536-738-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Ggwy.exe
| MD5 | d114025a816521ecfdcfda1ddf9d6dc7 |
| SHA1 | d09e071fcff5ce2ea1822b2403c3803e1393ed31 |
| SHA256 | 7b088b0e633b1888cef8c5acf0b36579544f3c9e6cbb394484a88ace53ed5949 |
| SHA512 | fcc5afed81a6de9ca0b8922987e3e8ce3395e7551c5de0bc3694389236cd3796a8bf3ae3d7f33f8827c98ac5b3b3f2ff21ba66e47aff889258ebae5e7f1a89ab |
memory/2028-755-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\eEgK.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\Users\Admin\AppData\Local\Temp\CMUK.exe
| MD5 | 04526224af6d753e188afdd12b5bad5b |
| SHA1 | c89e56a86b2ad5f1294721b8b5552066f0ee968e |
| SHA256 | 66f9a19584e1a52b2719ecf5f4c89f21edd1d241a18e103de7f15811ae18281f |
| SHA512 | 8da36a9a4460a82d6ef47d4050753fb896a36c5003b0021a2541e2af1307487dc43a3e6ebee15b6250ceae6e266b3f34c96e936565966a88be699bbdbd2c9e97 |
C:\Users\Admin\AppData\Local\Temp\OwgW.exe
| MD5 | bdb99ce7ee29a684f1203e4db467e360 |
| SHA1 | f2dfa5010e8c3d32bfa67d443fe5b3f5eac0f131 |
| SHA256 | 871aa39c5fd9b41db9da8869eb37460f88a92c00267bc54d161505940fc96f4a |
| SHA512 | 1770264e82e2a2b6196a4fb94b374d35a714454a778f2817cbca874fa5eb5152f823d46f658aca069c5f13bd5f05cf1cff76d4027e145e38d5b509cf4d4cfce2 |
C:\Users\Admin\AppData\Local\Temp\wwsa.exe
| MD5 | 425daf96aad30cd551701dcc9a99a812 |
| SHA1 | 7a224a65db855d27f0233abbcb99ce33f9092909 |
| SHA256 | ff58ee4757016184e5f96c23b07909a93ed6c54b28f32b6e66b0c88eea2d74ae |
| SHA512 | af3fd556949f7e2779f1afda3fea9aacfb934f1dbac064c648ea2843109eaf1a9ac8f1cc3d47cbed161734247efd1c36871c059d7bd78472aa0abc9f5f8f03cc |
C:\Users\Admin\AppData\Local\Temp\Okwk.exe
| MD5 | 1a979f0c65a6cd6e89868e3bca6d059b |
| SHA1 | 7ba5be6fd29654bcd25abe4013920be87096082c |
| SHA256 | 2387e4b61d3bd6fb8cf10d4ac4616b3cce6b3cbbd5eb6ca1410bba3dcad1674a |
| SHA512 | f524da2638e0edc753565bb83583f1a0dcfa090e9710f3e4055b040699b8e8dcd7159894ba53665ac6ace21434dd710ca9b8aa409a77ef8259ed194fa993a2e4 |
memory/4536-819-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EcIM.exe
| MD5 | 787238fd5e62258d75a8d2d4ebe7ce4c |
| SHA1 | 65a252b837cab6e0fed8d118d59f88215a766b45 |
| SHA256 | f3630c55f60a9a4b71bf51108a0a1f50e6e856f69ddbf36f2aaf544b58df84ee |
| SHA512 | 09dd5b11326a6cf78015bc80bdfccc37ded698970e8e0030e0b64e3537e0386865aebfc9b409ce7bcae985828de95e3a65a7ece6114efbfde3df63189ed2937c |
C:\Users\Admin\AppData\Local\Temp\AwsQ.exe
| MD5 | 13a7e7572af2ff2fe5f4fc9f463bdad9 |
| SHA1 | 006edd1e2d043d90d3c371b42471bf0916431af9 |
| SHA256 | fa09b757340f1ef8f6e162eb07b4dc480b7b954d02baca84a9a7cc84ca250bd5 |
| SHA512 | 4f32b526aebb5dafcbd1f33d1b6b241055c00e1c561ec62ece4b0f5be51fb3f239c18f226475b043cba2290dc7700e3770bd6c0954287f7d195b2e723c83fd5f |
C:\Users\Admin\AppData\Local\Temp\iIEA.exe
| MD5 | 5675e7a65900f1e338a307c9beb25e42 |
| SHA1 | 9e1ac4fcd85a6449eb6f450d46cf0db4e1acce14 |
| SHA256 | 78c181dc463e302c9248b42e34dec4b9e7b5ca5ca1ca47c4425f025685d51861 |
| SHA512 | aa7a29a3024802f8cb632f1ce50631cf27b0e594592586ee3f1d4acfc3d5fbbbbca0c3574bb13755c70543f35a053b8a36d3fdebd81724aeef28c7fd6f415fde |
memory/3604-869-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3068-870-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\yooc.exe
| MD5 | 4ba3e4ea01544d3283be0b074f4dafec |
| SHA1 | 2559e0c070311b32f8f1a03daecbf9398e244792 |
| SHA256 | f5c60a1f2fd058ce831c3645f2daefa037499a46b99f5ec2c4e7973c434a7d6c |
| SHA512 | 433c0619acaaf6409013dd969412a0b26ffdf7990d9037512693dbc8ab1da0c5949c785b335ee47a261cef15226e80567d6021724feacceebeca52a30b68c2af |
memory/3604-908-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CAQQ.exe
| MD5 | fd585aea973a793263216b155ed3d72c |
| SHA1 | 473d7376ace3314d78ddc3dd8587e3b2cab80c11 |
| SHA256 | 58cba064163599ced5af369333eb6c500eba071b4571e6d9c1844bac89c6060f |
| SHA512 | 505b9ffc59588a7cc32120978417e7e0404b06b222be913697d5d12c1e0995fbe1f106f8652b00e45e6bd565acdc990333a08857d45df5c94dce61bb6e211af5 |
C:\Users\Admin\AppData\Local\Temp\Cswi.exe
| MD5 | 0aff1fe349e42bc6b45a5a210d99f14c |
| SHA1 | 0711b90b919d1d61c2d00ba06d39ac572230191f |
| SHA256 | 6ff6c9608d9f1a379cda2f3467573ec2fbc2bc705930a685e01f21a4f4c009b3 |
| SHA512 | bb1dbb86930c59399dda0f3cd1e8f62b7b4be15951b96e831c4b8fe61053bc82855499fcc85863be7b660e76813469ece3fc46c9a1a8b386da96a0204e458d59 |
C:\Users\Admin\AppData\Local\Temp\UUMK.exe
| MD5 | 0a4eb505e0c94d0f86a752a9065ea015 |
| SHA1 | 53d40df17ad8ea0f2516446d7835f8e009bd5608 |
| SHA256 | cfc0f4a9d79bfeae38a6a4d7ef7c7075c6362e208b669b4108dc842c57bf2d63 |
| SHA512 | b18c246c877edd9f814a3a8a666532653b388c7e186bc2c050235c33dc7736213c481a462bc2cae04b354a4422a8e98665ab0b1a8a836ad23e80b9bdb1e748c8 |
C:\Users\Admin\AppData\Local\Temp\OcAw.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\Uckm.exe
| MD5 | 04aeac516ff6375bc5425e5311e918b7 |
| SHA1 | 7aca0e15e5daa1ab542fd579afa61d684e2dbfcb |
| SHA256 | e0c465b5252335916df17a8f738e411e2145964437d29a71ee8004a8aae77dce |
| SHA512 | 481d86219ef8877049cca6d6da04e835462fa619d0ed81ad4743bbe3d7ad9359f066950d16e96e2b280994e74bf5a89a50e77fe336f6ccbe168b4523c7c7de23 |
memory/208-955-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qkAI.exe
| MD5 | 805cf72fa59df348437bcb53e95ac529 |
| SHA1 | fa208a90e21e16f473a76cf4cc6e765eccf02dea |
| SHA256 | aae9a902f313047b50eea0af55d78063d34a81fe1d99336d9aebfe888e8e52c8 |
| SHA512 | 8a7041524157f77452ca5c6e74a79c9e826c481c85e733895dbc9d012dbd92d04c066e81c04e19357680a345193c9574a99991b8bc70049192906da11aafda62 |
C:\Users\Admin\AppData\Local\Temp\ScIi.exe
| MD5 | d32183ddfa2d9cdd78a6616bb38398c5 |
| SHA1 | 4f940501f039433cce122e4bed162bf3f732b1e6 |
| SHA256 | b9365b8e42c8f10b0da40463493230b502b2ee56eef999ddafedbd13a1d0b58b |
| SHA512 | c907d7c15c6183256d6fbbccfda45dbd0ff5a9244d8140124b9884a87ad23dd3bb9d7258d65070407c8959da01a991759fee76ae0f4329fb751f1238637fe5ea |
C:\Users\Admin\AppData\Local\Temp\kYMA.exe
| MD5 | b7729bbe68755afea05578b2b8949805 |
| SHA1 | 41d49028c2644df6aa8595af62ec5692ddf15bec |
| SHA256 | 61d6ba61708a808588f45adc32b5209831518e7aef1277312e2b764633f1ce0b |
| SHA512 | c4fdb926f7fba3152432893e0c1195f4c16dfb0d5e1fbdaac15f11ddaa2eb104fc89790196bd72a10f81388be00591026706199d8a4d71ec1c74b257bd310953 |
C:\Users\Admin\AppData\Local\Temp\IkAU.exe
| MD5 | c646ac771cc69c900455685c37723d2e |
| SHA1 | bf695767051d888078bee0001e726fde4c411465 |
| SHA256 | 1c0aa4dc4928a8e3888dc9d6f0b9e54f012f24956f281cc7e8cd66bb6697300f |
| SHA512 | a32b7a85c7d10c70a157962146bac4a46797811d2f2123820d7f8d8c86aa56eb83e4d840a45cecc945353a89555ac910cf1fc301dcb0a096fa0668f022942a56 |
C:\Users\Admin\AppData\Local\Temp\uYcu.exe
| MD5 | b8e7470793db2c4e5c915906045bab08 |
| SHA1 | 0425acd623729fb9ab0a0bb678827d472fac921f |
| SHA256 | d3bb3482a545f89efecc18b156d43ca58523b07c7df162d4726155dd5054b8ef |
| SHA512 | 00554bca7048632811129e4de9103929c34a8afa790c7b140cf2fe6160fa35588f483d0ba28722cd62e21bb978bc15bdaa906cde7e90f18a2851537e3dfef28f |
C:\Users\Admin\AppData\Local\Temp\akEM.exe
| MD5 | 12ce83e48492328f30249e7819306a7b |
| SHA1 | c4d1c7531607b0e686daa8c38b0f7e8a1b870748 |
| SHA256 | 0400ceb89a83ce00bfb221490ad21dd7dfaffe7604b6b1870be488ada30e6edf |
| SHA512 | 35f7c182bbe7efbe82be18035f61b313be42dbfac2a9686bb396f1c28655a408073ee92bd44e7d9ce55959a5629e8a422cdbd55902879d367b17faadeafec5d4 |
C:\Users\Admin\AppData\Local\Temp\KoME.exe
| MD5 | 011912a39dfd2e77f890561b5c6edaa2 |
| SHA1 | 30028b446a8c1ad039157f301e5831cf44327c33 |
| SHA256 | 3a568f5f16ca8e0c77d8dda8115fd93b2c8e022b91e02298345ba38a0cb92dcd |
| SHA512 | 2cda537ba9213faf2019c371a174c2ac16323392be796bcce9ee858b9da5efd2578512cf243adbc93b465d14cae8e2a18eead90403073ad9141d68ef2cab5f0f |
C:\Users\Admin\AppData\Local\Temp\OwQG.exe
| MD5 | 70965233b7f7d55efa885a7ed5406bf9 |
| SHA1 | 2417db1db5f45952e84be81377a438ca2ad1922c |
| SHA256 | e4a60d997e33349267d522e6714e37f080342af8408fd61ef5e0316348af9772 |
| SHA512 | 2fbf312d026f7c54c1c8cf5854753c21f111f7960ad5c6a59f4149811e6499d901fcb6e752fea6a5c3eec019fe736256a22e8e36a6d18fb8543cbfc19cb0a6f8 |
C:\Users\Admin\AppData\Local\Temp\mAUy.exe
| MD5 | 29218b9bcb1ddd0e5d1c49ac3cdb2cd7 |
| SHA1 | 274daf5d7c538670bfe62606559075e2fc602dbb |
| SHA256 | b345463fbf0af78877da752bff38af8a741be9794f8685bedc1b522b9b91409e |
| SHA512 | 0b38446ba37b23187b0c87d0de41b7d6503358969d672f727e5148cfc630d70ea7d1d2fadc43836af31cd02cd63ea513eb272577f695b2b8a45c36935be5885c |
C:\Users\Admin\AppData\Local\Temp\Mcwg.exe
| MD5 | de1946ad42f142b8b7a64625de0ad6a5 |
| SHA1 | 8612ca9402ef7a1f9872a5a9076fa5fa106eb9f1 |
| SHA256 | 4cfce407f82a983c8dff5df29a2e21e950dbc7e711bcef961979c4fb95552978 |
| SHA512 | baab90ba4d36f6260a5b63f850385ce9d66ba560a0cfbb827a573edfc1d8f6f43eb613c10a531a3f58e07527b6c8e85de65dc636156ae3cb5de7a552632a7d22 |
C:\Users\Admin\AppData\Local\Temp\yoIw.exe
| MD5 | 9a6cbafe26e0f0aa0acb457e79f6d0ef |
| SHA1 | 8566c54a017ac8d8f54732c026f543c90ceb8a0c |
| SHA256 | 27a6087d4a4583beaeb05bd0838a6baa4c15b8eaa4969c8aae82cd86585e3fea |
| SHA512 | 756cc557392f082ff2689206c8e05348166a381f3bf94398d0acebb4cc3b6f6beaaf20d7e99a213f4cce7fdb0d01889a855289127c8130403cd00a98616c2122 |
C:\Users\Admin\AppData\Local\Temp\YscW.exe
| MD5 | c5f320944cc8cf9d9efa224fc918a5ef |
| SHA1 | 78b41c2d78e16796d5e50eff9a605035049df208 |
| SHA256 | 0942de31aae49331d9ae5a2335968665af14d0e2bb01d2cf2d13bd8cf79b73c4 |
| SHA512 | a45ba7646787160d20707858b9decc107719ef6db5240b2e11017d467603f745a156024cbec63b04a97eba7d9c5742873e863df79cf9275bc79b4d90205e6a91 |
C:\Users\Admin\AppData\Local\Temp\oMIm.exe
| MD5 | 2f952a5dc25034a637c274ee34939057 |
| SHA1 | aa84042fda7e9930a1eda5fc61d99be2ce51936f |
| SHA256 | a914c6d594153ac05a516953863ba4067b89fc8e2461739d4a7ee53fb5ed5456 |
| SHA512 | 79abf5ed4a6ce4ce296726cd04a08098e3508e271075fa70aadcd8532e6aff75af9ef14a40809d90abc82dde945643c0af4ec9f7c6bc64d9329516d6259c82cf |
C:\Users\Admin\AppData\Local\Temp\oggS.exe
| MD5 | 7149e7f497b7f8c3ab7ae278039421f9 |
| SHA1 | 22a1b6adbf14b7d9a086559faad273e459d80652 |
| SHA256 | b28c9987fdf8b76ba6604be1e0d84eb1cdf2971d54d87646220522e81e1306da |
| SHA512 | 42509efa4efbf3041f814dfc4d7cf6ea8e5070bc800a6803eec571b0640dcd6854756305d896ee4bfa90c86ed97fb0ae02f30892fe90161b408f5dbb20670c76 |
C:\Users\Admin\AppData\Local\Temp\iooM.exe
| MD5 | 1f0616adf821dff143b4ac254944e328 |
| SHA1 | fc3537d815d19f2b536103c586830ce9a2da854b |
| SHA256 | 23e366ebcb94134c00044c58ef90a3a46cc81707cf154ac243797784a13f1774 |
| SHA512 | 4c5b315f3d5328b4ba239a3e41f915aae87d11b5e5a7e7e7bd9059a6bff77526aedbddac21cd60fc3042325ee1ce923c0f69255d7e1656de101c8bfe3223304d |
C:\Users\Admin\AppData\Local\Temp\Qkoi.exe
| MD5 | 4ddaf7f9b1d69b60a276fe77895e2886 |
| SHA1 | 0519014cc755104477288783056d3ffffcb9d6b7 |
| SHA256 | 885f6a18db163a8bf7ea38bb170c4627a00498f9ac1b634c9a72168a1012e47e |
| SHA512 | eee4abec761e934a88128f44af1e49b0ae01abf4e3a245fe908dee106a35a5200bda3e092d0bdb8d97bff7fa58f07f2d6e3ed70e7fb98c6dcce2817bf3596559 |
C:\Users\Admin\AppData\Local\Temp\kwgc.exe
| MD5 | 1a5a3225a165ae18bde52be65a4bbb24 |
| SHA1 | 8e53169e4f615ee1c097e20f2495a0ccac2bb764 |
| SHA256 | 5a6cf925c85cd55aa11a4aeabdb3c75f203833d8f172be5873b501dab7ccfb88 |
| SHA512 | 139b788882244b408f49685993d38a50c9934742f0148766944d90558d06031c63a49c749b848fa8155c6f8c9f21622404ab45e0a8fe0079304d24d1e83822b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\192.png.exe
| MD5 | f0fbe0e68b028192d1f44190a7ce2b90 |
| SHA1 | 650c1db3031cca100bc28d20ba1c3d0100487595 |
| SHA256 | 06e7d2f00c2c84781ae337119ede75398b0aac114211a1d70b3f1a5cec11ea6d |
| SHA512 | 5872af24f992c1526b3c29cb901ead58bfa790f6c2cae7b72cac286af0ef84e33c85eb0962becc8eae4e8617c42b26bf2d6f9072df7ccb8e835e3e2370e8e73e |
C:\Users\Admin\AppData\Local\Temp\cIYs.exe
| MD5 | 7e202d43d9a516c6d912340f5c0256c7 |
| SHA1 | 5cd28e3b0cb5640a7f3d558945fc6aa0b3078d88 |
| SHA256 | 9073b70aff8af76b6e02cf0d92a6c8f385cf6bf4f906f3d8264c62ceab1cf76d |
| SHA512 | 731a2f8819402aad138e5e1c46dab02ac508529aff5d67926263511e5fc195e25dbed3ac8643d850417a56f438eeac76784924c4925796a29faf652eca354c46 |
C:\Users\Admin\AppData\Local\Temp\sYUY.exe
| MD5 | df6695497cf5dc0d8939fcf18bd369fb |
| SHA1 | 6762bf2bcdcb08b5a933fc3163b3bec5e98ab7f2 |
| SHA256 | 22511cbf8e8c572e1874943a564b8dd40ec4f382d853c5ced07f18c284175838 |
| SHA512 | bc35bd49420d4b9440fe1c504d67e1a880fc31fb465bf158b66a775c6333eb56a5d29c980695c172e601c9fc88fb3fe6fd71f916bae87efa46254ead1bdde810 |
C:\Users\Admin\AppData\Local\Temp\KwQO.exe
| MD5 | 377b59bb2aca0228d831d3ce95718871 |
| SHA1 | 5281395488e8f5ebd4d5bea39f2175bfc32e445e |
| SHA256 | 4a5cdb1f0a6934d44f65510654cb8f8e3ea40cd7c52e2835d0fb21e632548f50 |
| SHA512 | d371cdcdde7c253564cab3dbc7ae4406c5248d025fb63e03adb76da097d85b838989080a2f5df63e7fe40a6ecbaf9c497614bf4a1de6845ae9f52f86e62757b0 |
C:\Users\Admin\AppData\Local\Temp\aYEC.exe
| MD5 | defdfe1bd92533a73bf840cd9344fb20 |
| SHA1 | da3332060cf00c3577fc47035363a61af9915186 |
| SHA256 | 622e7b08ebe858a4d8d00da81113c0dd5158a5d285ef1403a009f0d15da3ea70 |
| SHA512 | 208010403f1843fff12f9b5150fd36852eed5e157effdf826311021e82d6a203a1a3a06661207adaf732988456c2cd14683ac7f3abc8b3a5354ac3bf9a29e9fa |
C:\Users\Admin\AppData\Local\Temp\YwoC.exe
| MD5 | c77414ed38d50c7e5185aa4bd1a40820 |
| SHA1 | 7eee1ef35f6360ae1b57742bb6a51b9e0a6668c4 |
| SHA256 | 0c921241559e2242036ec7c502beb4ebd01aed55d57cbb23c3fb1ee850706ba2 |
| SHA512 | e9145a165a73881f7dcd8841db40e762c85caf7c43c07114af66fa5bf750c771ab6442c062a7341b669bc6338a7ca12874d5d08e79fb13fb16bb694ba8a9b0eb |
C:\Users\Admin\AppData\Local\Temp\OYEG.exe
| MD5 | 25656a58016a490169547b4e362f607a |
| SHA1 | 303f0f573efb64631fbaf7fb73c912049abe57f2 |
| SHA256 | 0ebd142920965c1412e08a7e70dccb0cf3d7d01282b76b314d429b6116ac38a8 |
| SHA512 | 4d2a8a0749e506f50eb1bfe2946a2b652e57d75b452f10dc7faf4c28640fca0929fae3fadf8d0998d3daf8fbcce7276a5e3976c0efb990b1fa5ee32bb83ecfbc |
C:\Users\Admin\AppData\Local\Temp\iEoc.exe
| MD5 | ae8a9b527bc2272b1965376f2134ef90 |
| SHA1 | 530bf50db6e983d836536bf20bddff6a831c1943 |
| SHA256 | 8803310c6d75d9bd988156d4f12edba047d1389ee7d538a16f7a2fbeb768dd78 |
| SHA512 | 640db106766de4ba86d300fc2f189d951910dfa5238b62f9464626524a64b99bf9c8f58e60312ede2b57f5ec45edd5c37005a1f5606dee545b8d9041e679b7fc |
C:\Users\Admin\AppData\Local\Temp\iIsG.exe
| MD5 | 2e1b7c733caafab10e5ecf63b861ac41 |
| SHA1 | a2abf40259d05ca9a0d3802ebe28eb62582b79d5 |
| SHA256 | 4caf71a6a8f6ee86ae32339c975bcb735df2a9762337061dbac721f7b48e2676 |
| SHA512 | 47668bed462697f429c69051f6c70b5b107d5050baee0a60d7b1b3e8b259d4751c4f628d9ae5cd1142814feed3ebc0b5af6c300f17eaaae06d20bf29b4aa0b26 |
C:\Users\Admin\AppData\Local\Temp\OoIi.exe
| MD5 | a9516a4ed9bfea94a5ebbe6696aa0c37 |
| SHA1 | 3ee64636a6a9560d7447d10a01d4cd3a384cce2a |
| SHA256 | a2af3e4e052e7d651f15b13d88e77e39853c80c9bccf39180d0bfd47364a86d3 |
| SHA512 | 67e29b2c7dd9c8618ea8353987030e40590d79678125be75256a02a600a516b23656f3ad50d75bb483ef23dd9070e9fb432fb7b86065d4d78ede8234aa522bef |
C:\Users\Admin\AppData\Local\Temp\oAAK.exe
| MD5 | 9835cb0ddd47ebe6da2c3292363fce4a |
| SHA1 | f7a88b7871b3f5a305bf8d9d54aad96028466ab6 |
| SHA256 | 5785935d0d6c4426df654366eb22c73399f6e64ffa901f7321404ea0584e22f8 |
| SHA512 | 0be7016e2d797e46bf61c930ca15fafbc07ca9ec8baca3a97216f0792ab5d4754b60e1a2cf1d49bdcad15949eabd766cd84857f0d8cb9222ef71b56b598eb322 |
C:\Users\Admin\AppData\Local\Temp\ssYg.exe
| MD5 | 5c3b01d686dc79cbc7b4f1117db823df |
| SHA1 | d9514cba5957e05231be0000d02d903fe8666030 |
| SHA256 | 21eb09a5c9615b65aeea2d83869a990ece9ae25ceb04b44452e75dabde3aa005 |
| SHA512 | 2977d3ed49769eb70f7af4822067698ede7e37f9706afe04e26f3299ebadc9df1deed113fff60ae631b9a32dd759029f49e4517eb7e904b6de0e04ff1ac3cd3b |
C:\Users\Admin\AppData\Local\Temp\gsoY.exe
| MD5 | c8da3baed120a18092fdc856bb5747d7 |
| SHA1 | 0404c4eaa31b7e7e4006198a8b9ae2e5c827b006 |
| SHA256 | 174c4f41a4161464bdec5e64c0cbe8e63f24a2ff56566d29be488b6b391adb97 |
| SHA512 | fb2eb7dce6b8670a9efe8d90f7a172ce390ca291dcf970576e2f567245b2ea48fca0ac216f80834849abaae456e74b85706dbc8bddb5058a63b65058bd48b796 |
C:\Users\Admin\AppData\Local\Temp\IocY.exe
| MD5 | 1de35c972c37ada7731e81d39dc36e39 |
| SHA1 | 6c780cec4e23d9ace83a44b633e4c4c224b02241 |
| SHA256 | af2fa959d3e0e390b24336eb56f501a7a87e1a613ff14a1d112eee7158d0f277 |
| SHA512 | 8146f90dce375f442db10423b652337e8baf3d63f90c0e4ae7217bc167268af65f9c7ca040cb72cf6cdbddfc8ebd2ef49f715d68a0a9d5ea7051dac82cba6784 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\96.png.exe
| MD5 | 27c9bc3016d091c78394c1ca58e7b674 |
| SHA1 | f8cc4357773284aef63b6a97e44c19f0cb38b8de |
| SHA256 | 8e33c38bcd18fb17b7927896a00e61a86e276133dfea429d373b11518de45473 |
| SHA512 | d737948df28864acef5ecfd8f6a372b62b801d86a94a3a58ee543a84c12746ffa1a38b980ae5b9d1c7b599f7f8d1a76a8ddfe994d2392541a8ebd417aceb6e9f |
C:\Users\Admin\AppData\Local\Temp\gQQM.exe
| MD5 | 133b0d507c077bc7d25922f0334585f3 |
| SHA1 | 5c1b04c368a92a06f9b17f171334d370a05693af |
| SHA256 | 075e4e1b4e3bc27998b0d64f41b973bc14ccf93de299942e813d7af49b18e97e |
| SHA512 | 30b6644288c46b486adb7e584215a4068ff4a700af883b667003fe99f6adfbb5538c9abb2eb4384f6e2322425ff303e45c837c9b1dd4f52aac5b1e697f668a41 |
C:\Users\Admin\AppData\Local\Temp\OwAg.exe
| MD5 | 1d3723fabdebdba76b9fc97eab7629c2 |
| SHA1 | b5acf2c9b98874787231be255f62dc012f43272f |
| SHA256 | d87ef791015fbc1bbc65abf677f3a71b68e3fee9da706ab22a46a0e9287b5083 |
| SHA512 | c8c6c3ca8153e3de2fc8cfee2b18b429cc0a98954d45febfeba047d32bc8ad1f763032737b39aacd13c7561b7acc03643755bcce291fc7619257a91300cf5b4c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\128.png.exe
| MD5 | 4d42be0c205ec97928463281cad0a04d |
| SHA1 | cc488b51d99ddfdd3b259afec1ad26f97e2c5b0d |
| SHA256 | 5cc8563bb9597eed525142fe6502390077a364cb99ecaa9e9595bed70476b84e |
| SHA512 | 566314fb68ed7dbe3f357ca322f8718bbc2b1fc5d312fe730d526d47235464a9ba6eddd7a0bc0f42e57d53767aab8a6da1f61c744ed3c474c3bbcb1d6db24e1b |
C:\Users\Admin\AppData\Local\Temp\GQcG.exe
| MD5 | 9460625f760f0c1e69889a6b2c5d57ff |
| SHA1 | b80a997078f08236a047d2cc0fb9a1bf5657c910 |
| SHA256 | 24b3970378a6f8bf93f6a9a58a803f2c77276305e0a309ab3d9872be06494ead |
| SHA512 | c6852641c2b0addf8eb3359f5b5e38a05b269d587f20a8aab3618398e79b3201a8630f31f87f9397d873fe9a81fed00d6c75e7d8fe9c51b927d327b9bc07f55d |
C:\Users\Admin\AppData\Local\Temp\WMMm.exe
| MD5 | 47cacb470b82f41d4c549aa60e1fd686 |
| SHA1 | e60ea2b7581861006f43f44f41b4f54c08bb0106 |
| SHA256 | 9a8d92ba6da197058bd97e282b2e746b1cc65973f60a4789e11551b1d7901c8e |
| SHA512 | 2ab3f025370be6e3c8f199da702d6324b6aecb0e6fad4ff5d44a1dd025dc707a0ee4162e37c354d61f20f354e6cc216e2a38fab52990ae7e21ec87dc41123380 |
C:\Users\Admin\AppData\Local\Temp\goYa.exe
| MD5 | 324aa1a812dcb859c5b13fc32615f411 |
| SHA1 | b16e17e44fcbb3317809942b524ef3f796aa93f1 |
| SHA256 | 1a4cc31bb0472afddac3682039266bde653d34998a7bc5ecba71ee0c9e552bb8 |
| SHA512 | 84f0d8fe7f3664b2443216fa1736400d1d61ff0707573f7fba70f2d066e9aba5b36ef7b5d7e6e6289737bb708e2492cb53a5aec869438709477e008879231aca |
C:\Users\Admin\AppData\Local\Temp\UMQm.exe
| MD5 | dbf40dbec2fcb2328aacd79c604357f6 |
| SHA1 | cb40d49fe508330f72b7b22fa9fc82129ad724e8 |
| SHA256 | 2a7c275192e0723c01852eb59b2adfc982cedcd943041338b6b19661de570142 |
| SHA512 | ab4d597f077ef85efe2bf6504903004f214d896c537733a974812ff6b9e581046a4e76b2917be4ccc1ffe255977522dab2aa0d906c764eab12a5bfd3b6cd5acd |
C:\Users\Admin\AppData\Local\Temp\QgUC.exe
| MD5 | a9fceb0b7c78f541a9799c37f1449eb8 |
| SHA1 | b8f8c9c8c4dcdead1b1aa1847780287fb57c4ff0 |
| SHA256 | 8e84cfbb497355d079d69e27b70d45d0c606c85f15c54798169f792469044066 |
| SHA512 | 2e079e3c38f23b4c7a105af69f79b7fc9d251e400b06af14d8529aa19319f2f41d1f38bbecf1c5834282d3cbf799bdc1f608291dcd1264307c0ac8e7eb4ac01a |
C:\Users\Admin\AppData\Local\Temp\IEgm.exe
| MD5 | 91077a72e4a911763346b6f68a05b8e1 |
| SHA1 | 2966ee2cfc1edd899e3faf71ffac9862dbd8ccfc |
| SHA256 | ca2fad052fbd9681b222c5149deb68f6d085a667ada99225cc1d98b10fc57a87 |
| SHA512 | 484d2a61cdcb75251ecf2446575bf63c6fd175be5fa4f73a4dcca4b78d2235a8d7c458ca1e94f93cd60c94466ac30f7af6cec87a0e69fed1ccbbda4957099ae1 |
C:\Users\Admin\AppData\Local\Temp\uwkY.exe
| MD5 | 3fb9153b938973c1b6dc8ac60894c8c3 |
| SHA1 | 6d4fbf4f76fdb76108fc8b175403efc3e3a107f8 |
| SHA256 | 4dfc4ddde7be3f810754d71d3b47b41f19e903d7bc4f2aae96a9475f000ae17a |
| SHA512 | 0a7a76ae030c448304c20807a9c3b5ce8a7a45e22901fbb21d930224a41c3dd92c18338b77e866638c69c3947bb3ee8928f45ffa52a1380ab67e2dbddf83926d |
C:\Users\Admin\AppData\Local\Temp\cggq.exe
| MD5 | 618800e863ea3f48a412b0864ed80383 |
| SHA1 | 9b8aeb829290909be678c00b2acd2527cb87a09f |
| SHA256 | 01fed9765b0b6e7cdc3dc4e28e31c913936d4b8854bae1e1e344934e28324df9 |
| SHA512 | 30ddbb9d3e4f22f00768ee9b8ad4a6a589de42e1d470beadd7f0c880c812c0459033648ef2b3dca83123c9c039e5278eb09df92ddbeec1432bd34a8f453eecfa |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ElevatedAppWhite.png.exe
| MD5 | c3100250fc61e61a50213fd0e0cc5d49 |
| SHA1 | 3c47eae3452ecd94d745b4a0ba99d763665ccf09 |
| SHA256 | 4c2dc368691ae4af5c4ca432b162991bd7600421b3f7e0663f20b8fdcbc62c78 |
| SHA512 | a899926a9c6b8c893bf26061f92fd3546803b8f646300557157fd1e7ce2bab15f8cb5082ee8e511eb59cb9f3a80ecb8df5d1ebee4cf91905482475249623bf60 |
C:\Users\Admin\AppData\Local\Temp\Qkko.exe
| MD5 | 75f4f75781c486538ade61b4221df63a |
| SHA1 | e2048ae7447a76161c2797d3e9551d7e003f3a2e |
| SHA256 | e1d1769c4d4185ce0642014a7be9c723c550053ad6999aa282c51231d03653fb |
| SHA512 | 0bc9cb2e1900cb31cc70fe46e7c6a9dde71d3607b6977020c7c089e7a188d7e6d0a16c3a4595f385c04f0882e01e3ed14f5c41a394339904caae30bc1d277fd4 |
C:\Users\Admin\AppData\Local\Temp\Gogy.exe
| MD5 | 54af0b0a12b1bc5903a26519bc5f3085 |
| SHA1 | a06827cf12ee1e97d21d3b1cff8b5be59e400378 |
| SHA256 | 529bbd609ba28f3db6a1c89d57319b29d28c8cd83f007ab5a0ea51a942e8f6bc |
| SHA512 | b97ba06053ba0426d3f315a661b3f45ce18d2b3d86ee8ccd623af14d314492ddefca74a4a98d6cb733e278eddfc38434c501ca507d6a06846a6ef1755be0a733 |
C:\Users\Admin\AppData\Local\Temp\aQIY.exe
| MD5 | 4e8fe2f247a770333724795d5a207f8d |
| SHA1 | abdef1c671d3d48d224d9f5095c631492a9d8ef3 |
| SHA256 | 87b7dd98fe7bb5d1120bab8437117841d776c163b02fb2bee1e87e282a2d4d5a |
| SHA512 | 616597926ecf3303adf87032c0fc6a5ce093433d51365dde8aea43f78c16d46af7e05b002237e61ebe58bf1f25964dff2baa9c1e52d51b6bff4892b0bdce9d55 |
C:\Users\Admin\AppData\Local\Temp\sIcc.exe
| MD5 | b037f3ce87218c0449257fd49fddcb73 |
| SHA1 | 419c1fcf44167362a29fe9d7b25987629de50a73 |
| SHA256 | 6735c9c07406057d651ebe39b7b2328658c21056de83159cec1bb3ee6861689d |
| SHA512 | 23fcb52dbb34c08a1270c7bc704312f931e8eeaff10f2544bcbb2dfd9abe26df89f1b1f26ffb121a4ef27c9ebc766477a7a19f57c41992869b082907a2a2b553 |
C:\Users\Admin\AppData\Local\Temp\sggw.exe
| MD5 | 350de814fb6c4f024fbda148ab6c6bcf |
| SHA1 | c5bdfdc49b2c49aa38ce89e23cb310918564f833 |
| SHA256 | e47b22ce16eb8ac151c860b46206ca94e2695e794bdf6c9fed2e8fa38cd776bc |
| SHA512 | fae7f70992c58af715e2a824eeaf2e7e8ff2146f2bed7da7726a1af30814136dda7372791acd80d8c36545cb6008ebd5b72a14282e96d43f9695ae5134556548 |
C:\Users\Admin\AppData\Local\Temp\mwUe.exe
| MD5 | d0c7a7ed34c556a77d920bff5acd5d68 |
| SHA1 | c6b3377ba05133e624cdf14ab4ed4cf79f5b2676 |
| SHA256 | d090aa0a0577df4df5c47e2fa6b4b26a93c73851af93f50eea69744d78c4a17f |
| SHA512 | e23dd8955a47f43ba22ee8309636565438a02e9e86641067d6666cdd3967f61f080aa82d89bffd9b581a764cedcdfe5060333ec1b57742a1df3a11f014ffeb94 |
C:\Users\Admin\AppData\Local\Temp\ugUq.exe
| MD5 | d9d0f777db62a2c8091d8a37e6e55034 |
| SHA1 | 9e861170118930b916d513484aa71ec92ff0792a |
| SHA256 | fd975158414954beef7011c0aefb0dcc57c15390bf12aa77df53362a315a4987 |
| SHA512 | 6e0f1906e40ec7f40d9c4efb003f50c56e0165009da3b0e39adc68c69be6ece0c15b815d5e2f6da0d38480176d91bb292ad0a71bec2b201b81c8a3e04aa53bad |
C:\Users\Admin\AppData\Local\Temp\YYMG.exe
| MD5 | 28990519d34d85271c432e38f601497f |
| SHA1 | 567ddb423a517392a8cd1d790e40003862257012 |
| SHA256 | e857f9fb61b2deda80fb517ef38701fb274f731f83c0068e382d059e49fc1764 |
| SHA512 | 62ac33357d84d626852f050230f5525322fde783a6cf73a1b5a256215bc77dd25204feb4e51a2cfc74d60fd4e1bc842904fefd337fb4275ca43f66001f07f70e |
C:\Users\Admin\AppData\Local\Temp\qoIq.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Temp\ccoC.exe
| MD5 | 04c5b64619971df5e5e012b17e48f7c9 |
| SHA1 | 1a5428f7ac0692badeb5fa32c242742e6fd01bb9 |
| SHA256 | ec58f59290e3622e3e69ade0c63820e959c87b54f2272daa1417dab865227496 |
| SHA512 | 97b8042af962d633e1b7bc5466c7883eaab746dc65816cfe1cb3c6508c448865a9acb4471ee5b998c8ea6c81920f10c5dc0994b253f998950f7a3ad957c180ca |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\Warning.png.exe
| MD5 | ccb705442fc4fe5f4044b5785981e350 |
| SHA1 | 52496ca83db7060dc4baeecae345f9fe40bf3c45 |
| SHA256 | 056041ad229ec1cb234417aab673f8ba17383d68c97372fdcdff10a73c354325 |
| SHA512 | b2b9b0567a0e3e8fc5e66e9747016bdd864a522a0a6468511be3df2390caa714ba49793314209234242ea8c9274c8a5c4feab802b5b7e7a8c8589bf81a409e9d |
C:\Users\Admin\AppData\Local\Temp\skEQ.exe
| MD5 | cee0627e853230aff3d8a2d976b414c9 |
| SHA1 | f6be7d356cd939ee60bceaf32eebed98b8c40d47 |
| SHA256 | 27f71f79874297faa152d020fcbe8a1f342f09edb358c3896e718a5fba800756 |
| SHA512 | 684530220e0bcc6f1c98647420f2fc8bed96b17e55acd4adbc4b531acdf5fc65dd0d4834676a1da45c765f48166a83a26c37e31ba832f71f1fa79334b076ed73 |
C:\Users\Admin\AppData\Local\Temp\gocG.exe
| MD5 | 3c6608dab7bd1bb214b98d0d44d29a49 |
| SHA1 | 9b9f85447605d876a4eead220ae9d54032deae9a |
| SHA256 | 721e2117bf4d5bb0df5fcd55dfb0302c1bfb9d2cd0baf5a3b92287437299e1b8 |
| SHA512 | 49100e7054a52a250893aeb3ee50481303a70c2a7a42a7f51d8a15f20fd0f6b114c2d380f5364e6d6c5646ee8e612992268c696bb193e9cd7e1aced6b3422182 |
C:\Users\Admin\AppData\Local\Temp\SEYm.exe
| MD5 | b4948d93644e2c67b78a575c8300ffbd |
| SHA1 | 43cfa0c3811902741dca668a6263c4fe67d03dcc |
| SHA256 | f33461a5c2d13d3e83dae80f0d47f2a2a2f5f674f75ab59a623175f3a07e59a1 |
| SHA512 | 1450d377b239ae17b81f19eb85c7d579c0a08cbde03d8f5c2cdea1816ae5471b71f385c874bd652809aaa1b5f11663e53036d3eda84251f0575f3b2f71124487 |
C:\Users\Admin\AppData\Local\Temp\qscc.exe
| MD5 | d8a3e0fc8851bec306d020e885d63003 |
| SHA1 | a4acb6019f5103e1b2f7319bc44dcee67269e527 |
| SHA256 | 6f367a65749479aafb02ed8640fc90994ae3bd40294b509a6729e1fec9412946 |
| SHA512 | cc02f0af5ecfd0cfbf3e851555d64467e443338ecea733bcd372a442acc8231750f45d445d85188fedb1651e080d845129926647073cb2fa372af39a71040c61 |
C:\Users\Admin\AppData\Local\Temp\kwEY.exe
| MD5 | 22997fae015a3861d3492c3af8719692 |
| SHA1 | 7f1e436a0a935b2de30d087578e25b5e1e9336f8 |
| SHA256 | 0b2590807d539382528e860310d117fee576a692f86ea552bb32293d26b916fc |
| SHA512 | 2a700397ec05f5cc51391c8e431a096e27a204a00d157a35560767a69bd036d9421933602f3708660d926089710980fbb0b22833b6c196dd2f5e6fd43ed44334 |
C:\Users\Admin\AppData\Local\Temp\wIAq.exe
| MD5 | d1caa41e0aee33218bdd0bdd852ea33a |
| SHA1 | 7a12b5dc30dfa700fd2ef0a26ea80a1172416a10 |
| SHA256 | 800140dcb4271e83c3bce355aebca280c8f0f567c19956039e5e2c946cfb49ce |
| SHA512 | 5e5999b8ed56b7d8578398fe440779863eed8dba5c9cad35e54d47b9f8b952b3f39d168b9b76afd267711ddc7db13603a6d233d6fde848ad564ec643d9f79d5c |
C:\Users\Admin\AppData\Local\Temp\ioYI.exe
| MD5 | d02c9556a9c1b9cfdb886164fea7f7fd |
| SHA1 | 588c5c99ca436ab824d85989d401414fda517e8f |
| SHA256 | 7241413cbfbe65312e8c8f836db55250fe823d867dd16c694646cbbc43ed85f0 |
| SHA512 | 01314faff5493c462a4cdd0ec4437977f98eba44a3fb148f17ad976f3fd2e8c832677fa32cec6057da5120623251b4fb0d72cb6f4f4a65f60c5960f8e48ad363 |
C:\Users\Admin\AppData\Local\Temp\oUAO.exe
| MD5 | e8a65d72633c6c068e0c9cc0e68f3824 |
| SHA1 | 6b9ca8f78f0553135fb4982aa06b5f2b650be4c1 |
| SHA256 | 76ecdf0c254088ae79d13cacd104e8d8a636462ff4da6d6583c698fdbabc89ff |
| SHA512 | 436e6ac839c0885812c64556082e5cb1ab47d6ad78507bd0dbb60f0b08af887fcb82061ed7b449df4414d555a74732a508e3e0fa5e3711ada3efdb72c3fa7a43 |
C:\Users\Admin\AppData\Local\Temp\iwMW.exe
| MD5 | 0dcb925664361cd8bc0ce9fc51459255 |
| SHA1 | db5329ac74288d26153bc3ad34b987796121e57c |
| SHA256 | 64da5e391fb872554f659f1708d02ca5a523a9e4f01a2148869e3dba849f7fd5 |
| SHA512 | cdbf34d2f145b04e394ae11d4c8ebf1d34ff80138ff68993d929bc8451a9106719fa2c7b2f98255fc8e2215b9ad7306913229c634f540177babf3bf09357aa60 |
C:\Users\Admin\AppData\Local\Temp\ikwS.exe
| MD5 | 519a80f08342fd6d88d3d91fd6d7f45d |
| SHA1 | 5e0d05a64d70d0e9bcbb79e630b2f01aa6b38ef2 |
| SHA256 | 2808034aa2f12f56139d3553eac2656a7485f057a955943b314ee1c77e650c4a |
| SHA512 | f35187983da337b930ee1b271f6c3fc2aa2cb0204f9094af49a382a9b346a55770888cff3d21e0300eb4e59ab5a88144dcadfe0dda5e3a222f0bb31bb2025762 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\38975140460\tinytile.png.exe
| MD5 | 6e00606e9c256d1c472754a1984cbcec |
| SHA1 | 59e9c07a9781945a12ccad3dae19ebdfcd482411 |
| SHA256 | 07587d5fdd4c640c94fca29ccd8cd9446e36bdf5d79a8a036a423f0219e2a237 |
| SHA512 | f2a1fd3d3328902d6c8ae9a577599f7f7f55ec99ca2c60f3a3b4c4f6722c96968b3233540448d8ddac6b9cc8065f05ca0108bc82e473a16457ae90e8ce107f67 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\6501008900\squaretile.png.exe
| MD5 | 5af5c2bbf7f40653942e42d9d3bce0cb |
| SHA1 | 23970ca8deb41f784a7e46c86ab845cd3a8b4f7c |
| SHA256 | a326d2197832ad7ffd1aeb79e52e1625204b72c2f710629ec443b06127e620f9 |
| SHA512 | f87768a8e4464638d4feaf2ab48c39c2932dd689cd50bce358ddcae20751e8275d9a76a257d5b8fd2242270d166452c12d0c4023404005046f62caf83d5c6a68 |
C:\Users\Admin\AppData\Local\Temp\yYgc.exe
| MD5 | d7e8de379924b9a27830cc454848728f |
| SHA1 | beda73a15309812682ea69362eba070cb3725d3b |
| SHA256 | e8262ec9e845e99a31b35849db2bef741eb563dd70e048588ed59cbcd97aebcc |
| SHA512 | a81d6b42cb8cdd0991768d8d6814c268257a31888e173dc5c1cdcc04bfa0286f29c74dc6660b42248bd657d96fec286afc2b5d13a2ba2149bd1cd9b49abcc2c4 |
C:\Users\Admin\AppData\Local\Temp\gAsM.exe
| MD5 | bd728643d6bd2a76456e9f46c75bc61b |
| SHA1 | 5efa443ee24f39e308396726cdf5c25a10f989ae |
| SHA256 | 134d63261896ce9c4d18c106a28d8912afad11a44d0bd906ad89f692e6528b2b |
| SHA512 | 919d2478ee6c28ceb86253e43269a31c75d7224db6bdea81889adb9db14260f3b29b6f9156b243efd410d0c17dd33ac1463f1caa6b4d4cadf423a8b3a68d8ef8 |
C:\Users\Admin\AppData\Local\Temp\Wgky.exe
| MD5 | 828505f37916b85a7efd59d0eaab4dc3 |
| SHA1 | 15d640f2fa9b73a1127ef05b90679ff4cf0dd0ea |
| SHA256 | 166479f6e6bf77fcc3019ab35f9c944779f6419ed9702e98fc55bf40149fc775 |
| SHA512 | 9d569d8643f48036450e3f47d1420de44e232cbb12961c95027d2b93d305a8d984df12000b54d371f343ac976fb6aa1abcd7b1eacaf7884b7b24a0dda9550e6e |
C:\Users\Admin\AppData\Local\Temp\QEAU.exe
| MD5 | 2ec9f78a296bd711dc9f04b5850652c3 |
| SHA1 | e631c0bdef5d79c1b20da4c4c2eadc2bb6c53f7f |
| SHA256 | ec4c448bf68a4daba902d20f6b5791f7892bb0b1f450d3ae15c19bdb457422ad |
| SHA512 | 82475003cc46fabb93324914a38d0c888f0f0886849ea71f31c956424c4eed92a84b05e280379c8de2a3675013b0835a5f25381478de4ded0d6c5070cd591aa1 |
C:\Users\Admin\AppData\Local\Temp\KkIc.exe
| MD5 | a1411bf8a8c7757b63ef3011c06f470b |
| SHA1 | a1cfc844da25221ba659106562c9a506c4d51545 |
| SHA256 | a1a630f07351c4f2ed19d1ea695308075323556022e97329750eaf5523af2670 |
| SHA512 | 2e195d87e4a5f276dc85c01112f9dc0cd91734f35254884710570b82336c929a2cd4ca1cd0b6132be07a32d9981dfb1006036fbc5004947cd17788d31d1042cc |
C:\Users\Admin\AppData\Local\Temp\Ucwk.exe
| MD5 | dbd37facaf42a343a3b6de3f4f31e9cf |
| SHA1 | 481de7a6ddc2fe24c476d75f215e3414b3ec8613 |
| SHA256 | f105e494af4dc79ddddad32a74ee2f03b66d232644da3f5cf12da881e5292400 |
| SHA512 | 9e42863796e822618fe4dfeb45cc54d6960bad3a67f5ef4a7d8cccb593bb713e0881c468c487b42f1f960cef9c17688f26ee959e3162400320887b52380433ad |
C:\Users\Admin\Desktop\ConvertFromClose.png.exe
| MD5 | d29dff3fd555bd33eb4b595df7446fb2 |
| SHA1 | 12f3dc8889c30a371d75b860449ebd5f17b20992 |
| SHA256 | cab2f1303637195289523c9ba3d56c73f8947923f0ed2d405ae6e3b2b574a5a4 |
| SHA512 | 1cf433ec9b4e58561aa27064bcd491252df202d68480a283a9c6186a6392c515d0fe969fd42864e04a27b34d3e81f8cb599b9ba457c081965644753277fbec0d |
C:\Users\Admin\AppData\Local\Temp\woUw.exe
| MD5 | cb156aff467a202f3b4dadce41b2852b |
| SHA1 | 8f373caf297ef345f93382caaa982a50a0117c12 |
| SHA256 | 4b9e21f65af104f612e483dd45b9fdd4cf3cac762fc452f34a6e1bbf3d5d4f0b |
| SHA512 | 1b2bf7963b1f66409a4ad76f3f1e302ebc23006d99a5ba9cc4bb8c76d98c464279d400b21c6e439f7e8be31b47758644a826897987a0516402e5994bcc90c612 |
C:\Users\Admin\AppData\Local\Temp\ekYA.exe
| MD5 | cf86acb721271c199d21924ffc8ef472 |
| SHA1 | 1c0fbf300fb22cfd3766e3a7c66d858c67594d9a |
| SHA256 | 22861a5eab8d0235331247f634abf6a918056854677753c26c20b6b7fb20bd1a |
| SHA512 | aa6ae00664105002f1078f892b67f107936daa16f12b171054430bef8441a94976240b48cb907b34d0feb5e9a35781cdbc7da3b72b822dc52009463e14ca13fe |
C:\Users\Admin\AppData\Local\Temp\eMUk.exe
| MD5 | 60d4787ae698c87fe29b6570277818cc |
| SHA1 | a88d7cebfbaf05042a0c1fe832e999d89165fa44 |
| SHA256 | 3b5cc9383c27914903cc056fc9d006784aa412bb625f6052806ecefbe6d17b5c |
| SHA512 | 1d61fa7aaff697cb3aede62fd0dd8deb52bd89e1c278525a8e28655303a5b2875373133a36125099428d88dc7d2a84541a5abac69435ff14966f2f471ca4f496 |
C:\Users\Admin\AppData\Local\Temp\kAIQ.exe
| MD5 | 309f9db849b52e96d6a26eeb56854a78 |
| SHA1 | 4d93a59e239eaa04c24a216783d2c0d8c5dd01f6 |
| SHA256 | 4ebefe8efc1f90dbbb870f976b07a381bd36d3ef789dc72a902afe90941f357b |
| SHA512 | 329085aed9660aa1a98e80b6745f5a4d5dea2d699a9e77ca3624592eb0dc8c21b4b6b18df6077a3f570bcb03417d6134bdc77316891432033238c68cd80b79e8 |
C:\Users\Admin\AppData\Local\Temp\CAAU.exe
| MD5 | 738ff24cdf8192eaccb3e8682c667564 |
| SHA1 | 3df7eed1d7d084145d559db56a408fff2d129ca3 |
| SHA256 | 7fb7e0a3defca4ba7f209d006161ae2c33f192eea2e9dbddaeb12dd595cfba87 |
| SHA512 | 118f30bf97ac4bbade1e78d3cc7ecde563c78570bf1f213468f227b50714c1856d8006d3951da3514c43da7ee086734bbaf2ba7295a57215d2f53fc98d1ee31b |
C:\Users\Admin\AppData\Local\Temp\AQco.exe
| MD5 | 1845e564becfef2cc08ba6bd8546ec77 |
| SHA1 | 33de07e65312e59c6f01050b970018206dbcb9e3 |
| SHA256 | 41fed60c2f9061a3741b8bec641dad631748792655ca6ba6cc48871b2b8a2e55 |
| SHA512 | c7782eeec967134cfe2834d068dd9bd53a87f90ce8f2857515666411d1f1160eb3730fa2fbd59308a70e660d8af6fb6f194b4ce11c046000e3cf07ed0a3459d9 |
C:\Users\Admin\AppData\Local\Temp\kUIy.exe
| MD5 | 60c564148fcc85ed255bdd9a5bcfdca5 |
| SHA1 | 7b8901e08c3d3bb95821038d3f33b88dab95afdc |
| SHA256 | c1900f2aba4f52d232feefa8f31ec18fcd9c93a7e002636b52e136116197120c |
| SHA512 | 057db60c7e654df244639a1c0e1956bf44f8f53fd9c5e47661d1cee6a7a6242d2f98e59c082b4791bd4ff7aecc472ee001aebbd0982c4eb673c435de1beee193 |
C:\Users\Admin\AppData\Local\Temp\mAwS.exe
| MD5 | 584326174d0a03d83ebe90298564c85d |
| SHA1 | e87b7c259d71700ae2e71dac33a9af5c9aa1f2fb |
| SHA256 | 0f6368aa47e082ec3d91d71c86c11fab1b38894cb4f50ea211fb0e271aeee792 |
| SHA512 | 00deb3c666770249421a39af998d39a745c74f8b36faaf854c22e46d772a5e5d96dcb9db1ef585dda53d0e1d309ce2d198fb0f4b4486fb3f05f4551bdab0b216 |
C:\Users\Admin\AppData\Local\Temp\ywgO.ico
| MD5 | ace522945d3d0ff3b6d96abef56e1427 |
| SHA1 | d71140c9657fd1b0d6e4ab8484b6cfe544616201 |
| SHA256 | daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd |
| SHA512 | 8e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e |
C:\Users\Admin\AppData\Local\Temp\EoUU.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\OYAs.exe
| MD5 | c1bb59f151f25e49fe280cda6c5c305b |
| SHA1 | 9dc14849f9a31c116359c77ccbd5f27eaa765363 |
| SHA256 | 635543293094c6ac7956eb3cb79f8210cdd8c1967325f24c89398297b405377f |
| SHA512 | 541a026c2cf3a555510e22f267c5bc19b6bdafc0dd719528a931e588f7635f3c645d02566964818426d3a141ef44aa638c9b3c32d665df7c57766ccf72ea5c4b |
C:\Users\Admin\Downloads\UnprotectDisconnect.doc.exe
| MD5 | 95390ef5dc447c0329acd2abcea4c58d |
| SHA1 | 53142afc9334167c8bed3d4be2fb855b7677ba38 |
| SHA256 | 8a398d7e1a9cf6decc70a7c12b207152261249a1657963e9207d1454460b1521 |
| SHA512 | c7a3b9beeb29ea0372bd2fef260ef8d678b175b9f7cd78f2cb8466b51d981ec982ca27db9df01cae2fbdbc88731c6a37681a69895d487ed7c6781ed980e1aeee |
C:\Users\Admin\AppData\Local\Temp\wUYy.ico
| MD5 | 2d56d721c93caea6bd3552e7e6269d16 |
| SHA1 | a7f0d3d95a19f61d30b9e68b0dcee7c569249727 |
| SHA256 | f8e8be11d1062a945187b65fc5e5b1500bce03cbdbf6f4af9404b649aacc2aa3 |
| SHA512 | c01d86c43876fb8eeab79b72380a00f095d95c3047f530b777ca89d309e7bd797bf83857beab29527eddbbc491da3edd95ba343f6a0725cc565015f095cf0919 |
C:\Users\Admin\AppData\Local\Temp\UEES.exe
| MD5 | 3257ce7de2bb1a270b6f5cd0239972a9 |
| SHA1 | 4e7b1d3dd96ae1e801977ed55e171fb663412afe |
| SHA256 | 34a923e700ee378a6e4065b46e2625007283e4ea1a51cc8e7492c5568509a623 |
| SHA512 | 5bf1a26037f4b5e6a84f16627b01499756bea4c360fea3df659fbe12d71bf8d7a04164560cb8a56d5375bcaa38418354381239b3bd38084fa4feeb31c73b3ee7 |
C:\Users\Admin\AppData\Local\Temp\owcQ.exe
| MD5 | 36a3bc9199fbcb9d803f6e6dc204c2ff |
| SHA1 | e98cbbdff6ab8c3afd49a219b5beb7e425f1b27f |
| SHA256 | 8a2adcd3489a38bdcadb87a62f7d77d29ab7d8b546a8c76c25a0e421b435d81e |
| SHA512 | fb6bd2d301c480615169b92734ffde0c8f12add2725262858014585c1e0f0cbdb58920535128c82069632dc10ce1190e7ae56c99e0c0c55a71634a6152a26971 |
C:\Users\Admin\AppData\Local\Temp\aYkY.exe
| MD5 | d36ec7d836af6e34da9959d04dd6c4fd |
| SHA1 | 8427fa959b53c6910a93ba1458707a8a442c4a03 |
| SHA256 | a0e54076a03e9e586aa100aee58032c13671472e9ecbe0171ea3579245360571 |
| SHA512 | 9bf501835646f4af32f125156c2f7716be44330262c35ac4b5642abfc695e33eb37c2481c69aabde002a2036b24e3f617ef4f71121f686a75a2c47d06753914a |
C:\Users\Admin\AppData\Local\Temp\QEQQ.exe
| MD5 | 83aecbee32abe6f123d836a36ba167f8 |
| SHA1 | bb7582407c533b97cb82edd433fc30daef90cc30 |
| SHA256 | 9b1250af12800876d7010ea092f67f751b8d9d7ad4756ed691815c914d6b4989 |
| SHA512 | 41efde81325937ea396f95f826aff940ad0acd43831301a2f92e643d1dbe890cb0e92bcdebb8ec7d4f84dae140e8256442955aebd8cd025c9cf6891ff7bcba5f |
C:\Users\Admin\AppData\Local\Temp\kEEq.exe
| MD5 | 62d49b7e89b7617ecde0d658557b9818 |
| SHA1 | 3834b3e533254090d6522b0f13ad3ebd84cc1a2c |
| SHA256 | c9f5742fc00ede57128f688b88f6560b933aa4731b4872009ff221ed2395f232 |
| SHA512 | 546c61997966f3f4fc5cb94384e5dab3e5e00917c5ee43d7a458d53980dcdfa907767ac4d601a986421782760068073dd9f0ca0856cb9af4aa641ab5439e9b92 |
C:\Users\Admin\AppData\Local\Temp\cQco.exe
| MD5 | 2dfa2df500418ec66c13395ad1cfe0e8 |
| SHA1 | aaa9c2d6d2acb7d47819239326a8afe45ada70c1 |
| SHA256 | 09371533d9777e1369247f67a7c86e2e7481447098244ac2b04a8c00425d69e3 |
| SHA512 | d33976f4135997e513025ebbf53909b3c260f98a5895f05fd939cc70298edb0f2d5106a0373750023a9e99f32b7e407166e8469f4ca12c41f7f3c9bea3a5ec8f |
C:\Users\Admin\AppData\Local\Temp\eQwm.exe
| MD5 | 87af249aea5f7d41c023ebdec2d12f73 |
| SHA1 | 8060f7ec9d511d32bb18ca97478b8425b9c083cc |
| SHA256 | 90f25e8343b12c7db19bffb4f68acee8e3a3fdb744b743e80f6126dc0b8b01d2 |
| SHA512 | 3cd502be7b85fdad24d6d01dfd66e43d88af3822956fe0a208596d0719e2b2e3779bfe86573539b52ea2dbfaabc963632730c26658314400bc33621da50c82c3 |
C:\Users\Admin\AppData\Local\Temp\QkQE.exe
| MD5 | ac9debb81dfae34a3ae895aa087c48fb |
| SHA1 | d72bf33030134aabfe9a3a412616dc85b3229f33 |
| SHA256 | eafd9d73ea9f92ea162f6189554a41b3e44a5215b7d677d52c567d26a1c8c49e |
| SHA512 | 4d027c2c38343bf86c0e437dc384ac20258ab8afe217e1289e7a6e695d67bf88844541d2ed0d7ce4d606a1b00879c2504a5617da34b32884a2ba887f55313773 |
C:\Users\Admin\AppData\Local\Temp\uUQI.exe
| MD5 | 3a37561694e7008d607cae7aaa4e11f9 |
| SHA1 | 70d3d1061e7c395109664f6112a8a6e713b95350 |
| SHA256 | bed9cf7b0e842a75de523b3534e3269e78007c3ba18e2daf1548dce22d063718 |
| SHA512 | 9f8fdaa6a6c5df26c3c310c893a0d6b146a8262e38149f7e2ec9519711ab319633911c7202c6ce6214f09f84e58d81e1f06f287d6e22756041c09dc987484cca |
C:\Users\Admin\AppData\Local\Temp\Gogi.exe
| MD5 | 9719b261874a771d345871c083d3be27 |
| SHA1 | b487f07eac3e7c17090fe2287adf29a8140383f4 |
| SHA256 | 31bd8d65388822e772e2d5fcb6f1f3b4c32e4c844975b0b3d64179e0cbba8b2d |
| SHA512 | f28d10fcaedf047d620eed08c7052543611a2052a5bb99c5b446d10dffe6487523332b0745c48296e21b169582d48ac402fe4d96bd16c6b0dec2d562b0f6a8c5 |
C:\Users\Admin\AppData\Local\Temp\iAgQ.exe
| MD5 | b6919b1d95301bba0ed80c664d92d3a3 |
| SHA1 | a713d68952356f6fdd794e874467a4f7d31ffa59 |
| SHA256 | b1506bffbec512ccae36ff3083ef7964e2570bea7e53d84592e3d16ea84f5967 |
| SHA512 | a511770cd91c797662c4e160d519af46d58420912b52853a4d793fb85c945f69b80dfbddd21423e76caf65af1363d6c7a310ae52cf8feb3d15aa6bc4c7a43c5d |
C:\Users\Admin\AppData\Local\Temp\SMYa.exe
| MD5 | fa96ab2de1cae8de38f66b47dd3991a5 |
| SHA1 | c7b8ffd2a9327f36054eeeac3871bdcc7f2f7f47 |
| SHA256 | 0739b1bad29153b4da5a13f030e6cb1cf4641631a4ad9ad1df9a3986ba4313ad |
| SHA512 | aaac6b05de3423f594b0eea6fb05aa993279f41bad40cf1106148b58d86920d7d138ed69877e7d21a15c90f95b31f8bf67aac33dc51909961aadfe99c2d52d92 |
C:\Users\Admin\AppData\Local\Temp\oAUg.exe
| MD5 | 4cdb64274950318dbd3207aaf2fcf114 |
| SHA1 | 9da02b8673f111fe99b43d8c503c83e4f344facb |
| SHA256 | 64b5857c27ccf929c060874e0a5b76fdca5412e2c9407c521d6a5c90307f518a |
| SHA512 | 3c36c12dc824dc9904d634678280838bc29c5092e22f8cf03594d97770731f181bd76079b61c9f290483c926b025e58d9245454a1745087bf07933d1d748e2b6 |
C:\Users\Admin\AppData\Local\Temp\wsIi.exe
| MD5 | 1b50e480c747ee99e9171eb86cf199f0 |
| SHA1 | e763049f74da9f16a723358afe9839a9cefdd65c |
| SHA256 | cfd2ed4f554e8331614046f2bd3b7383703a421c11ff1ee84cf7180b065232cd |
| SHA512 | 9c6f20677348ba56c921acc329b5ff9af49bbbb22a4041571b5d8239a87e7eebca7a3580c6b83377fca75f6af7d7c2306099be94b5f00b2f98b527c437589687 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-20 01:54
Reported
2024-10-20 01:57
Platform
win7-20240903-en
Max time kernel
150s
Max time network
121s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (59) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\OYQogEkM\HmgQQcMU.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\OYQogEkM\HmgQQcMU.exe | N/A |
| N/A | N/A | C:\ProgramData\kqoQkIMM\sUUIsoUw.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\sUUIsoUw.exe = "C:\\ProgramData\\kqoQkIMM\\sUUIsoUw.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\HmgQQcMU.exe = "C:\\Users\\Admin\\OYQogEkM\\HmgQQcMU.exe" | C:\Users\Admin\OYQogEkM\HmgQQcMU.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\sUUIsoUw.exe = "C:\\ProgramData\\kqoQkIMM\\sUUIsoUw.exe" | C:\ProgramData\kqoQkIMM\sUUIsoUw.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\HmgQQcMU.exe = "C:\\Users\\Admin\\OYQogEkM\\HmgQQcMU.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico | C:\Users\Admin\OYQogEkM\HmgQQcMU.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\OYQogEkM\HmgQQcMU.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\OYQogEkM\HmgQQcMU.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe"
C:\Users\Admin\OYQogEkM\HmgQQcMU.exe
"C:\Users\Admin\OYQogEkM\HmgQQcMU.exe"
C:\ProgramData\kqoQkIMM\sUUIsoUw.exe
"C:\ProgramData\kqoQkIMM\sUUIsoUw.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\Eqkcwgwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sigcMosU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dOAMsUYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hWAkcQcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vOIgcsAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ngAYswIs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wMYokkMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AGMoUMgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EMEUgocI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YIMowUEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vYQkcMAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pmcooUQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RWQgUkIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PcUMkgoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\okoIwUcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uwkUooIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yYYssswQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QAckwggE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vsAAEIwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\puUcYgIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nyYMoIUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tqsIcgMI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QEUEUwAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sWkQogEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OuwcMEsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WKUkUckE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FKgkYQAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RqUUAAcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TCQkwoYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JQIQwgcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cecQYEAI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EOgAgAAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UMoYoooM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ciYAcUoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fEIsoskE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NqQUwQgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rwYsUocY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NyEsMccY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WckoQMkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uCQQYwAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kKssgQYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eisgIkoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zSkUEQMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xYsQsoEA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hokUcsAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FWgMIEQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mwgIksYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gMgAUwoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YqQAIcwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\smMYwckI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zoYAIAIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LgwcYwMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\puAUwQYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\deYAocgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SqYkcsAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sUscIoAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ckooogoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UqUQUEUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BwIIAUsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\Zqskokgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xiwIkoEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KEEoQYUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qqMoYggI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wuUoYAYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mSQIQAUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qsscEQQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nuYEccIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\niowQsYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\newkgksk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XmgwsgsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sWYksQcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\akIUwccY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SQEQcQoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\naEwsQIA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rUIgIYck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FigwwsoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zeEEgAAg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UaogIoEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MyAgMIgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gQAIQEcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CCgUEAcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XuAkkEgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XmYggYwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tKcEEEwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bCIccUko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sYAwkosc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sQAYoUwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iasIAAkQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EgoIQsow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xcwMcAMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "561103393-299229983539259278-3998386921538848667477778704-671497523-1055925525"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\taksckkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ZGgooEQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BowooQYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uSIsMogc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "819731805-1296504296-14507877331150779537-2112967438-11396398319667714821748522836"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iOgYEQQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OwIgkIMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ISoEcoMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PeAYIwQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hiMAsQco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-406146649-1938949108-146542210165262343914798403781628776481-1541533103-1951217053"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VsEoksAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AaEsQYUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "11917442561799197005-2521787431489477445-117351719010368953911215110199-781429629"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mucYMoUQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EuMIAUwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "589424482285265279-157150677-9512960145716563851851562388113162701942135659"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cOwIgsQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oYwokgkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-9550302041020915312-18786761681327874692-138762938018229935461835214435-708210531"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fSIcIYkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BccEEYIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PWQIUoAw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\wbem\WMIADAP.EXE
wmiadap.exe /F /T /R
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fsgUMowI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "694532512-965912994626378249-143228986610403123171749335940659905586946298646"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KSgIAsQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-13396363051990574902-50544158975373465516960628114059255231172756043-1454767601"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uAoowgQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ikIIsUYA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uSUwEUgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jSMkswgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JKQkIkUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tsIwoMQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\pGAEwsYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EKwgYEko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\esAccYoY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oeIoQEww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AKwAYMoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NgEIwMcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PkEMQQUw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nqsIAQYc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LCAYwskc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EuMMskAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UmkwMAwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.169.14:80 | google.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 172.217.169.14:80 | google.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/2736-0-0x0000000000400000-0x000000000043B000-memory.dmp
\Users\Admin\OYQogEkM\HmgQQcMU.exe
| MD5 | a9927942ec7beb451534757f90b94a79 |
| SHA1 | 7d08ad874a413201dde61fb4879311eb0fec3449 |
| SHA256 | 92f5f55d8f819ebee19e3e433a2f40bd9ae7c26c671404cb2bb1f8a19153a055 |
| SHA512 | 726a35ac9c258f42faf7d05f91e91d02a7028a88418e7539eb7ec6ac1f4f8305f3aeb05cb410fe09e6c91a7ab412b24de2978bbba7aeda59b76d83b7bf6ed456 |
memory/2968-14-0x0000000000400000-0x0000000000434000-memory.dmp
memory/2648-31-0x0000000000400000-0x0000000000431000-memory.dmp
C:\ProgramData\kqoQkIMM\sUUIsoUw.exe
| MD5 | ab02a10c3778364274dd64264000603a |
| SHA1 | d2b2b5b69940aba2649d143b14e688f793e81b69 |
| SHA256 | 6be8e75efdd49c1d71508bd9de999c3ddae29eb302fa12460f6b39da12ba9af8 |
| SHA512 | 7bce76c6c7581f23662a6c8e55ce1c289c7d938ce8ac17f833ff90d85369b4d68339fb611bdb28c2ea0516fa630b322f04835ab87ea6b61e9dca1b038505dbd8 |
memory/2736-13-0x0000000000470000-0x00000000004A4000-memory.dmp
memory/2736-12-0x0000000000470000-0x00000000004A4000-memory.dmp
memory/2736-40-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2584-42-0x00000000001B0000-0x00000000001EB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Eqkcwgwo.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
memory/2584-41-0x00000000001B0000-0x00000000001EB000-memory.dmp
memory/2736-29-0x0000000000470000-0x00000000004A1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MMEgYoEQ.bat
| MD5 | df4c7d0ce8c50caa8d6d0078c0d1b961 |
| SHA1 | f2c4651eba89d76740b229b057c31b43ec683c7c |
| SHA256 | c5ed23cedf39a2e1b5d7359df7d25c1d680f370eb22519288456f92a1f8ed839 |
| SHA512 | d0c225d35b6dea974d5f8c9f3e481abf061f3e4e2c6dc544477eb1bf4b9405c86f717cef5ac2b00cb0480c71510383c05a74d51e21e6291f420a98b925b08396 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\MQAAUkcg.bat
| MD5 | 313657a357db14028bd1f86804187ba2 |
| SHA1 | 046d10bc176344a7f9bd79fb53b3269622ef8ca3 |
| SHA256 | 76084588e269b4e8871b6002f4e6810709e9a803250ebfcbf784364abbb77409 |
| SHA512 | c62b0ca01b6fab713b7a87d7fc97a09e5b19b48264b427e0f3ac7c1d5da2ff4dc890144038efa23d152d17d0d099d5b575034cb79a795c37aae21faafb4be852 |
C:\Users\Admin\AppData\Local\Temp\2024-10-20_81ab65298a81d207d0561795301cbc83_virlock
| MD5 | a51464e41d75b2aa2b00ca31ea2ce7eb |
| SHA1 | 5b94362ac6a23c5aba706e8bfd11a5d8bab6097d |
| SHA256 | 16d5506b6663085b1acd80644ffa5363c158e390da67ed31298b85ddf0ad353f |
| SHA512 | b2a09d52c211e7100e3e68d88c13394c64f23bf2ec3ca25b109ffb1e1a96a054f0e0d25d2f2a0c2145616eabc88c51d63023cef5faa7b49129d020f67ab0b1ff |
memory/2700-65-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2888-67-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2304-66-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zIAAMgMI.bat
| MD5 | 143f666e0c5388f7f07478a3b01ed509 |
| SHA1 | e2495ba7922130f84570a8f8fcf5e3acf8dc9891 |
| SHA256 | 6480552883941fa2a752784e60f3cc7a884bd744ebf5674d2e4bbabe2a23db0b |
| SHA512 | d102094ce01d6b0b3c387b74ac83f01804366240a6af33b29973524f023093b73c5f35a313c2ddcd8066a4705ec2ea4c218225d3020cb0b6705d0413da517be7 |
memory/1752-81-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1192-80-0x00000000000F0000-0x000000000012B000-memory.dmp
memory/2888-90-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\xqEEMwQM.bat
| MD5 | f5c8978df4f5605921b863a0e77c59b8 |
| SHA1 | 5ffcb12e037bd8b0d25432b62849473fe7502621 |
| SHA256 | 605a4c97f5b9e326383009c93db1b7c36d79135c531c102f83b03b51c60e7dbf |
| SHA512 | f32b82421b03da9c121ee5a344c72161d2183c6439f165e808ba169d8f1cd823e9bae717e5ead939c19e8a5d7b3d8b97d1ad2c4ee3c581c311046fa6b43af569 |
memory/1088-104-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1716-103-0x0000000000160000-0x000000000019B000-memory.dmp
memory/1752-113-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FaUocQUw.bat
| MD5 | e14b6f1b925f96ef54e4f2498bd1b8c3 |
| SHA1 | 6973f626f1fc36dc2a195138ea0552fbfeabe3b6 |
| SHA256 | 7af3a8c3d0d2765fe5ab8ff3e0587deb80212ba12f22c203185ff0d3fdd4e693 |
| SHA512 | 9aafe9681a1c2349ac57c35c99b6ca9e3f41c81cf970aa8f346e34241f191cc69008d514e834d818a0e26d9954f324337e21de1f5b95ed849eae9c2dff674f80 |
memory/1480-126-0x0000000000120000-0x000000000015B000-memory.dmp
memory/1088-135-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RCwIcAYo.bat
| MD5 | 0aaf2248a1f8e8c9e3971e12e7a324ed |
| SHA1 | 48900fbff14b5a1a93217abb3b933c9949ace31e |
| SHA256 | ccf7cba079dd1679ed6c180c2d9853e8d5464822e334f070fe68afba7dc0003a |
| SHA512 | 3e4826b08ca56d7e371efb6fd10d6016865b70b6db08da7048dc814fa0d2ac843361ec4978959b5a13fdd6f3d6268d2f5e9269f2811f1eb4e49060fdd6a45a8a |
memory/2188-150-0x00000000002A0000-0x00000000002DB000-memory.dmp
memory/276-159-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AgwkgUUo.bat
| MD5 | 47a96d5dcfdeea2653b52681ada947c5 |
| SHA1 | ecaf79ae45df2520fbf55234f4f3c466b75b9fbd |
| SHA256 | 7d945f1a126be4a6154d5251ef58e00f89fdb77402a3e48b33110053a7c1d8ab |
| SHA512 | accffd0efbeff61e241f123e965e27a5ece9d726903aa751040ea834faeaa11f15275b4c3f6a002adfeb89b19b6fc7c597d0a46538b2e2d0eb313e37062aa6d7 |
memory/2704-173-0x0000000000120000-0x000000000015B000-memory.dmp
memory/332-174-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2704-172-0x0000000000120000-0x000000000015B000-memory.dmp
memory/1684-183-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AsIkcQAk.bat
| MD5 | 5bea305450f05c86a80f76690e53f3b8 |
| SHA1 | 4841780dd7cc870cffccbf10a19bec638f401469 |
| SHA256 | 2d3ae0a30a2a0066403c8bac73adfd031c7188e98b332466e63e2dd7c1d4db3f |
| SHA512 | 613160bbb2d2f1a504fc083da45f9f1db990e3c75e11ba52165a5969a4835d368b3d4ad817093a99416e1d973181302976fccf52bb5b83fd0407c976298d22e1 |
memory/332-204-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qwMkQUoM.bat
| MD5 | 7516eecbdbaa1c40ffb389eaaaa98e32 |
| SHA1 | cff65f96d2aae6b598f62f17403013ddffc363c2 |
| SHA256 | 16446e8b0449c7c30146ab699cbff22dcc6746524c0ba42e7a50bd74935a0a04 |
| SHA512 | 16efd36b1477a5b6bd89a8c5237e4ce615f4c02db679c3821bca906e0993671227e8669d1363e4270403bfadde72fd727fef68d62afbc2a0e296c7edb13eaef6 |
memory/1704-217-0x0000000000120000-0x000000000015B000-memory.dmp
memory/2620-226-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MKQQkUkQ.bat
| MD5 | 7fb68d58418d6bb2aa05aa6aedee6439 |
| SHA1 | 0b112e90a3122901804f3c73910bc8b693826cef |
| SHA256 | ff128a04b42bd9b95c776d326e0eda505268d71ab7c88f61bb23f2bbed5eabdf |
| SHA512 | 5185710d53bcad10fca0db06590592838e8b49e48e8db04e1e0669bf3d759e74dffb61b951ef7c535c349969bb33726afdafbded8eb824c82d4b8029701dc4b0 |
memory/2976-252-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1692-244-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2176-243-0x0000000000190000-0x00000000001CB000-memory.dmp
memory/2176-242-0x0000000000190000-0x00000000001CB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\NkIEsgYU.bat
| MD5 | 0094a0061119a17cceebb578a4cf2620 |
| SHA1 | 8b59252e82b07db01823b0152dd68eb28c626c73 |
| SHA256 | 9bf409fa1abd894a86d33c86bcf3f550df0c21a41ff0fc371cd6bd6e7538117b |
| SHA512 | 2ebcc77692c8fd47bd6c253c56025d42683e5d422aa57672f80468ab855f6822594eed24d59dd03a06fce616786975eee0f0e5428057f4e22ffac0ad3cdc6fb8 |
memory/1692-273-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\VeYoYcMY.bat
| MD5 | 924555f3c2b1f8b91140164b2e5244ab |
| SHA1 | ae03dfd4e102a14ede365c0670d5d575f7077379 |
| SHA256 | 8bd5d626da5dada72860f29cb366e9513ce82fc1e6225de4e53eacda0e726fff |
| SHA512 | 712d3ee4c0698392d994702f62dc670f820c0d7139eae18d0b58f69d9c6145308a64ba7b0bb0887e949a5fdeeabd8388d7fd71f4ccb2c9ac2ed4b7a35dffb9cc |
memory/1956-294-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2572-296-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1960-295-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lMUkcgss.bat
| MD5 | bc51dd0da81d4a7295c30da7cb29a662 |
| SHA1 | b42253f6c5753776974083d38538f3370cc5bfd6 |
| SHA256 | c137648f21c2a0956b85d375d439f6f35a7c39dd2dcc99ac8a28e6e72682a185 |
| SHA512 | 40a714adfb63c847ad17375bc242d1d8da342393429565e5113893ab73d12ccc32d66245159045d3d10c20c69c0c37397990de83e9e26ba1691ed52d12bfe0eb |
memory/2700-309-0x00000000001A0000-0x00000000001DB000-memory.dmp
memory/3064-310-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2572-319-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\LMIIksAg.bat
| MD5 | 2c1c5e758d3e3138cd3f4f887e7772ad |
| SHA1 | e3e23316e4e27bf8140c42ef550aa0b30dd56e13 |
| SHA256 | 7a9b39910c0cc7f261434fe20be0dbbfaa571597dc048132e9205693091aba8b |
| SHA512 | 9ac7a7a1b2076e5b4d6c4b68fbed2c512e86adad2864506ac55918a6ed98d4cadb2e2bca131d6a3a7ed949ebb7debdb4f6f9183781ce6ca455d174aa880df8bc |
memory/2832-333-0x0000000000260000-0x000000000029B000-memory.dmp
memory/1736-334-0x0000000000400000-0x000000000043B000-memory.dmp
memory/3064-344-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\bYUkswII.bat
| MD5 | 98272fcf3bb492f69d23c9176864e3f1 |
| SHA1 | c890f337100c4fff9806cb128594975201a24223 |
| SHA256 | 87042ffdf99d6fe64ef1683d6c2dd7a6b828d3b78a5fc452b8448d64ca5fac1c |
| SHA512 | afb9decbb63113aa1d604395355fa564f284410b6157f2c98f5417870e7863b768a8ad971f440a6559684d24ca71a718ec509a01618ead1d359827548ef0e01e |
memory/2160-357-0x0000000000120000-0x000000000015B000-memory.dmp
memory/1736-366-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WmYcUUMI.bat
| MD5 | 1cd5bfe24fe3f7c8473ab5491cd5dca4 |
| SHA1 | cc8ec5807b4386541c1d0c6469c41a170229375d |
| SHA256 | 65c21f90a922991ce151d7fea3f13c506894985dc7985e4681703b9305d8de95 |
| SHA512 | a6c93685b20edc766d74518754ee745743efae561118a837ac44a143ec023a781977e091ea68bb79e242e89576a27944cc083f331730e308ea2d46d794966464 |
memory/1164-379-0x0000000000160000-0x000000000019B000-memory.dmp
memory/2392-388-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\iSQYMEwk.bat
| MD5 | fc22b8f65657194e7898d5db79a9e87e |
| SHA1 | b665ed7186be5adfbc8c82b689a27c74d62683c5 |
| SHA256 | 5978711e99c4b39db751febfd41ade42383b5e0d0230652d026fd4a23bb821ac |
| SHA512 | 2c76477b178ae70cd2d5420be0216ace4beaee1d74fbf52b758b179afccd24caf079491ab2781553dd891f558731fc519db6d0e968539c62baec9309afc5af2a |
memory/2208-409-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\usckowoc.bat
| MD5 | 3bd8d384dde98538b245f264423e08f3 |
| SHA1 | 95ba353019277ac0ff543f15d9d365cd69556210 |
| SHA256 | 4c5aa4c46b1769ae5b8ec8f2ceeadc065a444af4392694eb7072689d986fdf1c |
| SHA512 | 6f9e2aa7a53d7d1ef84d519e02397bf897b68eff584aec55feceff727cf2e903b44664dd061628592bc506bb16428732707f89d4c2be8a1cb67cb7f615711c7f |
memory/2672-424-0x00000000002E0000-0x000000000031B000-memory.dmp
memory/1140-433-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\dwcYUUkQ.bat
| MD5 | 7cc5561a564636588ed1e00efa0c0a90 |
| SHA1 | 7e002dd3146e4354d8490ba364d7b2f7180eeab7 |
| SHA256 | 078bd68e546038d8567171ca96c23b776ea49163b58962c4b4afc9174b27fa65 |
| SHA512 | da3e55869f87a282ff877b576878971ba1728e7f5f0b478568e6f359d12bef4693b3c039593bc11f9db504282afee1e14ebf619fcd5e5cd8411ec1ae2fc96dab |
memory/2772-446-0x00000000001F0000-0x000000000022B000-memory.dmp
memory/572-455-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\hsYQIscs.bat
| MD5 | 4e70241f67b58a6c72e75718636a535b |
| SHA1 | 4f51f6e372d2de474a972021962584593dad1f08 |
| SHA256 | a6e7d050b9253d148e06944ea49467bf36a4900671aa00219aa641388e222c8d |
| SHA512 | 994b54c2aedb933384fb4c20c2c73462f7d38101fe7d41ede233468e7b49991a6bc38123e5cb7f4e775d5b48fd2b9b8fd9fca94e25c4237d771f069856b9959d |
memory/2748-476-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\dKokgwUI.bat
| MD5 | c0b5389e7de511746b6b84add949638d |
| SHA1 | e73f527be1a5b29a413e3051a0e1380aa3c1b357 |
| SHA256 | 36e077812a635c1586b2371180c67acb46e49f8e15e217994606ecbd8387098f |
| SHA512 | 730c1d86bbf5b98a28d9c5496b0fc511c5f522142904459a64ab9965a9e7981b4448bb9042d54abb37b5b1a6ebfeedd8d2c795c17b6b140802338025dfa23534 |
memory/2620-495-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BioEIgwc.bat
| MD5 | 6ea5c999d867276986131ba5e2a27411 |
| SHA1 | 7942d5e52e1431a8cdb5f22c791fa680a4e00380 |
| SHA256 | 8a34ed1bc24b2859b26d188b026e4d9545d78a16e2e58ed833ea1d1804566c8e |
| SHA512 | 254bf93e1c02d90f84d169483f0fe91c153e9c606060b4a751fc0c73a0291b94fee458a1037413989108c86a01371be86be8b1249a7347ccafc8f1e8b783c645 |
memory/1888-508-0x0000000000130000-0x000000000016B000-memory.dmp
memory/2192-517-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qUYMYkYs.bat
| MD5 | bb0375a2901950e1b5a738b6bb7ab46e |
| SHA1 | fd448b3653be31defc3c16e1031501689d077b8b |
| SHA256 | 5de83bd2264c8813f266c2161074bafdc32cc4ce79e9d154b090a124b582fcf9 |
| SHA512 | 50f444cb6a7dc0ff0c8387e38b88149aa176cc40be1d8cf762088676c161baa0b04068e6f1462eae3b73b7b8ef4353af84f48fc7328c71377e92be889bf30aee |
memory/1256-527-0x00000000005C0000-0x00000000005FB000-memory.dmp
memory/2588-528-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1316-537-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KSsAgIog.bat
| MD5 | eadb3ea2f040d0397f1966b63add2b99 |
| SHA1 | c13bc6019b5ee51187f39fd37d4a9b645451956e |
| SHA256 | 4e00611dc9151ec9bd99cf423ff8f07ac9eade75b2cf2412178204de7e08cf49 |
| SHA512 | 8ca74562fd8c77c410adcf57f0aeb333786a1ef864724aecd1160ad400f71a25759e4d2acc297bf542bc6a6762aa665d22106a279f1c383b0c800be556f3b1cb |
memory/2124-547-0x0000000000120000-0x000000000015B000-memory.dmp
memory/2588-556-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\icMgYUww.bat
| MD5 | cc593fa8e02ef1bc70ad3dbeabb6ad04 |
| SHA1 | 171e6184873c227f38005f1b30d53cfac493b48b |
| SHA256 | 91d07d61e430164057a41d30647181441f39a59f03dafa2f6a220b3644c6a2f3 |
| SHA512 | a702e1175045de4d732ab96b03fa54c19be52241cab7dcd75ddfc6cff160dadcf628bc5e8357913934dcb760b94d689d0d0e70aa29aa59b7ec3f28f926ec99f7 |
memory/3012-574-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gqoQYgww.bat
| MD5 | a39c350d8a4cef7568f509fbf7d6a870 |
| SHA1 | 745dea978968c2ad68a96393f233bd5bc2fcba7c |
| SHA256 | 1dc504d9a56062b6ed56f6d470ce079b1bdd1b1d28f134dfa62ca6f6343afa30 |
| SHA512 | 810549e8d233a2aa4b8e3e3d6b2636b6c01cd4ca8ca71545b202096643e466d0f3d0dcfbf8dfdc473d1cfdd174ec4c46820989399ed0fce25ac1f60056b1d6b1 |
memory/2988-585-0x00000000003A0000-0x00000000003DB000-memory.dmp
memory/2292-594-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\imYwUQYk.bat
| MD5 | 6dc89d75fa919efc64a5688bf543586c |
| SHA1 | 79027df87dd3fac2cd7971b320e50525e02ce7a6 |
| SHA256 | d3dde73eb3e2a606a004e7508dff266697c37293e5facf19e62c14ab4efacdc6 |
| SHA512 | 832bf6df16b01404e5ed1e58a2e9686cbbc95017a8c653dfd14a876eaa949f731443a38292aa888f5c618206426757789ba554b63a7ed55d5518b98bd10f9014 |
memory/2356-605-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1864-614-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\HoAQooQQ.bat
| MD5 | 816b1bb5ae2e1f7188c640a7e95309b8 |
| SHA1 | e0141c9cecae4546057b506f2c08609ec2590ee0 |
| SHA256 | 17dbca42e5b2d458752d65a4a8400c3168d4133411e9f42f42f35c7324c45da3 |
| SHA512 | fcf9605663359657fc56cc63736867dbc822fe8d321c544fdcbb6addaa92fed5865c380c2103b0549422e8ad8fe2f879e4e80982847828c47c78645c19db0854 |
memory/2968-625-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1720-626-0x0000000000400000-0x000000000043B000-memory.dmp
memory/568-624-0x0000000000280000-0x00000000002BB000-memory.dmp
memory/2216-635-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\bGAsIUAo.bat
| MD5 | 1d675431955d94584abb1e683c79d0d6 |
| SHA1 | b8e47b42e5a8a7afd9a838370d946021d696f25b |
| SHA256 | dc7ca25d5bafe31525d0e2245b06d87e1fdc40b613980456a6ca03e54fe77e81 |
| SHA512 | 992aa01faf3b21ffb8df9643cd2c07be593528555a2fae3196f379edcc57adb275fb046fefa7877049165802df7c0472cbf8ed081db0acaad17ee5b445bb7f9c |
memory/1888-646-0x0000000000270000-0x00000000002AB000-memory.dmp
memory/2648-645-0x0000000000400000-0x0000000000431000-memory.dmp
memory/1720-655-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\HmsQggks.bat
| MD5 | ba092d5f788973d9aa06d0f6c7d9590d |
| SHA1 | 039ea4e1e8b8bf84496c3fde0a39e56a4f9b950d |
| SHA256 | b9ab11f1532dc63d395a245f9232d79e61b26798113e2b6faf84b605b18061c5 |
| SHA512 | fc22bea077b443bb038ffe93811009d5233397a3bf60a2cfaa0e8997ea0810187a8d42c82940279672467d8849467f20d614beb906a28eb90ae9dccd91e9078b |
C:\Users\Admin\AppData\Local\Temp\CEsY.exe
| MD5 | c5c3cb9f72647ec579b6bc3fc5b0fdc1 |
| SHA1 | 48d7f2ca47f3c576bc2142daf52c8463bd984ac6 |
| SHA256 | 4674bd2f996deb004ea6c5abb8df7057f7fd44bc9b03f9195f738ab8420da463 |
| SHA512 | b287bbc077f51fb679905e0cdb4772f02ed90f46478e2e0f319108b7523ba8936ee131c15007b81af469f02258f2d2dc7a973f80960e375e0f2944b24c213fe6 |
memory/1004-683-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1456-682-0x0000000002270000-0x00000000022AB000-memory.dmp
memory/1456-681-0x0000000002270000-0x00000000022AB000-memory.dmp
memory/484-692-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OKoYUMgc.bat
| MD5 | a8c94a2952098082c1a40ca45ac7c2b4 |
| SHA1 | 0f0702c2c080e0e95583a845d922a1df61eff8f3 |
| SHA256 | 04c5e632d59cc903efd1dfd45766a21fb0af1c0a732a104eac0822e42bde4b83 |
| SHA512 | c2f835398ee0ac5cf5eb65f69ef9b57c26adc321359049a740d42dce0cd309fc39da9a62dc649b1f77abc0e160e87c085258da4866a9ff0eed10504765fde838 |
memory/3064-704-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2276-703-0x0000000000420000-0x000000000045B000-memory.dmp
memory/2276-702-0x0000000000420000-0x000000000045B000-memory.dmp
memory/1004-713-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EYYEgcIM.bat
| MD5 | b18c36dde6b6877063f3f7c5bc51b9a0 |
| SHA1 | b7946453649af96e999206b3207d5431c8fde9f4 |
| SHA256 | 5c4078b5866d465b09b8844f636ab90cd0699ae2f1a5550d8a0aaac6bb452fa0 |
| SHA512 | c9590c838f246acff387432fc5547b5301a6f54445b6977b76356c0a11a5a6da0ab7ba840d16c6f8d966b8faff2b30b90615808e7544d3696881d6189cf87d33 |
memory/1736-723-0x0000000000120000-0x000000000015B000-memory.dmp
memory/3064-732-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CSIQckQE.bat
| MD5 | f14bf373d6ecc126164b78233cc4bb42 |
| SHA1 | 0efc41eb63b9a7e6c95268c490fca3c8f4c1c942 |
| SHA256 | f79d10f7c33bedc94e9291ad13f2707a60f6dec397e8ed1688f9aa18b21abe78 |
| SHA512 | 6a2cba341a0750115416d2b25447a33feebe9e60d8785b67aef302e6a24ad751bbf1425613a73c153d43a81699a915db0dec32511ff7eb3fbcc4d0662971b098 |
memory/2440-742-0x0000000000400000-0x000000000043B000-memory.dmp
memory/2508-751-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ogkUkQYY.bat
| MD5 | d478f548fe4c3374286cc24940d7b3f6 |
| SHA1 | b24d5999594c6c530032e47abc91b1527fc1a59e |
| SHA256 | beabdf338a5f3f3a809f242e6047b439824bfb2ad940e9059eb2990e25757cb3 |
| SHA512 | b3586baaab8ceb4f69dde6182b7ca5a995b99a4374f905bf2854810d7d6bee815aa9dffbee43ea6aa7f2c700f78c15719253ee24c11b5a7607e79657e9dc104b |
memory/2244-764-0x0000000000400000-0x000000000043B000-memory.dmp
memory/1528-763-0x0000000002260000-0x000000000229B000-memory.dmp
memory/1528-762-0x0000000002260000-0x000000000229B000-memory.dmp
memory/1668-774-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\LGIUYggg.bat
| MD5 | 0b23a1cd0aa4dc3a6ec982fb8a6cc492 |
| SHA1 | 53390cc4e07b3734add222a1318628865a438af3 |
| SHA256 | e405ba1de7ba87735a9d4989a5c3ee26ac51abcef99313fdafbf3cd962df0038 |
| SHA512 | 5d1beaf7e695cd5dadb9335bc6c479a4fb4cfd200dc09b1c80b87da7ad25732212bbd0ddc364c44526985b4dd4fee8e1e54da998e1507918b2cb2eec538160ff |
memory/1956-784-0x0000000000120000-0x000000000015B000-memory.dmp
memory/2244-793-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsUIQkEM.bat
| MD5 | 7d278eec17b5df903b07362db7b82b24 |
| SHA1 | da38d301c1c52327521db69926754ae269c3b5d8 |
| SHA256 | f449e795f11b0699ee6f570eb0eef074738f80aab5d8630f3d1c55abaac5fcd2 |
| SHA512 | 2993e2e81785894de91bb8cd8358ea4625b4aa664bbf463930b9637de4da8313941425d86f8480429d4705359c63bf5fe611ca90fbca5ed8ac05fc18f5697309 |
memory/1888-803-0x0000000000130000-0x000000000016B000-memory.dmp
memory/1580-812-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\dckkoYoI.bat
| MD5 | aff12091b41037e7b76e5531f45a4152 |
| SHA1 | 179d5df33438c66ff2bf5c4517ec5ea53d7573c1 |
| SHA256 | 987b670a6738966a04439da0953366a047d76ad477cda0a7e61cb2c8d84de270 |
| SHA512 | bea9fd5b8772c434cedb1173936052599d462779bdbf511f7395740374992d1217bf31c3b3529fc19555e9bb3d9e1266d72dbfe8316ee16eae4cc683f0055eae |
memory/2588-822-0x0000000000160000-0x000000000019B000-memory.dmp
memory/2864-831-0x0000000000400000-0x000000000043B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\JwUkYQQg.bat
| MD5 | 9d4fa157e0bf98a9c0940f6b8ec335ed |
| SHA1 | fcff59e872be570c4fcffb1e9145502245f966a4 |
| SHA256 | 4f32e1d5f9e5ceb1bece7f4f0ae0e75de4b10613f817da8877337e7a16f51a4f |
| SHA512 | efd53b21da3682022e6342420dfb14037fae2bb97722c5b6e3299011f71d860627ba1a4172ccd53abf119b033af6e46dd3c4d2837ae18e7834784c9b2c976235 |
memory/2212-841-0x00000000003A0000-0x00000000003DB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fqQUQkUc.bat
| MD5 | d097c1b911f120ef80dd9779fa01c166 |
| SHA1 | 22c2dbbc1e5108a5b150f0bb3f6c115ef06f0731 |
| SHA256 | 6a511238b24d9f7f98a8e278514fa6b390b71bdf014b2eb8b1012c56fb2a49e8 |
| SHA512 | 68625b664290467267090109599b1a9c1c2bcacd3422fe2502635cf843ff51670e820f5ea7f1e129935d6dc76793bac652d7cde6d3efa4cdd61fb1ed46b53104 |
C:\Users\Admin\AppData\Local\Temp\yyQMgMIY.bat
| MD5 | 29e58dae6c6ae10d9ab8acedd4510712 |
| SHA1 | 4faeca3eec88fd18dd22578fb524d57dee113523 |
| SHA256 | 7095f50869e03b82952b7cf826a286d2c49d1ebaa835cc7f16c0ff8ea774689e |
| SHA512 | 1b7804aeb1adeed729d420617450925525a3d63478f4e7ce577affb34c2aa0152a9e9744c8d75306d73dd232dd25535c96ca3a87f14cfdf158f6e2ffb39bbbd0 |
C:\Users\Admin\AppData\Local\Temp\UuUoksoU.bat
| MD5 | 0cea25b116060ae05750b8af39d675f9 |
| SHA1 | 6219f3b24fea4e7dedcf2d188f7237d12910472a |
| SHA256 | 59819ff75e66d97c6d21e1dba280c1c1f440c410e54a31d271ce2844cae5e604 |
| SHA512 | de0b6b65b4b014d66b20800b6036796a2fc4f9cd69a29b26bf45d6dddc01ddd151f2ca4fe9336c1bf233718ffb2c2ecfe1da51ea8ecc5b53197097419a486507 |
C:\Users\Admin\AppData\Local\Temp\OeYYAgYk.bat
| MD5 | 14e23dde61b89ee5633a9e4abc07ec2d |
| SHA1 | d62e4f8fe874d95fa2b93adfe54df06684dd3847 |
| SHA256 | 8d0a749bf40fac6d275975911ee6a3368a4ed9d64dffb21b4cb6d25f6f0d6020 |
| SHA512 | 85f85a5e6090f373a280889745a47bcf5cc1c654b8e2c91da1315b2685f23ba0fa3fa599a2ab9d747e0b5f70fd50a7312e5ea337da521665de1a31f0965ffe24 |
C:\Users\Admin\AppData\Local\Temp\QIYUUQsk.bat
| MD5 | 773df7ad477cbf820e083bfeaf003b4e |
| SHA1 | aa2b77bc4534f322094fa3b6da639076c1952459 |
| SHA256 | 5c1dc0984c4e7c8819149db328eaa742a485c1bfec2120bf57634840a8c8b40a |
| SHA512 | 0b918c771b19990f6a570f8c0ee1ab653b437827b5c6b531c1a7928cce023fc07a6d38b1d1084b19d3310b57bd729fc8674ecf3bce9424e429781bed4e087659 |
C:\Users\Admin\AppData\Local\Temp\nGgQcAQw.bat
| MD5 | 23d4acb6ccc0eed62c61d031776a7a5d |
| SHA1 | d6ca71784cd2a0774439f45d2706141df5aeb519 |
| SHA256 | d489f9ab446f908ee62ee3b16b4e3c641dea5b671ecfb700015663399e5fc869 |
| SHA512 | fd68f38c5dd6b65a381dfbc5a8bb906b89c741c24c922ab45fb3fb02538da345b67ba9b22904729bd181e60bbc2602c858454d323165bd75e5137bffff3215e6 |
C:\Users\Admin\AppData\Local\Temp\fqcsAsAY.bat
| MD5 | 04f77579643a241f6cac222006d1a4d4 |
| SHA1 | f7e1a20a6ebcc64e6b07d2eb3a5328f857e2547d |
| SHA256 | 4ec53e16d44930fa56ad5f8dd920ec36bca123fd40eaa4f34424c0ca775b0de7 |
| SHA512 | b152a84436481851c5ea24bb119db9bb6dbaf2a6877cbc7ea1fcc65705ed41551c7f1a20b3663cb7b2c3d444f2c7d4d3d3754ed02846e5d0b97360677a0e0382 |
C:\Users\Admin\AppData\Local\Temp\JgUEosgU.bat
| MD5 | 6d078bffdf6f508c346b982edfdf5d70 |
| SHA1 | 1d4d36646dff99770790d031193ee835c0f33f77 |
| SHA256 | 06260b4bcb1fb569a819ffd172a205f9e0648711683c76ac579590a49cf537f2 |
| SHA512 | df32bcb95b66b54a4470450ae82ee11123525e5d4f1f0c37641da736fea2463c6ea6a2a4c0c9182a6d462a6fbac0705e5ad5af133f963c8e642cba054b9caeb1 |
C:\Users\Admin\AppData\Local\Temp\YsEUUUMw.bat
| MD5 | fa98320d17658ee76a85b0c14f2b6603 |
| SHA1 | e1573dd57d9c1787174fb88123f2939e7c575a90 |
| SHA256 | 17003d738f21e6f8c4231e8e2103df6b31ddf19a4e9c8fc94b1e77ac4580bbaf |
| SHA512 | 4be7dbcf3385a4267d2e480d3392b1fcb37b9e3e09226e2b17f01023bba363ada24f8b908b70515353d98261c5a3d3511cca2900ab03836b001187d8848ec702 |
C:\Users\Admin\AppData\Local\Temp\sosEgkwg.bat
| MD5 | 9efd0967d3ab0420e90aba76e703092d |
| SHA1 | 6daecb83d36e46307dd669cd556751b6291f291f |
| SHA256 | d10597d33916c34a9d698f937b5ca8d11d33c96e1c0df7dd9690a068d148b296 |
| SHA512 | 2e99430064f9de72a3db9074c518ac4215c4cced0e1380b2414a9aae56bb57a59e460290c1c22325bca8d98dfccdde5edf4f773feeeb2572e6c54601778f227b |
C:\Users\Admin\AppData\Local\Temp\gCoYoQMg.bat
| MD5 | 8ed972eebcc443358f2fa73f984da415 |
| SHA1 | b37f35b239c135bf23cff5c994d3defc8bdcdd0e |
| SHA256 | 144df31f481350587ce4bb053841b0bb1cf7681eef9dcfc774aad110b3acc8ae |
| SHA512 | 9742f52edf2249a4f7a9324c9e052c91dfb3c023a62c74f5a4f65f441f50e131184236d43cd035e01306ce5e772318e9f3ef76aeeadbc8d2d7d578228f802802 |
C:\Users\Admin\AppData\Local\Temp\cAYsoEoM.bat
| MD5 | 9557eb958133c8d1c400ce6fe3dee50d |
| SHA1 | a2b56bfc7b5c6cec6e7adff68bc609fbc9512c29 |
| SHA256 | b60c74bbc49ce5e62cf0edc76ceefe6c6f97d5608145a9e31ed3d3c314ae363e |
| SHA512 | ce1fe405604fc3536108df8c2fe439eb904be28eca4e6245b82ba0f19b79d624d39b57cd4251f5f51b15bb9b70338aec5e985dc706287e4d804fc0d919b1e53d |
C:\Users\Admin\AppData\Local\Temp\ccom.exe
| MD5 | 923c8b2035dea44f2dafec36c93204ce |
| SHA1 | d79b11ee7149b6d41096a09e7a98b4231bac0cc0 |
| SHA256 | d945fab0d2b2c28396ac09a062172dd9f353131d1ad847c4a361dcac369eb088 |
| SHA512 | 9641289ecdf1edd559f139ad3862cde0116f473a6fdf5f77b6f494a009c8fd8111fcf1d8c299d62d5adb4cbcf162c8d5afa6b1546a865ae6f9399eb864361e6b |
C:\Users\Admin\AppData\Local\Temp\KsIm.exe
| MD5 | 05cc9d5023cd51bf2cb7c56da204d735 |
| SHA1 | ea00ca6b392cd3be7491172fa261df37162a2bac |
| SHA256 | 70dbd755766186a2bd2cb70b7c76651775b9a5785e3a86f63008940e4f809039 |
| SHA512 | 38d7805331a64343caeff62227f41c7c849e214a4673fede84ee51f9ea9bd6721d8fc95315dba3bc9477082a05e46b08757c4065b10918294c04c651c2ec3546 |
C:\Users\Admin\AppData\Local\Temp\wyscUIwk.bat
| MD5 | 5aa64c0bbdd6a800dfe6333117953db1 |
| SHA1 | a69ee60f11e8b6532f91c2f48f363ac2bc077e3b |
| SHA256 | 255328f2ef469459e76b3de3616aba3e21250b7a6d21682608ada38a7308a043 |
| SHA512 | e4a246fe211435681dff74d5346c1b0d132930b9e21cc8f1b0c35b88b474915488496bef6324bdbe2cf6922835be020ae9258f2dfd8d29a0b351830bed8dfd73 |
C:\Users\Admin\AppData\Local\Temp\sokG.exe
| MD5 | f78cde527b9f51b17f5446f3798e825a |
| SHA1 | 71287904d717f884891edd6bb8b4378b8324e72e |
| SHA256 | 80cfedf604ccb5c18279cab746619c1b2eabd6974996b4c12df818c5768d53f1 |
| SHA512 | 130a603d24ce6899a1832b460aaa6109687557a1297f9c9792513a506bfd833a793a18a34443d45d5c09ba8f96e03d65edf466b40b9430e4aa66fe21ceca58eb |
C:\Users\Admin\AppData\Local\Temp\QIoS.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
C:\Users\Admin\AppData\Local\Temp\eEAw.exe
| MD5 | 747165f05f5391704f392893ff73349d |
| SHA1 | c454c5ae01cf6da63fe3a7a95bc72b11978feb1b |
| SHA256 | 71356b1ea09f2523c0c24bbb9945b694347f9c5755b383f40d866c9395515cda |
| SHA512 | 2e8a599cd8bd4e3c394707ab860d5cdcbcc0427d7487f5660393aec4b694d8c3b6ec6cb3633ba047949ea51922ef1e4fea41992f20fc57ee7abfdad025ac5cb4 |
C:\Users\Admin\AppData\Local\Temp\ksQs.exe
| MD5 | 0dd4905896a0c71b2688126237a9fa26 |
| SHA1 | ff41ac440403760387d4599eeb3ad4dbcb681038 |
| SHA256 | 3a7b8e9a0b2ba7779c2ec262875e48b10df935639f89d727fe94397b8228ed31 |
| SHA512 | 595a7f07df9eb375a1b949f3b517451fd81c883ebb119faae82ef679d922771ed080671872e00c0573561c0f5c08282c3041854eee3e8e1b69060a83233f4501 |
C:\Users\Admin\AppData\Local\Temp\wIEM.exe
| MD5 | b3806ae38bb403685be6582e36f21c08 |
| SHA1 | 4efa0b3e93626021e508ddd54adb55aef4379ea8 |
| SHA256 | b482dd29345a79c04a2994eb77c1d7736a72a784023cc785e56303afd1f16adc |
| SHA512 | 61c7738b3dde19ac710158a84e246bc386e8edc841748b439414f1c77540bbde11046833b37b364054c0bd1dc8aa086b55d0ba5f519a544d4783df4624cffaef |
C:\Users\Admin\AppData\Local\Temp\vEAIcEYE.bat
| MD5 | d6d87164c295132c11a9e614c977fd26 |
| SHA1 | e2f95544800e4acc5631fef1b00f4283240bd8c2 |
| SHA256 | 4458b81d6dfa0e72b4b8e29308089d7e41b48d9f5049ef0e7b6107620aab209d |
| SHA512 | 815fd4b47ae43770fc6d970559fafe0755435fa45ebbf646f177d9b63f24cfe29b455cf170b857dc198e06021e30959c92ce1015d551ddbfd2ed69ee290a371c |
C:\Users\Admin\AppData\Local\Temp\iEMa.exe
| MD5 | 57f6dec2e2f41bc66a6aae592a93e20c |
| SHA1 | f69bc404b37257b3e2ae14fa5eb0a69cb069952e |
| SHA256 | 9eacd342a78450c2d0a09075279e2a34e6e7f040581d0756448d22478736ffe0 |
| SHA512 | 3a5d77a5d39457a0aff7c66874782efeab39b2f4f52f83ebe34f76a5e83c0466d86c3b4043825212d56de1e495ebb00cc486f49d28ba10550b6278f4b3217c0c |
C:\Users\Admin\AppData\Local\Temp\EEYm.exe
| MD5 | 7d462756cc25931d5ec14aba63c876f9 |
| SHA1 | 8479d6f352651d3fe34ed76a9cc364de6b893985 |
| SHA256 | 9094a4cf24c517f7b07c7da7f156e2564e7fb3523318441bcf37f0a3d8e72379 |
| SHA512 | b8aa0dce085f6a2ba8e21b5f9e23504233d5b018b82e3b1423010d0c09de6c6bdac4e36ef283e2524b0d1169d80b6b087ca1b02f69e88575bf1cc77376bd5457 |
C:\Users\Admin\AppData\Local\Temp\woAi.exe
| MD5 | 83662772808deca68673b85f0d4174b7 |
| SHA1 | 636d423c385151bd69dbaceeed5c9770b8a82011 |
| SHA256 | df297317aaa2e2917e4847953eac8c3443184de632862edc5255c69eda1133f0 |
| SHA512 | 30da1fd2d95a25f67435648faad6c812a2a761af638283a07f5bed95a6c3404bb07f9d3f1c822a73578f4c53023f1e14436c75cff50f8781a6ba23db928b257d |
C:\Users\Admin\AppData\Local\Temp\aIgM.exe
| MD5 | b08d6103af404726d64479274d22dcea |
| SHA1 | a16437bdfd7a4a59e3c4cfd14c5ba5322a4538b3 |
| SHA256 | e8180ec49dd8ca75f87369a8addf5fdc2c03fdf3c94b079a83b344cd4e309223 |
| SHA512 | 4eb380ad533f0cdca8da6b6262b0ab462d8f8be06fec8cedf34f84abc5b171668ec3bbf09d7b2a7dbef0ae7ad9f2877d3b98797156638a46fd73282b26d8a885 |
C:\Users\Admin\AppData\Local\Temp\ioQc.exe
| MD5 | 99b80a27fc99fe06adbe7fcbf5ddfd7a |
| SHA1 | ff7fbef176d51a69c085c5377237ab801db05067 |
| SHA256 | 1e38a991b62d8ade869a03d1d4b77f129e721d072b85af22aeba68498defea3e |
| SHA512 | 15830a9b8ff0ba52a5f31a3dbf4b121ea70ab73c48046d8a4fde358841f53bede6f854139e1ae58a4c0bcce54486115b580e574955585d70331a826dddf5af73 |
C:\Users\Admin\AppData\Local\Temp\Akcq.exe
| MD5 | 20e1fc5c3b008eb55b8202e8f5d2bf02 |
| SHA1 | 47d0d94f11ac8e230530e7e8cfb63be00cea1eb0 |
| SHA256 | 647e9f386abfe8b4dd63f8a62b899b6bea35e4721b73306fdeb8262e6fec6e66 |
| SHA512 | 3a5fe7bc65383b87a48b2a412719ba9e68271379f5f8b1b885423e724260142f6df57f14b4617687eb89790f12a8cc1bd41e7c2c7490626b8a7ba09f9da6ed13 |
C:\Users\Admin\AppData\Local\Temp\zywQMkoY.bat
| MD5 | e0161dc16ea80cb7ea6fd8eed50c0cdc |
| SHA1 | 55c9263f7f9ece3caa56a5ee3c5b554191745f05 |
| SHA256 | 4912a4a122426b465fb615baf71aa388b82da6593a7b8686b074432e2aa36e6e |
| SHA512 | 64711bed8dd9ac5b32b1b66a682dcb1b74afb79f77589e255a45653b9f5c3cdc6ed89c9ebdb97a8d75c03c68c6055b3d37cf6868db6c7119fee53eaad7e38b6b |
C:\Users\Admin\AppData\Local\Temp\eAoQ.exe
| MD5 | 90756737d0eac94449428e6f825f2830 |
| SHA1 | 6e037f6d3577cf4f163779608be0d09c04127756 |
| SHA256 | 0f52a8979ea6536e6e686d7c2ede60222eda5121909e3bb3894e7d32d045cafb |
| SHA512 | 7754d34860f6509d2cb170908b8059921a90cc027f17093aab2bd1da506d6139b7864993a2cda5000e5049e3fa38e44399588fbc86aa68915a5bcf916f8df643 |
C:\Users\Admin\AppData\Local\Temp\ycgc.exe
| MD5 | 1b6987a6b47a33321929a18ee78f8b89 |
| SHA1 | ed4c318d4e0911f958f433a1207a17c20fa046fc |
| SHA256 | 7d4fbcc147be9837516c99b2e26fce9cd6bdb0d3271f8584a91181e1714ceb69 |
| SHA512 | 822d9c919af2ffd24b93d0833551a4efe7f0946650147409697e6ae11d0b8e2c98cccee96ae7973906bf20121cc01d5822bb7b6ef25cbf3dc23ebf2cf923d567 |
C:\Users\Admin\AppData\Local\Temp\QosC.exe
| MD5 | 01412df8bdd7ea3fa5e749ff0a2dd49a |
| SHA1 | 1a0f1a712a7d59a4fe70edce4d26d4cf07f3cc8f |
| SHA256 | 300be9b44d13a4d9ee379110697d73bc802dedf9b73831135103ec2a0b64ff3f |
| SHA512 | 957d32024e5856f13c0e23306033550f06c4390a127bb992bfab2e4b4822083d123ee4bae2b15cbb4d8a27a73eb42370bc62fed69252c2404776fb2d41b8250d |
C:\Users\Admin\AppData\Local\Temp\oUwk.exe
| MD5 | 57398daba5f63d9a0d8844a55a58290f |
| SHA1 | 5d82beb80ea6f03ada788f7b3154d6813fe4935e |
| SHA256 | bd1179aff0d4b7df25f24499b12f80ae4878df8f01560b1334b8d33a90a70c89 |
| SHA512 | 24cd0d64d3015124dbbd3ac0974b06f0e72e05bce2eeb087ce346fc9bceced9a248ffe18afa94ce8fbcd8c21f7e960e1f1b780822ca59c82c1cc5201a98e439e |
C:\Users\Admin\AppData\Local\Temp\wAAu.exe
| MD5 | edf0b444a48da4fda19a6c93a85d2e19 |
| SHA1 | 42774932518dbc7ee2dc158efca241b146d19214 |
| SHA256 | dc5701bff97f39d4922da9c7088961a1544376af3c2164e92818cf41e520d569 |
| SHA512 | bde4f47864388bc0ac66b0ae64cbcce589dcee9ec70d6afce9578465e398d85a6a09d84698423dc344980a1c6b06cf37245a2424fe4e9b75a81afee27981500f |
C:\Users\Admin\AppData\Local\Temp\HsgMAwok.bat
| MD5 | 77b0c3a9cbe7753d8a1555655398c654 |
| SHA1 | bb09158140cfac1e3b3d98847420b6ccba710596 |
| SHA256 | 0760962601c7c8cc1f831fd0548d1eb3e3710d4ae13a60b219579e8ef9fdec7f |
| SHA512 | 16c636cfdc8a985d6f889352840991cd06de6f8fe2c4e58f209e66061e210e862e548faf2ccc813205e490462f8d4713deb23bbfa7544e1745056959bce3ba32 |
C:\Users\Admin\AppData\Local\Temp\AUsi.exe
| MD5 | 0e9f885081129404ccfd622d1f101981 |
| SHA1 | bbeed395c3a084e986100ec537bc45bd1e20d275 |
| SHA256 | 488a536be26d6272384e2a7df92510ce5aa49db6e94b8fd3ba149a4dd6b6c63d |
| SHA512 | 5228f2df6c7c55ea077035b9a3d77ec6e7beb488e16f3dad975bc5b5a48f1ef799bd02123642748e75e284ed402548a3703766a726e8a1c05f65bdb690b85eb8 |
C:\Users\Admin\AppData\Local\Temp\usAs.exe
| MD5 | 8efb72b493a296b2a6e1c9bf16461569 |
| SHA1 | f2c1c082d701c11abdd87c0b48a30247fe38caf5 |
| SHA256 | f9283e6de544a109927048383c9bd1c42a18ad04255ed7cd037d140268d44ffd |
| SHA512 | 9790c586d9c2dd027417b18f7a66323f477b3771f63cc7a213a608de71017ed1efedc6c2c77b8b4fafb861520ad8fed9415f8852408abf2f419afc1bc95c1bcc |
C:\Users\Admin\AppData\Local\Temp\cMYw.exe
| MD5 | 70f189f11309014c609786c56a4d9a3a |
| SHA1 | 884be6dbc7ac550cd538771d881f74aee4d59b13 |
| SHA256 | b8eb140e50d4e501a0f10bbb13a3164752efd632feac868627583acde4f71475 |
| SHA512 | f6666da5d4d407ecfc5b2ad905f3c18efea25b91c1cbac9c4d6910000565af4b3d57af6be269099a6d37166696fa6fb877ff7e7caf3ec5a38dcafc354a444a59 |
C:\Users\Admin\AppData\Local\Temp\wgMi.exe
| MD5 | f9e3cb496a84ed413edad3d93f006797 |
| SHA1 | 8368c6df7f68792179b83e5d3d3be96669cae929 |
| SHA256 | b713aaad92728e2e19d3961a4ace44e833ff56fd98a89d478eb069719921d762 |
| SHA512 | 3cdb0e298801589a0e32b043ccb0a3e2b5c4cbec5f49fc896c101210d699a8da7bcf56c5c0f8443ecacab490075db2b69ec443d8fd3d320e7d19808c199f9e6a |
C:\Users\Admin\AppData\Local\Temp\SSkgQQQU.bat
| MD5 | 6a837bda2f74b8e6371eafaf35246e8f |
| SHA1 | bafd4f37f81a6e3882f02feb84ba920fc76640c9 |
| SHA256 | 869fc17767c740aead21bf9c22ca397c736dbe34d86539311c85fe82e1af96cd |
| SHA512 | 4c59ee37067d4521b20b77e57129f98a620da1fcfaf4ba3f59eee4e3320e8bd52cc402550d9d929813c9a5ca4fbbd31167af6da0539600df6b498cc6ed8eeff3 |
C:\Users\Admin\AppData\Local\Temp\KMoO.exe
| MD5 | b4c9fa7dd266d7d8080aff0a485fd3b1 |
| SHA1 | e687e2cc5bd0d0a3d8d4b034af423099e2bb41eb |
| SHA256 | f33bd40ce64cf2d8f59bc60b9f27071c882097f937013e1a41f6be88494a6c71 |
| SHA512 | 6bc203ce01ee6d394cf6d26b8f3a49fdeb26354228b1146cd547b5f77472b61afccba781495c277ef10becfb2878254cfa56461a02dc9fec1fc376873a19236e |
C:\Users\Admin\AppData\Local\Temp\accg.exe
| MD5 | a480862163d6c511992c153211514240 |
| SHA1 | ee73d8f9446ebafb65a1976429bf07849afaccb6 |
| SHA256 | 8112e9325b50308fe652d123305604c5e93abf8c3c567bc59bec7d6b313e4cee |
| SHA512 | 0fc1dbe693ee904ed4ed2d0ce71b38b4da0c1dba2017b04ce950b784f4226aa0af38ba88d1beda3bdc4e84b108a93bfbb73381ff3bae58eb3f8aef4f666db0c8 |
C:\Users\Admin\AppData\Local\Temp\qUUG.exe
| MD5 | b9d1662ce2e9ab9e5643bea74cdfaaa4 |
| SHA1 | 4c94ca64298f4826bad8444418f073bba51b2643 |
| SHA256 | 57dbebaffde1316964008d620f49ac38a35c8eb3592a65eb232afd6e64293227 |
| SHA512 | e0f00320b7f85b70794e39b0670fcb4e2da34126a1d3f77dbb775b53d24f7a454c4abc5d840a6468b8ace3054aa111163b6bd9b9465b8af197ab91d97d8b8762 |
C:\Users\Admin\AppData\Local\Temp\yccg.exe
| MD5 | 432da9d5b51b6ee28ccf70f4568068fb |
| SHA1 | f8ddd07962dc8e02a7e406b495298a8850445a42 |
| SHA256 | 1f55b5e027db70fa38ba8c1922d255ae1b57bdcd5c8887765931097f6950b63c |
| SHA512 | 5983c6f99a71ba8dead5128dde4a734a6b3d354d6637fecf7bfa79888a86f68e91466f5db7e4fea7d687412ed3e1ce58d3489c952f8d037f63a24ed6accb8dec |
C:\Users\Admin\AppData\Local\Temp\IcAW.exe
| MD5 | 6ded96e8437a9428f1fc1d57972378b7 |
| SHA1 | 3ddbd398e7dce256e3b72d21bc287f09ae3eb0e2 |
| SHA256 | 686cfadf36560216bf7ed5c022866945a43a513672ab121a36ed2de05a1de08e |
| SHA512 | e85e17131c53072301a1c30e2278fb31a6ece1413df5a2e5a3680a2969f2a3a7d8e089f0fcc6c47a0da10a0f738919198f07546e20f3d5be606a5cec974227d0 |
C:\Users\Admin\AppData\Local\Temp\goIgcEUQ.bat
| MD5 | aecb9b7c480901c4c213d8a7cf51f43f |
| SHA1 | 61045dd4026a290022886538e1f220b19f2fcadc |
| SHA256 | 93cee6c9a667c99dee29457c13218e77ffcea7feec9a396553b0072009b03b0a |
| SHA512 | 7f279e0aec524fec96ba070925b6b17630d5894c77aba56d05c492fda40943fedcc7eb49cdf6ace54c573015767c207666683a892e9c872896a7f09814c8de90 |
C:\Users\Admin\AppData\Local\Temp\iIcu.exe
| MD5 | c748223decd06a4dd41676d6f7785e94 |
| SHA1 | 7824d0555657f1d20a7be243cdc6cdcc5975d8d4 |
| SHA256 | ff6255de9f27cc07214cbabb9011a65c30ff59016432a21de3a53c1c2a47a62e |
| SHA512 | b2677c76615476cbc30005dcc4afc99e7ca0e7e470a32d2eab6e82f694867c1fff053fb037f2031803ea29cd071066cc2185e7010c2d29ab6c4da12ce50ddf19 |
C:\Users\Admin\AppData\Local\Temp\iwsc.exe
| MD5 | 6e7b0c0a0cc9338f121e8c96e06a487b |
| SHA1 | c726388c3f356e53fd38951ac5409b77b3641747 |
| SHA256 | 6e1dacea79cc3aad43a91c6a557ef5ba7d7fd40f51f0c352abad31ca8100035f |
| SHA512 | aba145325756eae0346dcb037f67bc5191c9781cca66e213ac380acb0e3bf2465fcc727b7a708fc1d5ee6d159de3dff0877ce61615d94ca9b3c3110ff5a68116 |
C:\Users\Admin\AppData\Local\Temp\egUm.exe
| MD5 | efeaf7f7a3da0a376b3d5956454b349a |
| SHA1 | 70b4994f05b3d2e641ecb7efae388f20667148cc |
| SHA256 | 31ac53dabd3212395fd0aa77a7ed8508a14266ae14e68fbdcb6ccf5a7689d0aa |
| SHA512 | 8684ae75a99ac20542d5d40e6fcb8e62101da218e5babd26242d67302c452262ec37f9096c4c0a255f7ee7f709515f3ced1baf6cee368131017ac20cf643cfde |
C:\Users\Admin\AppData\Local\Temp\WYUq.exe
| MD5 | aac213675b8ce6bbdd53f874eea6b40b |
| SHA1 | e22401309b11ad9101ce424116ee72cc715a716c |
| SHA256 | 6ab4bb126f38a75d497a5dfd117c5f7cbb521b38b791642d31a604819f708bf8 |
| SHA512 | 8ca72567aeaa7624d77eb6071a7b0b39dd1bbfae1687f777d5caa565f818b16c38b5ebb6a13192a5bc7f9ff47b8407ce14bde117a42aee7d0470ffa252a22e18 |
C:\Users\Admin\AppData\Local\Temp\AkEo.exe
| MD5 | 5ac9b6638270be8e038d03b32895858b |
| SHA1 | e922e1e2097fa0cc2686674b719bc7bdb86ccb6c |
| SHA256 | 46e88bef31376d8cb937452c5ce208ca2d14d4bb1e0763a806ed65b1b8219424 |
| SHA512 | af38da4b574c56272d8d0b1642bd76e1944baf27e6754ec91c49a390156a327cb1e634ff43c39793b6f57269d7456f365874f101ddc2b454387bd492c39582d7 |
C:\Users\Admin\AppData\Local\Temp\WagQIQMM.bat
| MD5 | 6f47e54e7fc3376a68a25854be36521d |
| SHA1 | 949f8b690a3d05ca4b632d88261ba5bc6d42a546 |
| SHA256 | 39dce84fcea8fd76952594fbfa03258f18c590269fa8ad3d5fc171c16622bf23 |
| SHA512 | 1e4a7afa5e2954783509765d718e12a026be242fbeb6897cb8b8c845b6b072e0d73303e16401889847ee4d9a20d62e0d094c86622a729169a80b2a1e6f5c9edd |
C:\Users\Admin\AppData\Local\Temp\yMoM.exe
| MD5 | d4a4bed1b99197e7139ed849bd925a8b |
| SHA1 | 64531e25aa087a9175c4d7909ec6edc02d289f16 |
| SHA256 | 2312ef0c17bee83c9bf559aacbc9a1f9712ca170c8fe980be2d939829d7fe1fa |
| SHA512 | e302a4d2054f751ba99753fb91a6fb6afcf0a905d5385f2a455eadb26a7364fd47321d89e32f81f0d45a49086c4845cc15e6113ea2ebe3e25d388ac09278073d |
C:\Users\Admin\AppData\Local\Temp\AoYq.exe
| MD5 | 624217ccf23d80e5738d267cd86e7847 |
| SHA1 | 7e7951197d5cfa9b28a8293a5d76af1519af0cae |
| SHA256 | f2f9a2482368aabb8ee9d83ba59d9f322c6c4b463add632e26d686922556416d |
| SHA512 | 5875b87f084ed53fcbf4e05adb28fb48a50240624225b8e86f5a59b11ba7b30ab5e3b137e27f95ee068203ea5bd154fb5f90af2b3b7f6a6e3f52bf9e65243491 |
C:\Users\Admin\AppData\Local\Temp\OEIg.exe
| MD5 | dd5b390d566d829ca769fe4d1a47d8aa |
| SHA1 | 52de91e4ee641653229606f93b34c902b2f43c1e |
| SHA256 | 56c66dbf16226c10d6682c26ab880b11f99de88d93c078f6769d4e77b9ff524e |
| SHA512 | df7ba5429ae4038fed3f3522ebb9c981030fd31e606e713bce5acb448612922c11a70912489da6c9eb0944ce712cc05d34e0fb1d1177e90d33ae49ef3f0f2938 |
C:\Users\Admin\AppData\Local\Temp\gcMW.exe
| MD5 | 313121233fc3a4f28aa7e5eb3e5b88ba |
| SHA1 | cc849c3555bf934241f90169582b840f96b2a103 |
| SHA256 | 4348cb7a9cd84c4412b74a2935798b3eb041056bce128dcd79708fffd84a6132 |
| SHA512 | 86d86100ea16a2e24f7e13a87f19b94f7e01e9d2bc132f741e0bc803fda81eefda92402cd94db5130f37d870e108125c49f2aeeb4ae70ce2c1baab107dd27715 |
C:\Users\Admin\AppData\Local\Temp\WQAq.exe
| MD5 | da506d31f6eed87a0155ce2509b88e75 |
| SHA1 | aa21bd48d418f6b85b781af80fa37d8ef6182c17 |
| SHA256 | 70d22d732da046b9f42af45405ed1e25d40612a4c951684ece57fe6c353bfc11 |
| SHA512 | 39c43bbd75f1554a818a5bf0fa0e4b014c0c3d8cc565b6be6553404f78f420113cf9b913ce22f8d57a45fbdfdc78e5c7449fb088c028b9dd2c002debcadf9c60 |
C:\Users\Admin\AppData\Local\Temp\cAQQ.exe
| MD5 | 3aaa326e671297370e372bb5b249909a |
| SHA1 | b55080ff95d43491cb7f6160191467d3ca482307 |
| SHA256 | 39b3cb1f8811e21aad82ae82e7531097db9624717a88bbfe75eb20fe10b25d51 |
| SHA512 | c2210023835deac909b0af85bcb54ab158ae753aa17cc7b899abf54beff1f2a3d719cdf9ba525ee55042d733ea10a522210cc0e290c9e7b24f7a64b02cbb953a |
C:\Users\Admin\AppData\Local\Temp\wEMi.exe
| MD5 | eddace3f182d1930cf28d7bc2306ccc2 |
| SHA1 | ebe5f10bb649c604e8e47570ffaa83782d0d5930 |
| SHA256 | a82fd004151899d0baf0496c16ed70f563cd759ef4d9b1a51dd521bbbac2bda1 |
| SHA512 | 737b478c024678413d7bb78807ef15098f797772930831e4724be93d1f54d8f1d9be63521ecf178ed4c62205cd0b96364ae41293729c8221f60c5beda060f49d |
C:\Users\Admin\AppData\Local\Temp\SUIYgoQc.bat
| MD5 | 9db8a817f6648f3d23d433daf2a6e3f7 |
| SHA1 | 348e99b9c3b5b5a85012ceaac2b14517171a8627 |
| SHA256 | 89a3e71fba5325e6db12dc65855b8a29341b3a6ee8dcd8e6d6deaf8881c8c569 |
| SHA512 | 2e0d5a057bcb2e56b1e104244a4ae68e968d719b573e10998700386a7507ab9ebe5e56a6dd2523a86ed43af10c82256c491f608e77f52a317512eb9dc8e44069 |
C:\Users\Admin\AppData\Local\Temp\YEsw.exe
| MD5 | c580726ba68f752d7cb9bd267b5c90e9 |
| SHA1 | 0f716c8be8c37dc154960baae8a2119f723b2d1f |
| SHA256 | 84bb4bbbb712204c8d3556e905b55720a76c0829d5637ea9374f2256a6c13973 |
| SHA512 | 6515737fb99e6f7e98bc4cab87801f9559324c9dbcecf552f0b63b6f804f7ff8a4590ba0d831f2ee509d71e8302ac917732ed22317316c4f0258b3fb3acd1645 |
C:\Users\Admin\AppData\Local\Temp\aAkK.exe
| MD5 | b048f52bfb07e7839ab25d2575a9799c |
| SHA1 | f563e1ebbc6b00d7bf4b705ec1a4eec486c852ae |
| SHA256 | 2f2ba52607e531795afc390c019a05d67498846606b8fc803dec795adc27763f |
| SHA512 | 8fcef17e7f39c0d93fbda908d9b01db0c9027f1d618c2a4dbd54782554ccce3817060887b2280785372b824e283a679d2165cea70343059acc9001878aa32c15 |
C:\Users\Admin\AppData\Local\Temp\WMgG.exe
| MD5 | 0a6d88de0352e5f7d0440b3b693be75d |
| SHA1 | a5cfa2744ad19af5da73ce892a78389204153792 |
| SHA256 | 5865b4ad6d3cf8abd0c37c64dd73353ff185b7c6054927b91e78ea3131ff3414 |
| SHA512 | 2c4c3a3dfc1cbe7de642c2e9293725721261015b11015f69692cb68e4acce967c0348c940c5dc47494779e584ad884899e801bcb7580adb8a9c890e450f5160e |
C:\Users\Admin\AppData\Local\Temp\qgMe.exe
| MD5 | 61b4ed596860d10bb72ec4e2bf4e913d |
| SHA1 | 95e4cceaa2aee0819bbd6b6da22350859d973333 |
| SHA256 | 9d19a8bf13b6fd5cac1b673edbae688f2bde12a374cb61596b4076b53cfc0381 |
| SHA512 | fcf818319bdf47aea3c46c9f41ef566d1a3586a76e60e48f7f1c1f4d8c2b86f9f09ddf085462aad38f343ad18c8c87024b8628a203725ef6c2fe956c98db8e3d |
C:\Users\Admin\AppData\Local\Temp\kAcC.exe
| MD5 | d9d7eed703bf406c8d6ec2dfcac033dd |
| SHA1 | 1fa243749a3075d86fa81f3c4dedc6d1405cda12 |
| SHA256 | a0b8354ba57ef464c5757c790d3a4a0c066928313e50f07b3e696ef367f4edca |
| SHA512 | 1a9421888ff7126595b06c0da3287412b37588e8a6e88b1fe5640442cc3513577db9cac84600346db6fc67cf956d76d59e918025be4ff083bea685c3ca24ccc9 |
C:\Users\Admin\AppData\Local\Temp\jesYsogM.bat
| MD5 | 5eb179dc616139d9b66302e104942b4b |
| SHA1 | 36e6931bfa5c8f01db4ef297394b16027a5b3099 |
| SHA256 | 01ea9b89c5245765f238a8d577305d6f778c4cd9a39620a261e813b10165cc85 |
| SHA512 | 5fcb510969c5ca29e59ac89acdbfd12266909ffad8eacd2c12b3f1db8a61b6577607bc8f868cae74d24fdda90ce1055c72c9d2da91dcdd05d3caecf3e0655214 |
C:\Users\Admin\AppData\Local\Temp\oIoa.exe
| MD5 | b749dc30b42b68eb2db4a68cebbd8e78 |
| SHA1 | 9592f1ae0b36d49ea5bb408a8d4a4acf5acffb66 |
| SHA256 | eabce27854ce63c72fc453680ebcea0047b376a1a08b5567fad77425cb77dd5f |
| SHA512 | 1588898b0110bbc07c7cd92d920283a86d95d7bc608dc21b3bc75159964608f4fa2b0e53d3c07df38d8004cb5ca2443ff643e9684b8c99d3a002cae60ed5177f |
C:\Users\Admin\AppData\Local\Temp\AgIU.exe
| MD5 | 9640b3d41ba5187f22a62d3fa42ed670 |
| SHA1 | a1fe8906d26959cb530f6d876a4c7d0c93162a22 |
| SHA256 | ed70b86fecbf4ab37df8f3f4c2c02023b2d9ec1d8ecbeae1769f1f42f9b9a510 |
| SHA512 | e4aeb2fed201d75f90fbb362370a28fac57c69c80ce25aa2a62de5a4c846e7417d630b8ffbc209ee2181ec700076a1665cbc0ad73a1d9e2564895f2ad404fe4b |
C:\Users\Admin\AppData\Local\Temp\WIQw.exe
| MD5 | ffa7f4311280aade8b4888ab54511a72 |
| SHA1 | 7d4a917996613dfe6d13a4f1c32c9ecaccb84670 |
| SHA256 | 6aae6010a16e7864d737b685d7aa7dd19182ff2c631311d53ecc7de608b314ba |
| SHA512 | 274f55e79b39843fc8871ddd7e22ce5b8d6be5d2915e6c252f69780c02b4e291c206677fb5c1ce8f9137d8aeeef62204c2a25f7237fd06e811bc3bc7413a9da7 |
C:\Users\Admin\AppData\Local\Temp\AYUC.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\AUQU.exe
| MD5 | b86b928a524970892e7500573654a481 |
| SHA1 | 8b4fc044a4ca28d8391a1847efdb7aeb75a9762f |
| SHA256 | 9ab1b45378676e06e0ebdd20a3a87f1c2e48e41c9bc7e3db9d2d0b9a44b21f96 |
| SHA512 | c4916a38ec030875a9cafeec2bb18a65e2f9562600991528766756ff1fe408abbf25baa9834f0d8d3bf80b8781cc9b50d720b792f06128c254f3751985eadebe |
C:\Users\Admin\AppData\Local\Temp\UEYE.exe
| MD5 | 20137f5719c77107855982242853e02c |
| SHA1 | 21cffb1d14e75eb582e64bdd094a0cb0a7cb5b50 |
| SHA256 | 084768cf9029a1d66ae33bee939e9420e6a9dd8d8084129a2b68f79a3e2abe97 |
| SHA512 | e82177eb4185302e126d649cad74b28a1b32c9fefd8de85405d1b352679c50d6cf5e88247e5d34a6e594bc40c44928cd7d3c285660eecd957079cfb86423bc20 |
C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe
| MD5 | cf9db1bc5e0df76c85ccb12d72c0ecda |
| SHA1 | 90cf05d67998db66ca8935d3d3bb9bc2de018f74 |
| SHA256 | 60263c179ff9df9eb71193700ca416629c008b5e8ffa6e7f5d1b65107eff2ef7 |
| SHA512 | 31403e2d21a4590b702f34557db0de4c0c7273eeec57f7f487531d0d810ee5366aeea2e0d97123d9fd7427669756ff6b0130e0ae2f31ef17d246d78749bc399d |
C:\Users\Admin\AppData\Local\Temp\tEooEIAY.bat
| MD5 | 995c166575f1ce17a314140203fa1fa8 |
| SHA1 | 3870599d99a183c8657b949bc0a7ed76b6876c4e |
| SHA256 | 7ebf565814082dd1dbfbb7f40f42c3ceae9eb844acafd77308d2c81b26bef89b |
| SHA512 | 5e48e388c438b844622d63864bfde0a5887f19697d3b10a3bec67670132dd40246affa377f2b52fc141896b4230f179b89b0f30830ba69b84b1d5a26a54dfc18 |
C:\Users\Admin\AppData\Local\Temp\vakcEsIE.bat
| MD5 | 397b2ce948d893c3afc4b1de6f0afa9f |
| SHA1 | ebeb293111b9baa95e91beb6e1aa2687e6f9d434 |
| SHA256 | 2505b03c235f9a159befa3a2f763cc6679dfdb38bb57a051b28869d64b3a03e6 |
| SHA512 | 6f51615084932088ac0864ea9baa53243da20581f93d4d7d32db7de2cb20b6e71452abc5b2d03a910ee01514a028a746aa3318e155783dd895a96278ef3dd1ef |
C:\Users\Admin\AppData\Local\Temp\eqgQwAIY.bat
| MD5 | 00b3ba75252960c762a837c34c5c7b75 |
| SHA1 | 6ba8d220f41ac1b319a0bcf2a8ea05cf154d2375 |
| SHA256 | 92fbc7e5f32f577d5291d71b1f5f5605be9e8261875f39a7294c607f409c0022 |
| SHA512 | d802b2d1947802d103d2a4dfc973a03a0aaad1c0fddf3ef7d9e39344f4f28cca7e30f05492e256ed096a84fa1a18c0746f35aabcbe1009a728eca2e40e7effbc |
C:\Users\Admin\AppData\Local\Temp\GqYMMwAk.bat
| MD5 | c4ed85bce097c1c2bb00e50d3df8429d |
| SHA1 | 6435f506aaa3ef3062473289321e5f5f5ebe1b2a |
| SHA256 | 39b49d6b2503d27b0e94275d139296cf661996d2099d0f1ab8994340c4e582f6 |
| SHA512 | 49397c81ec97d299ff16f6d4f372c57fee24c33fa61fa844ae6660fad934583edaa4dbbc83a6c324682cd530a11b0d73403250cfa01cdeead66fa4e66c9a29b6 |
C:\Users\Admin\AppData\Local\Temp\swEIIMMg.bat
| MD5 | cb5659662674bb36730dac634c973eb7 |
| SHA1 | 57431ab9ff58b7d523489707de91fd0b6e71c1a8 |
| SHA256 | d27f26187f5708d85d5ba2f4176cec8b8d22d487e756d11f03e1720d37c28f13 |
| SHA512 | e689bbf1b145c9b989ce9d0605bd5abbcf4878d4cdbf47b79632e3c32da0599186fdf7c3406fe792ca6bedc9640881dc73b917d97300bceb06b1f25c59df5869 |
C:\Users\Admin\AppData\Local\Temp\qswEUgQI.bat
| MD5 | b3d228bd91a1d60ac350e8cbbc097549 |
| SHA1 | 5e134344a18599e4e79f82f8c624d9a93438bfc8 |
| SHA256 | 8cc187b0155060e35364dc95dac4c0c09a5134a7de3a768226b933368293b935 |
| SHA512 | 57fa6a773abfe445f7bbe5d020b72c2d5f5116ae3fba7bb1a326546e90f83b3d71a9200042b8a9cc742b0f72e87c07e8673b5ca8d3d407bde27ae122abfb5bd5 |
C:\Users\Admin\AppData\Local\Temp\WEAAcwAU.bat
| MD5 | 01ff19dde95f6a15d12931031a7f9093 |
| SHA1 | 669ac923beff42aff07bf2a0903494011242a0b9 |
| SHA256 | 7131483bce2ff88f6d974ad75bed61a5b704efe83f0b56a14ecdc8e8f87741a7 |
| SHA512 | 6929f64d2078e4a11be6d57aa31700eba20c6bab86ac23024c44ee30674de9232557417c46fd69d72cb99b492018b12f1ef1831cb0feebd12d483e1df3957915 |
C:\Users\Admin\AppData\Local\Temp\RSMIEYEo.bat
| MD5 | 561d6f362e6276dab9b33676b893e740 |
| SHA1 | cda0d65e4f6863098d34fa109e61ed21eeb304b6 |
| SHA256 | 59808d2730db00fd05e1dd153ff6fe6defacba102dd19d9812260cb510275aef |
| SHA512 | cb83cefe7dbf25b2072694d53465b7a4e2846c66a85c9a528530e632b2b3381c13ec00819ce1da8adf1fc72f0523e6f9fbed449d17d1e6e621afe942dbf20bd3 |
C:\Users\Admin\AppData\Local\Temp\PsAcMowk.bat
| MD5 | 2dbe9e186969eca022464670e5e6d5cb |
| SHA1 | 975d411602f8ecb89f6fe1747396295f2954c695 |
| SHA256 | 00e89ace1533bd5ca9e1cdb4b56682ebef2c7bbef4407fd9576732a16a14c960 |
| SHA512 | 5ac1f72925103d7141db8826d027cfaab5d9ff09a7cfc2c6c2fcdc6b52b1d9e2138c71e114e1a8d1ec5d462b1600763fd2eb010ffcf4fa5ba286a721a2d7fa4c |
C:\Users\Admin\AppData\Local\Temp\TGwcEcIQ.bat
| MD5 | a1aa2cd7225f4f8fc4dbc74da0689c5b |
| SHA1 | 9ecb23cba370f3180d8aa7c9c3b2add36f75c045 |
| SHA256 | 7af923db57ec6e5a5a3123f604d1f24fb6c35a95025d2f7879e512cfe4ea9329 |
| SHA512 | f9af0fcc66b1a2ee4a9274a8391efefdd126b2ae25d705d2af334a80b4e394136a34797b6fad141f8b858944f0461e630526065839284dfcd0a0d5059954c475 |
C:\Users\Admin\AppData\Local\Temp\BsAIAMkQ.bat
| MD5 | 6629f1c4ccc482fc1fe328af0ee959d0 |
| SHA1 | 0de4548c2d430da1a247e809ba34b1c04052d25e |
| SHA256 | 5df48e21bf2728901fd28bfd18e19125d9e29d8e6ba1ec88051a3726419d00ee |
| SHA512 | ed2241902da70747955e1c9ad0383b0b93fe370fa71a80344867c00b81668016ee6b2bce1d1562603ec27d402fccc0cc542ccaab5a6ef361a3e90caf3e57caaa |
C:\Users\Admin\AppData\Local\Temp\kYEA.exe
| MD5 | 578dab9d42d6a949f440c6c8e889e43d |
| SHA1 | da18eb7b704860db1c61dd4924463ce33b429627 |
| SHA256 | a2078b33d0c2953e261572c911a421cc7409f5b5e1c881a94e2bd9a36bc7845b |
| SHA512 | 5097898c314dcd1c9ba0fc0f366edaec6b9c52b140c826991d05981f11cb5470ffefa5e07ed0c29a058d3bf280481c4c619f679ec3e376a69319e0448ff1e983 |
C:\Users\Admin\AppData\Local\Temp\WYMs.exe
| MD5 | 7ea9f16840c9b6be8120221f9093f369 |
| SHA1 | 3e6f2cae24f459710d352798d85eae260b1528e0 |
| SHA256 | 438e543a8a199e46c4fe7d3d98ecf20621cf78db9fbc8d5321c3f038cca570c8 |
| SHA512 | e6d503165a16ae49c970662e5a096f125306c49536ed369054644dc7da2ddc53a5254c7006e063a043d8a5f1ef0dce557f81b071830adcdbe8a58b3f0d4c16ba |
C:\Users\Admin\AppData\Local\Temp\cwQg.exe
| MD5 | 4970550a006c5fe30225a288b6cf3c40 |
| SHA1 | f051fd2ad6aad8784d7a4e3c075a3176b053aee8 |
| SHA256 | 41c780c07b19090a72ea141471352ec3ec56e1c85c6550d1b7a68f447cb1163d |
| SHA512 | a26820998e479ea1c042be5a76eb4b257adf6aeb24a3574993160ac8bd36a6dd453d695c321622e274497dabb3cee8825c36ce4720f8fc785cf9fa0b223c0d4f |
C:\Users\Admin\AppData\Local\Temp\kQIs.exe
| MD5 | 89ce576e403fe5250005f2d54f130d5c |
| SHA1 | 26e19fcff9051155d8423886b2b001d2dd9315ff |
| SHA256 | e6a9685c8c33b052d2a896035e9f56cc17f85b5a016b618774f9085e9c5df000 |
| SHA512 | 3ad957e0f330f425dc49a0763004cfc237ad94936af411f523471309adc38072eed7fa3acb7f24f4d32be5d983ed9578da47324c10461f4490e8e23e4380ba89 |
C:\Users\Admin\AppData\Local\Temp\icwm.exe
| MD5 | f2bb67839ce23921e0e5938e511a341c |
| SHA1 | ad88c04ae03a89df3633406b1b5dc5fc44e283c6 |
| SHA256 | 07c6f592634d9c753e900d1f32253155bae1444d5f6dffb261e33ba39917c7cf |
| SHA512 | d4f93300b8805d3206d746d9f8dc8ec58cd93d882ec3e9d08761094305e4781485a9727e1245eb5cca36dc5e70c713669f2c477f9811c2bddcec7771d53d601d |
C:\Users\Admin\AppData\Local\Temp\KEEm.exe
| MD5 | a7cc66b216ce2f52a0505695f9b0e4cb |
| SHA1 | 594398785a4e799ff519fd81606a37f3778169b7 |
| SHA256 | 68b5521ac413b6903cd030569e54547f91f070cbde8a83bfc8d674aadf518930 |
| SHA512 | b6473119cd3e90bc14603038df3fba61002a2aa837a392bd254535775a3ebcb3292372cc8e2860a0cf899c2d7a15cbe332202febc17e758eee82ddd2e2d3b6af |
C:\Users\Admin\AppData\Local\Temp\ooQAEkkU.bat
| MD5 | 2b902043da0b6351b3c12a92828a105f |
| SHA1 | 9768df24f756bd943c38abade569d9f3ba9a1a84 |
| SHA256 | 0d46643f5777fe908a495a4dad05c664da7266078256a82efc497fd69f6cc882 |
| SHA512 | c6bbd3fbdd699c4bf5a24a2d5fb44bf90685177b0d1f506a97244032694550c6050285717df41484de6e9152c70b264f4408b755b0b851bd0103a7a55ad3a5c9 |
C:\Users\Admin\AppData\Local\Temp\wEAq.exe
| MD5 | 8c2bfa2939f0d776ae2858fe3a9d4115 |
| SHA1 | bd622429a7289480abaf555eed7f03ae98277997 |
| SHA256 | a633725bdb49ae00aa0bf03bf41d07e35fd0eee9f6b9e39e2a029bcbcc7f46e4 |
| SHA512 | 16d4e8f0ca12d2d53c3e46f7c2fb6afb01b4d12bb51d01b4f91c5823b32b7f7956197254bee646225e461c4c71f7b96b4c5be7a3d5923b3c91d13535ef5718cd |
C:\Users\Admin\AppData\Local\Temp\koUq.exe
| MD5 | 70f1568489deedd418683ab1173f61bf |
| SHA1 | c06a154e16834fd09418a509799b3934b4718e73 |
| SHA256 | 51575212339570408babc7a34a6d7ac5c4111bd0bdb149d1778742d04fec0885 |
| SHA512 | 81908d58960382129c674bd2100bea7833f833b3480a37728a294adf4c48b7daad73598256a8fcfe66d764e05918ae9d19485701919a8451047a1dd3f2bf264e |
C:\Users\Admin\AppData\Local\Temp\KAsQ.exe
| MD5 | 38549b67608eed268791b65ac4ab7360 |
| SHA1 | f94ae0317dd73d04170a6a7f157432c7b337ce91 |
| SHA256 | 60cfce87c3ce5657366b22a86ada0e41cafd7f2d5e5c992f46ff4f4944e249f7 |
| SHA512 | 1fdcff628c9b1572c15e6eac01b426bced10f065f2b03624112fa89f0dcc33ed7528f8a5b536645fc9b875edea58af7e482a0025e7e059002ad519e3f8ba3bf8 |
C:\Users\Admin\AppData\Local\Temp\GwIw.exe
| MD5 | 573f1080a825313383b64ebd3f2d8ee1 |
| SHA1 | c7db08f3aa0659d559d573c6b28494fd7d135515 |
| SHA256 | b7a04539e018df4337a16deaf4253d7236eafe4941fd47c288e1a1b633697503 |
| SHA512 | 24bc9f2679bed4f344a21ac382e2df8346fa9b652bc78a118700a60c076c6d53eac2206fa06d7512fbb4557ec8cc44fd584039e3c0b184415aaec667e44ba62c |
C:\Users\Admin\AppData\Local\Temp\qMwoUkQg.bat
| MD5 | 8bcf02b0244155c191aa45a8185e9c2c |
| SHA1 | 6c3350496880e5984ca15b777fff450cae8708f3 |
| SHA256 | 2de1d28bd5f4c8561cc4ae886c7919fb7e839b71dda71d4155b5cd0356e7a825 |
| SHA512 | 277e865148f89edd648a96f05f6a3b529fca6d86599d959f370c1822c4bf1b0398b3024b55272f449cf1b2cb984b1015f911e5ad0dc38729327d2ce3789014e5 |
C:\Users\Admin\AppData\Local\Temp\YMcQ.exe
| MD5 | 7b231747d0327f6a3c46d20f79cbff29 |
| SHA1 | 0b128d66b370f76125e4490a9186447391a2c16c |
| SHA256 | 0a73a74245fad69a0fe28d9d0fdbddbe4ebaa44a61a3b66e0ea21d56b676b5e1 |
| SHA512 | f4994004a9eaeaaf82a0bf5314554fe12d48b0d104c3df02a345a0a2d48db0de8f0cc7a82bc440831f0ba84203cef4e3809383617f05cd58949a7f8d7db404d9 |
C:\Users\Admin\AppData\Local\Temp\UQIe.exe
| MD5 | bb5a10b2bd5d672ebee75c8f32dc73d9 |
| SHA1 | 704aa79a1130e1d006187f4b9075960a6ab6da2b |
| SHA256 | f3b24f5a825a5267734bca7ec0e5e0453253034cdcf97d5ccb985f4b2a8309c4 |
| SHA512 | 1bc42d10929a2cd42f10888c392332a7627e00bfd8c8b6e30aca1e0a562c3c10c8bec8e02dde23069cbbe30e7a33acd0b7fa44e7a2a3dcf0f5cc203e59506935 |
C:\Users\Admin\AppData\Local\Temp\woQw.exe
| MD5 | 9eac657e0528510533393fdbcc7d00aa |
| SHA1 | 3bbc49dd93e95d60a995f7aee6661698d8c973b8 |
| SHA256 | f8bee577b1a75c7aa88605cba6527abb55db18988b1e92f2578bff94a1e2aafe |
| SHA512 | 0f33857142eb6b23468fb26ddd0f4bee9b2f3380a0958c46abeeabdf3261404095ac45abb6c84f0b78cd72d4581b185e3d05cb038b013a27fe39e33b5d04b48d |
C:\Users\Admin\AppData\Local\Temp\KUsYgkoA.bat
| MD5 | 71d2c6b9a915ddf30586306daec1387c |
| SHA1 | 8aadb3b67063f04f0e709983f0d7197c9cf339cb |
| SHA256 | 1920bada74b46b6206bc89272f780345c1326c6f56c2362f5e1f643275ed2d6f |
| SHA512 | e429237412a4a63348d47d2a171eb658579f2db55db65d584b3e76317aaa0c46b223336152eae274045569dac2b31676d3175b8ec5049048ac1490198ab7c0d1 |
C:\Users\Admin\AppData\Local\Temp\GQEw.exe
| MD5 | 300863f737708143e1e45e680d091844 |
| SHA1 | d2b4876aebffb771463f975b0f5d5752c2117841 |
| SHA256 | 01e3455a353b1f61da72ef0e59627474c23268a1e81304fa69921ca4a6b3e9a4 |
| SHA512 | c48ccebf3f6a9ff0863eca39fb691077b48d6e6a0a59b38f5e38cd9d9461e34047078a037af42f5836696e18449071517be96818f9ca18e8c0064ccb7b5642a1 |
C:\Users\Admin\AppData\Local\Temp\OkgA.exe
| MD5 | e77d15612b7f10019d04e7ea4841061f |
| SHA1 | 847dc5a8b17cebd3fa9feada0f57995dcb685bd0 |
| SHA256 | 0aa4f46edb73cdd2ef37330f28dbbf56cce6313165521bf505904678ddc72812 |
| SHA512 | 8fbcacb475f31b3ed9412117577786814ba0ad1f68c8bae8d49f4622ec8b24ee2f19db7c50c12261152112e4d912cae8903454f27234d685c31a9503539866c6 |
C:\Users\Admin\AppData\Local\Temp\QiEgMckI.bat
| MD5 | 3be19d009bc9b91c2e993b4348eb3e1d |
| SHA1 | e4e1245da10a40db05a7070c75f0bcb8fece37e3 |
| SHA256 | 35254ecaaa8fdae7974d4bea245dfd21efc22b5d0cc5d7dc43ff388f48d07ae8 |
| SHA512 | bb663186d45dfdbbf08430b48e4d08ebd5c965fcaf5db64146ef3e86718f43e0df5ef93ef4dd9a67d45124f3857bbaee2c259bf5ea3cbb6b65be1fa64252de5c |
C:\Users\Admin\AppData\Local\Temp\WAci.exe
| MD5 | 18f421e81a7c45b03594d878edd37241 |
| SHA1 | a2e225213d5dca38075a1d6d87306ab4802fdd88 |
| SHA256 | 341146ca50bc8feba4e1caa6d43f5af3957fa78fa949f944b996ab93991e7acd |
| SHA512 | dce7f7d7323d016defd159d4d5d49b82108cb634ab8abd3602c50fe66690c6a175b561ba1625b9e230c55a25bd9ec97cd0aff201b3e28f9a5167fc06b49b1580 |
C:\Users\Admin\AppData\Local\Temp\mcsu.exe
| MD5 | 07a5c350d985d1d23128d6c005d8b82a |
| SHA1 | 64231e9a43559f5cf058dd7cf8375ff7e1bc925f |
| SHA256 | 23f9ab13c331106c316207784beae01cdd6febc011edc118b41585ffd3705da3 |
| SHA512 | 2bca3581e9a5f96fb90efa0c1ab0c1dba33ee84afb8e42fb161ddbe39dd9b9caf752813a99fe07596f1ebbe65d0e930b590cfa80b9982d7d287056d83c1b3bd8 |
C:\Users\Admin\AppData\Local\Temp\YcUG.exe
| MD5 | bcd6472070acf170e5a5ab54978efdf4 |
| SHA1 | d3264205cdc3a373e066ee1f4b16fe9f9737d8ad |
| SHA256 | 7cc7988f729d36e76f64515a0a69ee3c92ea6cbd66b0336ab8bebd2dfe855344 |
| SHA512 | 5738e9df642974f7bcef68073d006abae738caaa426b8aab0822f16dc908900fd479813af94ac0092d2fa755801b4e8f2f7dd41c0f4cffc79f614462ee22d673 |
C:\Users\Admin\AppData\Local\Temp\swIM.exe
| MD5 | 0db4b299faad58433debda440a96005f |
| SHA1 | 6d7120b78c0048621ac1a8a2d6f74cfa0f2175f4 |
| SHA256 | 157c907c28d6e9ae1764085bf3755f146d19b3b840d444b2cc210799de8c377b |
| SHA512 | 775e234732b2dcfb1583c2acde4261f0eec9c5b3e0f61d581410955189939c9c5a4528d64334e133c998ef65a55324a16f733665f24326c5f2a9ede0da0a6287 |
C:\Users\Admin\AppData\Local\Temp\pCAUcYcQ.bat
| MD5 | 7cb7cc8ef63b89db73101d757364d443 |
| SHA1 | 1e1b9878b410b10180830bea6f9157754dbac495 |
| SHA256 | e12ceff8f6e3caa1abe94adb7a0efb70b345e89fe7a3c4bb5fe02a16033eb597 |
| SHA512 | d3f4873301cf848f40437286a479737586dcf7a77d91cce67d03b41449ce992bfbc50d0913d3ce47e5e21a1fec7f30ca15d113b385110d4e73476453e0626557 |
C:\Users\Admin\AppData\Local\Temp\CgUc.exe
| MD5 | 5f6c22951014d7189e35c29b9c68eddd |
| SHA1 | b6d6e02fc246880ae19b91f26fa4810a21ce60d5 |
| SHA256 | 16b3a9dbb6e9760f6b3b9776d933bd077b7cfe70caab1ba2241a7a34db8f085b |
| SHA512 | 6710a2b615b4075a5a48ae63be9220f4d75ed6f6637c05244a968e23ed3ed5ecb54a0b1ae91b48567e4bbdf31dc6dc83646dc6f8e99fd16be82f9506fa096b65 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\48.png.exe
| MD5 | ef21ddd0f07f312f486b4eb6b70ecf84 |
| SHA1 | 5091519d345cddabda518491f33bbb1119c5bbee |
| SHA256 | 6d5c27c9c4922ed8c0817a418de06cc6ad532745b0639b7081cb1f0f8f166eed |
| SHA512 | c4d2f7c2c04e5acfd96525bc3af2c638fd603b89541fc04042d0348d8857d1a47d1ca02b3169a164c5a10ca8b9a676181c63cf2ff046e62f7763646301ede00f |
C:\Users\Admin\AppData\Local\Temp\WgMo.exe
| MD5 | 063a12d20cbe2cceef9059d8178caa88 |
| SHA1 | a201b4527a7c2135621cd9174534de31bd6856ad |
| SHA256 | 56b082ab613b9e95e7c21d045ab01c7565ada518453ec012f28b5e9bfc1d4872 |
| SHA512 | 2935492ef60393cf6a1c5651e8ede5631c9b0064d3f211db5cb96b55c77175329dc7c2c0c32ff6f5f3543ec930233e44b3b073a9a16adeb8e743b4968d066c6c |
C:\Users\Admin\AppData\Local\Temp\wcoK.exe
| MD5 | f3b2b8adba4092ade83bb301e6bc05d7 |
| SHA1 | f5ee678b1a6304c08ef43f51c7f4e00cb2c37c45 |
| SHA256 | 258fcd72a26b4612fc39bf794c385be377e8ec49199adcfab6e949367b2e3b2e |
| SHA512 | ec1d38be582f3fdf851dd4ed4cc20b7d2c395689ed6578b3b6f2c8839ad508c02fe2a18ae0f3bce9edad2e4b640b44cfb0bf1c8c5a43df5e1af2cd5a360885f8 |
C:\Users\Admin\AppData\Local\Temp\SkEU.exe
| MD5 | b908997a26699e8c75bde76d153a1f75 |
| SHA1 | 670872144a4ebba19eb087c4bb0df67a15863279 |
| SHA256 | 41b6af4306af272d828150cb93e9542c5d2131915d6110906a7f918e1fe3a692 |
| SHA512 | 6c4e46e675f1bd5f35ac59cf8042068aa38d7ce3cae20241390a5a6b376254ca1ca7f5da6ff31611dc73d1784eec7d0097167caf5511caf83bae5f1e5a2b927c |
C:\Users\Admin\AppData\Local\Temp\sMUk.exe
| MD5 | 081a0a7cbf122d12569c3576d3116576 |
| SHA1 | 5f3062b23ffc07b3ed9ca19b30cf65376d583966 |
| SHA256 | 7ff1b2b28aff5e1f6b452d409edf6012a4e342f45b20f5dbfe4710cad22bf413 |
| SHA512 | e36cbc4b0e3a5359fb11a968d338106b247f130d48e73e7ab3f008f98efecbef7e0006f596db9dbaab9338cd08d40c55631f33d2d3a44d9aac40bc7a6a8f70e4 |
C:\Users\Admin\AppData\Local\Temp\nmwIMwQI.bat
| MD5 | bef534a03111e39bb25a255551de275d |
| SHA1 | f10d3349a839e1486f86d254f4318df5a3dd8bff |
| SHA256 | fdc152d4ed0fa728bf82f222cbe6179a5b442033ae30924e534e510148674b52 |
| SHA512 | 0511a609b819ac3d6dedfcc040579eb5ab4ee703ce7502e7e9a6b8e35943a85257d4f370c16922e0b6946d8100dd983f60fbf5d66cf335990e0feda21c798cac |
C:\Users\Admin\AppData\Local\Temp\WEUU.exe
| MD5 | 9cec513cbd0470667352a3c8d741e08f |
| SHA1 | 7a01776944b5f7dddf2745ba7b7b9e258e891da8 |
| SHA256 | 8be8a32ff1366eb8948852d21233fe00fd5435ce48fa8bb7b994c70c0c191a95 |
| SHA512 | b4dde7d883031c8c7ff8ae39bd1602771b258e592de80290f4229dbeee13c67ef9ef7a105867f19aca83970a4c75f36ecef2ab373a2ed6580e615a405622ff1b |
C:\Users\Admin\AppData\Local\Temp\aIUu.exe
| MD5 | b52824026bf7c3140b6e8f941593234b |
| SHA1 | b7d5aad329705a6aa9ceca54db73e2fb0b6ca50d |
| SHA256 | 00c1ae91e2921131673ae3b0512b1900182bb4afc285b5f58fedca098c29fbf7 |
| SHA512 | 702c5ef670a381c25b6974046e365ccf740c3380b224ca48345c06df50ecdc80e1da42f6522a6f778c2493690b633af45488ad1b1ba4149bcea293198b9e2d76 |
C:\Users\Admin\AppData\Local\Temp\dUkkwIUU.bat
| MD5 | 73536694c72d8320dee0056f6fc42eff |
| SHA1 | 21a50575a4d535cfb751cd0806a2dd96a5df10ed |
| SHA256 | cbafea70c008ad378236845c6f18b2e682304940e7af3096e01376cf003e8285 |
| SHA512 | 86668d64498527b8a554858e7a098bf979ba34244efc1661b8f81d74d7a6bfa71999636a75806cb9af7911adc80a30c559613baae485a11eabeca7d95f453a40 |
C:\Users\Admin\AppData\Local\Temp\kaEEYYcY.bat
| MD5 | 987a9746130b7b00b094319a790a12e1 |
| SHA1 | 93021b44da117e770a830f361c7711bd43979e19 |
| SHA256 | cffd9302a9208ca3b37a237b9f05656487c94c520e00cea7b1eae02c2d216b1e |
| SHA512 | 916aa5dce7659e4686c52333da819feebc3631979b467ee7cb404ca63721f2fcc345d2445efd67fbf48b94fe7a07300b1c98d5ac812754563950e0a85e0eb811 |
C:\Users\Admin\AppData\Local\Temp\Qkkm.exe
| MD5 | 50fe6291ec5505f9cad28b3ba41e92da |
| SHA1 | 250cc26b3a352d654c4723700a8f7bfa82ef1065 |
| SHA256 | 97732cc1e645d3ad25981d6ca3935665acb0bdf3ad6ff47d9fb4b90b690f82fd |
| SHA512 | 33d5ceb863c52520637a2701a41cf77aca7441b9dd359248415302c69d1cf1da41f8958edddccf3673fbda1c037029b6b345a80fcf9ead02c0b9b6510478da6c |
C:\Users\Admin\AppData\Local\Temp\mwwY.exe
| MD5 | fb3c7a4f35cad0aced105971092633e6 |
| SHA1 | cf91ecf178b20843587bcbf3299a146597bec0e8 |
| SHA256 | 369f674d14e9dbfcf57eed5c791d1eaadf22ca54f23e41e38c1fdc117b728d9a |
| SHA512 | 9d1d85c625d67c1c5f5b0e414f969a880a20a9c2af4e9f5bffb8642d62f56ebb219f0884c0f03560f2c7a52cbd581d2664922c08846fabc6e0ce2eae9026ae9e |
C:\Users\Admin\AppData\Local\Temp\GEoM.exe
| MD5 | c8b2f12611c0954958022b95b8336721 |
| SHA1 | a7bfdb90fa392f87fd002be16caeccb3918bf31c |
| SHA256 | 8d42af5b88db821de3e72dc1e6c6e79dfedbec323564848c39aff59381354239 |
| SHA512 | bf8ee44a30cf1c63612f04362165b6d69d63fd815929ccb478be64caaff6bbff52203d462eb4b3c3204e273d6e8e8606a39668c1fc310d0ba5cf4c9e0a1ef8f9 |
C:\Users\Admin\AppData\Local\Temp\MwYy.exe
| MD5 | dd7ffe84b28e78acd40738480d70d38d |
| SHA1 | 18d7f7e51867699df43c844bed06792343b644d2 |
| SHA256 | e52dfda3331ba26b1e2e8145f136054cf9ca7f8c2bcfa8520a6f0366a3e44e4a |
| SHA512 | 6cc362950ec1289b7db6ac7490e89fc29d8f6e60925644daa188828a1366e45ea13b789145f04936f68ec202c7fe9c55f4901f4b0a49f839cf12c24fac8f5a85 |
C:\Users\Admin\AppData\Local\Temp\uEQC.exe
| MD5 | 8df8a072b067a80a0836508555e41d24 |
| SHA1 | 2a80cc4460fd4ca23d4044f1204b2f7535532391 |
| SHA256 | f4c4cdaaf7785048f77cc53989256fccc462043d580df26d048443aad883f28a |
| SHA512 | aa8402ab5573cc82babf3f6f4ddb6427b21c8e6b35e1a902241ef11322157b3445c4c792a5feb3f0bad8bfc95010431d2f3364ff624f1934e690ef044967b295 |
C:\Users\Admin\AppData\Local\Temp\ukwM.exe
| MD5 | 90144aa5869e355e7f64f5b18fd7fb0f |
| SHA1 | 7db8e0a2aba9fdb3ee8f8648fd8b1356d5967e32 |
| SHA256 | 930f5760f39dd54f2269a5d149a5920e0cd2aea9de834d74f34d2b49d2e2c2e5 |
| SHA512 | 020c77804c86841328c498544d966f15f299cc6676c6a448526be669b998ee4c3d5db4b8704c3779413e0960aab5c28a662e1d1fa48a8517ffb3bc2b28091822 |
C:\Users\Admin\AppData\Local\Temp\McogoUQo.bat
| MD5 | f3b4dc26db538df68e000e83694ade39 |
| SHA1 | 8da62b69b74f4a3093851a9855c1f0f2f3c822f9 |
| SHA256 | aee4a00179fd4052f6c131aa00b25dd34072e29f733a6f63852ef889c6cadfe4 |
| SHA512 | 77bb293944ef70dd33db191b6385776456a7b9cb758d1dbb0b040ab171ec60de27d40f906535cbee920591d4ceb5d7d4c0990ee9e7466481283c91097e8e3779 |
C:\Users\Admin\AppData\Local\Temp\IYMI.exe
| MD5 | 1dfcdd0899b7947cfa8668ed5847f008 |
| SHA1 | 0bb5adb431fee4b7eab12b1110c4b4ce4f7415ac |
| SHA256 | 07f9508814af3979200112226b07aedcc8f28ca874aa0b459966fc588381d858 |
| SHA512 | 1a186b555efc990657edf9fdca196a5f12b350191d069273c9307d28b937ae2d86edb1ec88f372e23826c7fc4fc1329dff35b1fa484bfb5777f7ca93a7618337 |
C:\Users\Admin\AppData\Local\Temp\iAIO.exe
| MD5 | f711268cd79d81100074d7c9c6839de4 |
| SHA1 | 80b9b3df456595cc07242b3ea2701db9188da4c6 |
| SHA256 | 1a70e414df66a307976fad71ed1a4a022aab2fb70e0221b8afd3b0b5f3f10aac |
| SHA512 | e9b3fc21151e5f336133cc519278b3f63a81b1fc383ff0d877dbc586519527bb7c18297d7887fb09bc249616c2dc1e564d65d2c201ae6358de0b9a63243005c2 |
C:\Users\Admin\AppData\Local\Temp\qAcY.exe
| MD5 | d1cea3099ddae1d292cb30602d5f83ec |
| SHA1 | 6c01c45cfa159cb0d8578fe6f10ea62e5a114135 |
| SHA256 | ece500051e7bd288128badb06c989e2f5f9fc175105314c5aab56b2033147524 |
| SHA512 | fc57663626599b4321d958f64d4220d641ff2e4428c16f7a80bc3ac7de47898caf05cc68df73930248fe5c656fd19218f336b97deb2fdeb140ec5df2cac749f7 |
C:\Users\Admin\AppData\Local\Temp\qEcI.exe
| MD5 | bde0307a98dd7be6106ebfd8f6e59bbf |
| SHA1 | 9622598cf2e523e597574807070ee07dd1cfc716 |
| SHA256 | 3c2b7ba524809f1fddfd8749e0dec3209e31dc1e9f9e8829a7190fed3d2c5613 |
| SHA512 | 23b38a6c8d93da545e99301c68b0f85e14bb3bcabc6b1e07c0150d1fff9eb3c70416a8cddffe51eabd9feee05d164765e3c06d0294ce72adead9b3d6c82d61a1 |
C:\Users\Admin\AppData\Local\Temp\cUsYIMUA.bat
| MD5 | f7ef35071038f3bac3d75660354f8ff0 |
| SHA1 | 176407bc606d7199e5be916326421896f54eaa44 |
| SHA256 | ebc3987b4c41c01865eb2e6ba80d38fbb6f3011e1cc13dc5150f2d8d1daa5dbb |
| SHA512 | bc959f3573e192834518d720860c9e65c0212c0f5e2dbf2d41f1a648e332dab78e55a46cb02b9a42711ab6a5c3bdd8edf5ef02d09cc1486807d873d20a96a80b |
C:\Users\Admin\AppData\Local\Temp\SQYC.exe
| MD5 | 4352b0617b756e90b88893cffef0e46d |
| SHA1 | 6691bb25e777bd3f85b8ed4fb312cf2ffa04a6b9 |
| SHA256 | bc7447fd7965b1a06f594bc718359d9f5f60d5ba26e96d1229b93b5837295df1 |
| SHA512 | f43ca0caf275728c94fa6890f56fc59bee54af4bf4c2418fa2ebd37e3272daf96a097557c37070b2f685a390a29dd6eb67123a2d33675feea9552911af51fbe1 |
C:\Users\Admin\AppData\Local\Temp\YooE.exe
| MD5 | 66bfa97c27ea6d6096561aa9594e4564 |
| SHA1 | 41db4335ccf47e8067cc3c3a3ba92fa2f8404e93 |
| SHA256 | 98f041d441f5b08b3b660d2270757e44c0223496e61912e8cbd039a928818131 |
| SHA512 | d3701c2efa7120f4fa800211eb3bd3038df7e6fc90cea48ac080d0f19624e49debcd436ed1965aedaa4f9d66c62e2d7babed59675feb705dca305a8076d0d5d4 |
C:\Users\Admin\AppData\Local\Temp\IsIs.ico
| MD5 | 9752cb43ff0b699ee9946f7ec38a39fb |
| SHA1 | af48ac2f23f319d86ad391f991bd6936f344f14f |
| SHA256 | 402d8268d2aa10c77d31bccb3f2e01a4927dbec9ea62b657dbd01b7b94822636 |
| SHA512 | dc5cef3ae375361842c402766aaa2580e178f3faec936469d9fbe67d3533fc7fc03f85ace80c1a90ba15fda2b1b790d61b8e7bbf1319e840594589bf2ed75d92 |
C:\Users\Admin\AppData\Local\Temp\AwUe.exe
| MD5 | fb7dffa251999818609e86382afc97cf |
| SHA1 | b2eae196347ac75e6d621f833a7e0c572540ca09 |
| SHA256 | a76793f66bb8a7ce0784326b83c08265f71b8587a1d12a9b8b601b95cfe7fdcd |
| SHA512 | b097629d5bdb3eb2a0860ae52848a8df019b5a54bd2a67c5223e17f15882268202498fc1721d8568b124eb481e938a458f2e36f3eadfe3ee2f5212fc9d0f45a7 |
C:\Users\Admin\AppData\Local\Temp\EUQU.exe
| MD5 | c87972423e7c8589757aecc4bc719ce0 |
| SHA1 | ad040c46c15295897a17dffdb2bcbd8f212eed25 |
| SHA256 | 5e8bb23d9e107ec11f8a3a4f4a5132ee73eea57ea2504458b6e589227cd15a6a |
| SHA512 | 2aa429569cee13e15e0b2bece178c4533edb3b00b70bae9378ad41d5e50a1190f4ea6e0f112f3336932d244966a43aced5a36976d78f15ea3f953017106305fe |
C:\Users\Admin\AppData\Local\Temp\mYEk.ico
| MD5 | 0e6408f4ba9fb33f0506d55e083428c7 |
| SHA1 | 48f17bb29dcd3b6855bf37e946ffad862ee39053 |
| SHA256 | fee2d2cfa0013626366a5377cb0741f28e6ec7ac15ef5d1fc7e286b755907a67 |
| SHA512 | e4da25f709807b037a8d5fb1ae7d1d57dfaf221379545b29d2074210052ef912733c6c3597a2843d47a6bf0b5c6eb5619d3b15bc221f04ec761a284cc2551914 |
C:\Users\Admin\AppData\Local\Temp\ksQC.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\Downloads\SkipUnprotect.mpg.exe
| MD5 | 024b9b6e451a82c70506fcdd21a893a5 |
| SHA1 | abf72bbfb28ddc629241ced4cb2184e512f2df2a |
| SHA256 | 5b954d2610c8e2e89403651057e27f6ea8a7c9161191b4cff86e586ec2e603c7 |
| SHA512 | 3302189824d3c754ae566336820c267873658b124c34bc069b7b71d7a341b57d05a5611b7e8b0ce7d8a3c7cd9b3a3294980dca404f1dd7f69771631e98765708 |
C:\Users\Admin\AppData\Local\Temp\SeMMoEIg.bat
| MD5 | 7ad62aa14c9044429b96b0607deff6c5 |
| SHA1 | 5c2f975ee1a03ed17521850a905deb9a42e5a51b |
| SHA256 | 8c3dd4c790a83861188c7e78e43a3b4776891a8c3a42e9dcfd7498e337aa800c |
| SHA512 | f9ce6374d8f8c76531fa019811b2d32f2af4506efeb1260836ee079a94dcc4b812872a95f9bfe39394f8eec8d84a155d56f46087085f0612cfa990a045950ede |
C:\Users\Admin\AppData\Local\Temp\WUga.exe
| MD5 | 8497fa1d5d287906a7061b95a3dbae46 |
| SHA1 | 5ac8fc8d957ad951a089423d4f075826452af8a8 |
| SHA256 | b2e285c2cb1c547ed6470d449fa5f626abffe3827a88deda83717aa7eba4c17a |
| SHA512 | 0f5086f0bea0313d6ccbb46bd56d69be223804399fc0a16bc708b4d7ad79f99a0e32d74bf4b2005d3df4f3b0e4decc0dc130fa297687801db12a26238cd253d6 |
C:\Users\Admin\AppData\Local\Temp\mUoy.ico
| MD5 | 5647ff3b5b2783a651f5b591c0405149 |
| SHA1 | 4af7969d82a8e97cf4e358fa791730892efe952b |
| SHA256 | 590a5b0123fdd03506ad4dd613caeffe4af69d9886e85e46cbde4557a3d2d3db |
| SHA512 | cb4fd29dcd552a1e56c5231e75576359ce3b06b0001debf69b142f5234074c18fd44be2258df79013d4ef4e62890d09522814b3144000f211606eb8a5aee8e5a |
C:\Users\Admin\AppData\Local\Temp\CMIM.exe
| MD5 | 429edfe09ea6915247c54f7bc3eada45 |
| SHA1 | 7e0153df292c5f78ac5aca29e8d920cf220c934a |
| SHA256 | 2363e32ea2880862e8af92128c9d0341e0116d0312d1a29e6b6edc87088855ab |
| SHA512 | 0bf8a57c5e6d608b0ac63cd01f75ffd8e143ac9754653e82da0373de15cfaaec3fb7c9d625a37dd36164e47cf75feb0f17fb9a25e9e9810127a43ebb28543470 |
C:\Users\Admin\AppData\Local\Temp\ScMI.exe
| MD5 | 73555cd458e3981bfedf3dc71117648f |
| SHA1 | d3695d283b6dfe74aa5df141ed026af483328ba3 |
| SHA256 | d87e639d57db97a18d58314cbafb65f725437e58a2cf3f45e1f13f230403ef14 |
| SHA512 | 66a5f28c94aa60fff5e747a51ff7394b2290ecba51d1a7cba516d47a573c2105d0a1c97125c773e8dea705fdf07cf1b65725c7448e7145b3616f17f6bb926220 |
C:\Users\Admin\AppData\Local\Temp\sEoC.exe
| MD5 | a78a6bff1d68ba0209e441a831144ead |
| SHA1 | 81e556d2ec08ac708103ed94826a4c6d3c629f91 |
| SHA256 | b89baf0ff52a3c7d8ce03b584b435c2ed5f5f77487af22c9192f9fdf934f4047 |
| SHA512 | 4951f042645716a1766afe18828c9724e29a9d6f4eff1b9e16712aa4b796296e9e91c13c5da11703e0cb1bdc054f37c713e0047996d0df8d8a662f5bd6549b64 |
C:\Users\Admin\AppData\Local\Temp\zUcAgkYg.bat
| MD5 | ed820dc74fd5425f94c7391b1ac916cd |
| SHA1 | 1342626ba17a1a3e50362e920cbeda061c196c6c |
| SHA256 | 0dab21a13b21972c88d06fd740f8654754165a93cad915b72f845ea8e45b60bd |
| SHA512 | 65e8179a10d5d1e5dff2a4a907851bb7a67138a696594d141e8f03e6cd31fb3ce281695f44184b7c074fef174e4ef99e26555353d666effe5f31bbacc960f663 |
C:\Users\Admin\AppData\Local\Temp\WEMS.exe
| MD5 | 02fb6a60c5519820d702dcdddcd45ad9 |
| SHA1 | 9674eb253728bedfda39c124a4e877f140ace230 |
| SHA256 | 5c933c0d25de514120df7aa032726fd095e5e80de8a4c119dc0ebab15431383f |
| SHA512 | f2d4209de4fd0066dc11ff7c640b52a0dc4515d9da98e0df80a7abc7823abc8cd490a36bfda428909a2d3a3a7c4deaaa577bfe0e9ad6c53bd246de8a6a1e2614 |
C:\Users\Admin\AppData\Local\Temp\WAke.exe
| MD5 | 693e0d4e1a263669089dcb41db0ec340 |
| SHA1 | 9f3cdfc33fd5fada134c56032c3d40cd333a3c2f |
| SHA256 | 9ccb912ff7838a826b625cf68bcf058bdce98ad57449dd2b643b9fb3e3c761ed |
| SHA512 | bbb80a34a9518d00380ea8afda7ba7b969c2d498f310d37dddb11b44c913c046e109aeb166589f3bfd4ac6df8809408b30119d931c6d96578d819f562911b52d |
C:\Users\Admin\AppData\Local\Temp\qIIw.exe
| MD5 | cb22b00c8d137ac11b9d2aa9ec34e5c0 |
| SHA1 | ceb0647de480f617a521ae8977d6e482fdfad884 |
| SHA256 | d86ec837f554e27bce3417a3c20dc779c66d65c88ff2c0b2a29083144287ee3f |
| SHA512 | c6522499630bb0b0a67e26cd9317f03ddb3f6ac3865694e7fb65259a627f05d12ca97c124d7f24f9232930fa2fcae77abf83153f50f3eaa026c63b4abb14c728 |
C:\Users\Admin\AppData\Local\Temp\rsAQMUUU.bat
| MD5 | b2a7d42025333440d0435a8d701a8074 |
| SHA1 | e4ff8d692706754e96cc6c1811de844bdb60fe23 |
| SHA256 | 037231c8913b534575da94fd4ccaa26f5e2dba44c3d037c0ac1ed13552fd4384 |
| SHA512 | 5f1696e894c12c0f219c008c40bce79a81029c6d5d4c0be1a4a5fad96b9ff7c021f9c8228daec80109d6af042026f81e2c6f848f3b6ecc89fa4905c0751c5f00 |
C:\Users\Admin\AppData\Local\Temp\IEIK.exe
| MD5 | c7e548f64791415a746318853af98928 |
| SHA1 | d541a6b22d6d32ed7d6ca44514a6a0fa6a007600 |
| SHA256 | 8040b7b18d7757c6c68556480186bad8b4584427a22a33077f77cc7ce9bf39d4 |
| SHA512 | be00eb701ad5ff983671d72eee6a2d45fc6ccb307ee895a9131d3363ccaa58949102c19aaf8cee4b6033870f687accd436921e55bce24dc3ccb1ba145206167f |
C:\Users\Admin\AppData\Local\Temp\eswy.exe
| MD5 | 58a25ba7358f18c53035ba58f3b9d234 |
| SHA1 | 342e608396612c6f7d80b7041c54474520181002 |
| SHA256 | 30c2015f0189441bf692650b8153d1536ff0c3b31842c67ec19d59a4898b5e9e |
| SHA512 | 55bdb6d68bf5955ade68ca59761e10a3087ef6efbfaa79445190d21161bdcd5b02d3e7b5bb945647f48ac26519cc17f76feef9ecf16ad10606afd3ea73fb2b7a |
C:\Users\Admin\AppData\Local\Temp\DqUgcsoI.bat
| MD5 | b273c9322181e56ecd73aa3c489a5980 |
| SHA1 | 5ba63cd0e02370f6c57bef616885b84137bec079 |
| SHA256 | 2ccbc9bc50d356f67a6cc89effe915399272022d02adc230945a3d855f7f7c42 |
| SHA512 | 3e8eb6bf2cfe124158ba8b845e0deadcfa9408291a353e6f2d58b8ae3c780492acca13e44ceddd0cd99410cea82adb3035b3884b1b4453df5d73e5b6acf7b3ef |
C:\Users\Admin\AppData\Local\Temp\osUg.exe
| MD5 | 64afaee796550e7f4d17b6716f29ac42 |
| SHA1 | 9971e0e7304c9406df98f2c6e78775a1e7345eae |
| SHA256 | da6086c10e1f8aa2a390cf0b75294aa8538f19c6b955e03719240fffb4d0b5b3 |
| SHA512 | 9f2a4303bbf60688bc798e3f791653d73a9fb259b3f3639cc73ebee7091e0b371ecdae04052e20a38cb97c1c798bdf0bf06272c9a05d4290954288c12bde4ff2 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile10.bmp.exe
| MD5 | 022c118bd1921ef892e9663113e5cae7 |
| SHA1 | 5de41aa5b006e7511fda833340f5dbc420610bc5 |
| SHA256 | de91fb4bcc189747267ac04d7f15f1dcf3b97dc9312a39ebe2246ce7336cbbca |
| SHA512 | 5509783829326c90f42ae8b28127814f29dc2c3b5b629fa3f4eea1531d124e713a33a17baf6ca71728dd5626b9fbb24b457fe06f78b3a58233dd145c7d452cd5 |
C:\Users\Admin\AppData\Local\Temp\Igsu.exe
| MD5 | 5c9ac9ab135b3e83c7846ec789c46434 |
| SHA1 | 75231f7f029bb81ace086f0c843932ab143240bb |
| SHA256 | 7d43795af512c9204eaab910c6b632507842b56212a35e2917dbd80cfeb954b7 |
| SHA512 | 5a6649c1850b9cc38001dfe1022f3e1f04b63b61dc0c696bad18aa2844777ed4b78a40b6650c6d0590ff99d609f5d616526c507b0463ca29bf8581b540495975 |
C:\Users\Admin\AppData\Local\Temp\vakgwsco.bat
| MD5 | ebd4d38531ca3473d3715f8a0c660d07 |
| SHA1 | 625b882ee2e38c8a6610bb887bbf80c7ac14fae4 |
| SHA256 | 9b98fdaf643bc0028526abc9286760d21badf69487504665356bdc59b9a21782 |
| SHA512 | 71545b7bb32d0031f87dd2629e3545789401aa55ca2f7f4e06a6ef9f4cbded54270a7a22f26dec132950af2b1112be2e33aeabb8f0ad28508cc2486c4b8cfc66 |
C:\Users\Admin\AppData\Local\Temp\oIYo.exe
| MD5 | dc531f1616c1520c442ab10568f75e33 |
| SHA1 | aefca409bb98f460f757353510f862b559c6ed29 |
| SHA256 | 8b454fcdff2fa88f2b6cb05f08cbff471c049f98fb173c237dca853bf8166b2c |
| SHA512 | dc07de1dc78ef9d39599bbef21cd3a19c24e759cef2634257ec29a3c9292a8f62587d626106a6bb7facf105b02dadc4da2d168f2b215aeadbaa1879e8a775813 |
C:\Users\Admin\AppData\Local\Temp\uoQA.exe
| MD5 | 0efc549c2d907bf6ea9b203413e4f543 |
| SHA1 | 25360ab199005c0f54b63458aa0a950d96e841e0 |
| SHA256 | 63354f5099a95b154aa79f0d4d8e146bb42e377bde227bb1ad4e5ea6735b0108 |
| SHA512 | f47c594e96d9acc499b098d565780baf6573fb65488d31321dee9ec41294c4237d8f49d654ab2fdcc9c001d31a06e22cfedb3cf4ef12273471b017a3915f2bec |
C:\Users\Admin\AppData\Local\Temp\Iggc.exe
| MD5 | 18acf0440c9972b87eac7a0fb4ef8813 |
| SHA1 | 138c40a8502352bb3a3458561fd76ebe0ceb9362 |
| SHA256 | 7544ecd6f3c830f0a67a626217bf27e868fe45c44efcfd05e522db8367fd5cd7 |
| SHA512 | bcc764c804d5623be944b97b60a93ef90461087b2034e5e1ef65e4adb839f510a3e43e4e890b4a7400fcff31060b850be1c346b9f46cdab78842fb9fb6e07600 |
C:\Users\Admin\AppData\Local\Temp\mUYC.exe
| MD5 | d26b207ad363b9e370bd58810b8d4a99 |
| SHA1 | 9f7d88552cc5ef2371a67c1f37bf8fd9576aa7f7 |
| SHA256 | ab5284f906b6dc261d0fd33669e5391b1e0c78f2f76415e253c3a00356eed8ee |
| SHA512 | 74be07c328ba8d8318f7e05fd03287fe55a56286d6252263086ebfa3bacad31773b048485c1ada7e274456298525b8e3deccc7caecbb1759e345de67a06e1afa |
C:\Users\Admin\AppData\Local\Temp\gagEogcI.bat
| MD5 | cf3cf1aba5607d76e83566287f7a9eff |
| SHA1 | ae74a0375fdcc88b6d46c852a45cbf24f50a9875 |
| SHA256 | a6ad92c01b6b04d3784fa1fc7342fdcaf7958a55c4bfa9677348191277a354ba |
| SHA512 | b18de37e5aca648fed66b0360f7e6abc9a80e9afb770dcd77cb1a0db596415c222162b0c7f9a7687950efa901a27c2bf328149fd4d5703742d8ae89d449f87e0 |
C:\Users\Admin\AppData\Local\Temp\Sgcu.exe
| MD5 | a584f44ac47d2da53bd766b3c0775e2a |
| SHA1 | 1b78279d660b4f8b25273650563a35defde7830c |
| SHA256 | 1f1d05afa8efe72bcbaef894ab213691d4124d3ef387bd6580331c05a093ee7e |
| SHA512 | 186534533fe71ada5a3a89f14f8f0278895b27755c0aa233542c127b138bee3687b085b1e2a37a7a2e30b5f0e43f6bf1dbd8225e9e5a54c5c1ab876b0b9d7743 |
C:\Users\Admin\AppData\Local\Temp\EssE.exe
| MD5 | a3b5092b9431b92901e3fed343d9ce33 |
| SHA1 | 82cb21b105964ab715d50552abb3c96a01524000 |
| SHA256 | 23ab046a4782f38d1fe0723ac053807acb68aa78f175670996d629be83143ff4 |
| SHA512 | 7bf84f46b89cea7029355073f29de9eaa68ea924c4b325ef98bdde4aab6136cac4bbda2391cdd498878d3d8cf5bf74a93139157903b1f018faf2a6c1a98d3b04 |
C:\Users\Admin\AppData\Local\Temp\UsgQAEQI.bat
| MD5 | a5dce3800e1701534a48320efabfe496 |
| SHA1 | e5fa10dc62dcd18229f079a702592f6d5a319416 |
| SHA256 | 465c3a3b30d07d57a875f3fad88b4fd1965b0e5d50e8c571a3de668004260fec |
| SHA512 | 67abe5fba59e7c2a151a528cffb568e3727c13cce3f21b7c1444708ebeff31efd48a6433cbc2297404c160ef946548d03b29adc3ea511b51c44c9ab38611b16b |
C:\Users\Admin\AppData\Local\Temp\esAi.exe
| MD5 | fb0b00d020e38ff9e59fad68ba60f436 |
| SHA1 | 921fc7e9fdb32b03fad5fbf7a951a26e43fe0bea |
| SHA256 | 49f07bf17f3a0b9129bc2f2738cb98dbc1bdc2a2226f1e51d1bc40a906496412 |
| SHA512 | 886d10acbabbc82bf0f0df7760873708980cc9cb8259ca01e5830e7ae407bbd4cc18a669dd5df8acac3e7bd64f784ea50531e496361f1f008e527df12cf62299 |
C:\Users\Admin\AppData\Local\Temp\kIQU.exe
| MD5 | 9db008faab7dad985e6d152934859df0 |
| SHA1 | 5ce1ad47eae89b00b1677d98ba31f7d0bc5b1091 |
| SHA256 | eae68229b00684426819dd707a761d17d552934b230d06df2e7d13a9eda5ab97 |
| SHA512 | f857b9f4d4e5589263419efe8b8060c900bbcf7f428c4cc2ef22636c996c0cb9cb8fbfd49646d118fa567d4739f47e630fc8b1ced7aa2ac288bdc80f57ca33fa |
C:\Users\Admin\AppData\Local\Temp\SAUG.exe
| MD5 | 3b7080b9a3e422167cb3f1a1f553c501 |
| SHA1 | bfbb0a7cb3c09f1ffcb715c8f8a5862e2f3a2ee1 |
| SHA256 | 1f3f88641fb7bea4ea76bbd55d65227b9d8240a3b90723f14cfb425835ac59a2 |
| SHA512 | 40457d9a3261cde560fff6a96d4d98215047308cb90ee38bf7e5dc49103aa8965b47fc07f4330c1b01ac28ba56dc47d6113777371052dde03b1aa0976351328b |
C:\Users\Admin\AppData\Local\Temp\qwwm.exe
| MD5 | e45ac80638e4a940b82447321c4cd5b4 |
| SHA1 | db1f42308d2ac057acaa97af5038af95397e4132 |
| SHA256 | b30b1827cdaf870fe9bd55e4b5083695fbdfce7083c22cb69c12a38a2c9a5803 |
| SHA512 | 4146d7fbf774daf4b553e6d4ade8f7da5164c1283067ceebc6950187668516150077ffa8c37c9ee2349bb011d0cee1e4aae5c772f695f119d56f1ebea68524f6 |
C:\Users\Admin\AppData\Local\Temp\qyEYkYcQ.bat
| MD5 | fc391874d2c3fa38f48f91004c614647 |
| SHA1 | a3c875a045793c820e7543a5e5e29407d97ab74e |
| SHA256 | 070468ca64eec06640e6030aa5649d7aaeb8a81916dbb424650bb294c685d99e |
| SHA512 | 88e9ca73a541cf321c5ebdcac6a5d426bcda335db6c210571db2a67fb4571f2b95b6a12bc40d37c0508a349f3eb8fab33b86f7c75c1f1ea95e9170c61c9a3e7e |
C:\Users\Admin\AppData\Local\Temp\gsoU.exe
| MD5 | 26f36bc02b18d7a6fbebcbe18e06ab0b |
| SHA1 | 1ddbc72860349f00b39b1eccd91e7dcb093a1b20 |
| SHA256 | fbe653acb39084cbd93f154516ce34ba04170791943dbb74349fec44708782fe |
| SHA512 | bf0108c47b873d86a6b389ae2724b78d905eae7ebabfe589352b60de0daedfa4ae16659b79cd77429bc751940a5107b04de3213560ac25dc95cc87fc5a11763c |
C:\Users\Admin\AppData\Local\Temp\mgQS.exe
| MD5 | 5aa0879e5c3bf52166b87b89dec223ee |
| SHA1 | 8b8dfe09676ca71cef4651df22ed3d09394ad84d |
| SHA256 | ec51e199cfc813ad2e97fafa89898803979f4518416258a44fff7fe773b6985f |
| SHA512 | 58c18079841f5158c870fd342cea9cef19cb4123ce3c4f966044652d688e8f045f2ef04126994f64e17ea6bd549a417c01a926c849033045c8a2d68c5dc15748 |
C:\Users\Admin\AppData\Local\Temp\wcgU.exe
| MD5 | 9069b4b4c3ca156f9e02d58bb68da0c6 |
| SHA1 | b47a1394643e024176cc818c6751d97496d3719b |
| SHA256 | ac1a65f1fa7186428f52cc2b05d67904957d293b549dafd9aba46d8af4b05494 |
| SHA512 | 518cf4fa7f7d7680374f3c7f12fb3f4af8a8448148d1f3dfb3a955182c7d967896f4d6eb5e9815af8b7bef38ab710f1af74944dedd9abcd0532bea9de684eea9 |
C:\Users\Admin\AppData\Local\Temp\gMwc.exe
| MD5 | 53aaba59b33a754814fde8508d2c1be3 |
| SHA1 | 2cf00f58b5c3a31ee3391bf3141ba8eec867c63c |
| SHA256 | 05dfc92aa394e90d3a01826bb36610cea1c6c96f075468432cbfee259e93c527 |
| SHA512 | 3d6efa6ceed6def2d047e497e561283dd9918f0e7cb4b052a0c3c451e9ccabfa48734309f82f05c6d1fd3576843182ae5c11495b25191e95de413efa895f616d |
C:\Users\Admin\AppData\Local\Temp\SUsMEAYw.bat
| MD5 | e8765bcc2e983f33aff8df87ce10518b |
| SHA1 | c099cec3c1451e3ff4bc5ae0cb0aa06a11ba85b0 |
| SHA256 | 89c4193299fa0b03a36680bd4ca66df854526f0074bc2160f66d33e0d24e33b5 |
| SHA512 | dd82e2827c3661b89bc5b5bc603189e3a72db9b5f10fc3ed79c6c575b280f4fb8b085e9414d3281fc91bff5efb5e43d4142ffcd4c555ef80b89578be29258cd9 |
C:\Users\Admin\AppData\Local\Temp\ksEy.exe
| MD5 | efde5e5ba9d1692accd1c7b0499f97b4 |
| SHA1 | 7970caae8defe29902f3dfd9108c0ff0b243751d |
| SHA256 | 47c176ecfbfbc9d6cc5f3c51af2dc2ff5bf08845220b1e74b2929f42d65836b4 |
| SHA512 | 050f7551473384299da260fa69f7752fa8c6340ed0fbe5cd1143e708b8556b1cf5f91052f8dff01fb130288560f252cbd90e91c5b8324a57e0d371c29357f8c1 |
C:\Users\Admin\AppData\Local\Temp\OIES.exe
| MD5 | 38e7003f37c2c0bd1356027d7d903eea |
| SHA1 | a8e9368d2fa4d16b4bbbad2edf0b55f429c07913 |
| SHA256 | de3da16c2c413f10e61d467844c19be2d084e9e85a37130c96cca053dd6ec005 |
| SHA512 | 0b5994d793bf500acac6f1379c6ea2c666485ddabf8251f8a870de9e94dc8ae8a565e67a98b35d5b4b5e4f3b151c53057f89e721565dd3a49dd21c47a422813e |
C:\Users\Admin\AppData\Local\Temp\YMoa.exe
| MD5 | a4882b7d60594d23807760e776c7f72b |
| SHA1 | 1470e03054ba516a12efd471af528999c67fa050 |
| SHA256 | bb85b8b5d52d5349a7d3e903befff033f955da721faa883611562f3a16233a2c |
| SHA512 | 6988a3cc38b125eb45d0a911b5feb4095a4ad4ac0be7ce3a955299016fa496588fb605fb6dc679e12df54e07b096f8bfffcf8cacb397490efb0f3b5ccabcc768 |
C:\Users\Admin\AppData\Local\Temp\AEUu.exe
| MD5 | 2d796280e9cf0c52da9b70a5373378e2 |
| SHA1 | 39ba250c44a8ddcf671f3c4103815e4e44719a26 |
| SHA256 | 00d0c016fb66f976bcbfd7b1dfb04034db507dc66234a5a526b44e1ca84db1fd |
| SHA512 | c77d7ae44acb171804774d43209e10a4a41e285804030f5efb392a956fd8b0f465f17b70a57325ed0c7be6b3a091123930f7e85811b5a1e7eed61d61f1c45700 |
C:\Users\Admin\AppData\Local\Temp\fuQYUUUA.bat
| MD5 | 9d032e28833d141ad84ecc94a608821d |
| SHA1 | eafaa19d3e99a9c9ca1c30ae8fe76435afbad3be |
| SHA256 | 32218347ef72b63e61279a1e94bb2e9f3a4d5a6334c3444ef2cd49f1c9fe3df2 |
| SHA512 | 890c3b61c012291ff00f273ee7460cb38f58d6c6179350ab90fd4475d4cf15c329af93bc1188a787c1d0ba7395c47fa12ce448794bf805e009d79ae4c2242cfe |
C:\Users\Admin\AppData\Local\Temp\OwAU.exe
| MD5 | 4e80a883aa42284fd4463693acf2aacd |
| SHA1 | 753fdb9411e71789aaf8ed6f29c8de20ac265b72 |
| SHA256 | f42c3b7ffa6cf8785567b337b0835af82a4202ec76113432f8e2b0fdd3aa46d4 |
| SHA512 | 9366141e52114d1b7a697e8c9e1e215f792803b71229d92f91ad81f88ec2134b02a9b95fd665f12645e933bfeb38a4f390a0b7e6d11de90d972bf716a70668f6 |
C:\Users\Admin\AppData\Local\Temp\SooY.exe
| MD5 | 19f4dfc9be2677ac30747da62d4eb2a4 |
| SHA1 | 2c056e194606080e04c44336db02085da7d81de0 |
| SHA256 | e141d99afffe53b1dcc1d54aa17db543e32230179b2f98168ce52506ba9d2a87 |
| SHA512 | 0e2653af24cd5839ff80e4754dcf9cdf964d70e0c723bc54312a871f65f14c088958fd6d929edfeb096d339af1042ceb55836e722658e62041f0117d1e7f4a21 |
C:\Users\Admin\AppData\Local\Temp\iIAo.exe
| MD5 | ced513e3126de9311af88d749dfcdfdf |
| SHA1 | 11bf9612d5e1919cac3ac35bbac257e8d59ee50d |
| SHA256 | b0f4098fe651378ef395f3183f18a1c299e2d06dfcb016daa4d14c7287d5af50 |
| SHA512 | bb3946aefacf443a08699ccfce554744328f1aaf63c2643cfaa4dda6b25f8f3a7f6461c6826e99a12c64bca6ca27a9b8c8106a5d5bbc9c3f7f0f4981e6200ec7 |
C:\Users\Admin\AppData\Local\Temp\OssM.exe
| MD5 | d4ec670f593909287e404063f1258b39 |
| SHA1 | 19eef73db3864c892206cc5dbfd852bd985553a1 |
| SHA256 | c30a428de259ab564ae24a679ef567ba2add616394c3f04e4d3e16693bef7f15 |
| SHA512 | 98a43354f8644460a7227f206b9cea2fc3c38b9556b71fe60c6bd762c8001ea97ee1637b882e725cd9a61e792fc6b4beb4eca83a62caeec303a0e9cc9897cb35 |
C:\Users\Admin\AppData\Local\Temp\VucIUsQA.bat
| MD5 | d48de8ee351941bf7ceb5eac270681ba |
| SHA1 | 7e2152940b9908b380f8ca08451b307ce2fb19ba |
| SHA256 | 39da7b1b850daa32bc605f0b68b1cc46c248ae0f3bc92461ba618c541c375500 |
| SHA512 | 381da0eb39da3cd0148b39cfaa18e0aba72893a9f46d6faa42210f646811fabd951ba2423595b14ea67e71978fcd351bf10890da3f8c28825e712cb88941ae7c |
C:\Users\Admin\AppData\Local\Temp\YMcG.exe
| MD5 | ff9013dfb4540c266754f56760de0758 |
| SHA1 | 942ab218ff2fc8476c121762d52a292bb29ab424 |
| SHA256 | e022c0aa1459bda8fdc9b62892242913f5835da8cf6adfd1fb63defbe703ffcf |
| SHA512 | 44f53c91fe8ca11096ccb608b105038c38e229a6920ce445918ad2ffbd79e74307931c0b8aa46978df2ebe8a7a72171f0c8643f2b78ed7dde3f22cad33d69a7c |
C:\Users\Admin\AppData\Local\Temp\esES.exe
| MD5 | 627dcfebaf2d91094a4c24d4c46bf57b |
| SHA1 | 6411d6791cd20c8eceba1b9f808ac213c8ef2653 |
| SHA256 | ef39a14afd7ae624d10b40b655c76b19a547cb52033dcc096fcb4f6bca354008 |
| SHA512 | 29a37787a3078976da4df3e1cc8a1d73dde2a929a7cb5e919df735411cc3fac8ffacf4dd624352ff4b40fbd73d5bfc052da89a022955804c17e468da34b21a39 |
C:\Users\Admin\AppData\Local\Temp\AsIc.exe
| MD5 | 59ea65fa9229ce37d2430955a0787f69 |
| SHA1 | 26a104bf57f35599b50879041fed2b732ca9fd68 |
| SHA256 | 5233893b3cec8eb08463eddc5a530046622ec656ddb6b861434b94d6887ada45 |
| SHA512 | 109256c75d0f82095beaf2150468df67749b1d1ab7425ef681cdf1f7cff9682b5004d0f8329fb04176b270c58db4c648696a505139cb37e58d64b1b2091422c5 |
C:\Users\Admin\AppData\Local\Temp\ywIg.exe
| MD5 | 5f655ee6581abc008f988ae606f4178f |
| SHA1 | 3d73194996a723fac57fe6f373ee713746211a20 |
| SHA256 | 2c6a9fe0cec25371df26ea623d5e3948e266ebca12b4075f68ce2f00affeaa7c |
| SHA512 | ba55cb47e6a92217be432a8fe944a0a2f8bfff579a7deb57c698600923f39f86038f2c0d52750d96c505519ddf3f08200a99954d437dda39b3b64a957078216a |
C:\Users\Admin\AppData\Local\Temp\nWUocAss.bat
| MD5 | 272e6fb0a4586bbf721faf0837bd7472 |
| SHA1 | 8bb4e997493732d557da1546730b69d788dc7fda |
| SHA256 | 0d91b357c93240244369cd69026ecd9eb5fdf6b4d3e88eff80d3cb2fc28b24b6 |
| SHA512 | b55d30f320383dc246e5e50d9f402bff03dfb39eac6ae740d7107299dd14c25daef10f4ae3507e89f47068057fdc5de42518c9450f2b85ff75696cbc75be6bf1 |
C:\Users\Admin\AppData\Local\Temp\UwIS.exe
| MD5 | b7bb21784794f0cdc1f50efa99b27db2 |
| SHA1 | 45a8b4f83669f64afbe662cdec40953c29ab301c |
| SHA256 | 57df8c2691ec85a3274cead48df2e268004497f1fbe301328c4182c245bade2d |
| SHA512 | 0e8afcfc6c1590f9172c118ac393455c6ea4556e4f5da0efa0362059ec647aa39c12552bad911768369189b3412d5ad47bc6401166869dc27ded58474c5b4e62 |
C:\Users\Admin\AppData\Local\Temp\CMge.exe
| MD5 | bf68ca0059566ebe6b41ac1f7647e24c |
| SHA1 | f570207855edf0f6e9108a8c96f5daf90539b184 |
| SHA256 | d121ee243c639c3ef01a4f18c8396001efb940c57e6d69575d858cbba02e8b95 |
| SHA512 | 4082972a1c17cf81176166bbf1a1ece4be19d23992f8f724d5f072444ba5b22772c0c9a34c496c40b4ca3c5c498af0bae862cf221d5cb18ca1209fcaca196918 |
C:\Users\Admin\AppData\Local\Temp\sYYi.exe
| MD5 | 7b762d3edba0e6a541b0b075b2da15e1 |
| SHA1 | ac40cfc000a7fdc48a3704569f9db34d4ef8a05e |
| SHA256 | 76a0265e7fb7b948ec247a2c031238c1248119be26c0ca8620e5946618a1a4e2 |
| SHA512 | 2c737438123624768abdf89f6a12afb2c3e205178e7652548b55d497e29615578a2d98805c98a3621afca75d1831b61769b691a578cf050a257438ebabfed40d |
C:\Users\Admin\AppData\Local\Temp\NeYwUcEI.bat
| MD5 | 4b34ce2413e524b28ab16574091ee442 |
| SHA1 | 40c0bf52397e09ef4815dce1fd05196b103395d9 |
| SHA256 | 493606c4f5b2f83b9cf7632b86c0745b4227efdf7d809a3fc15d93a5af0ab759 |
| SHA512 | bcd371733e9e5a6b0daf09cacd629b0927b324baa733eeb5b5429ce3faa0631ab6df8b9e5cd8d7a82b3896fd7397ca1aa58e4501b554bf35b0b82e370d2421bb |
C:\Users\Admin\AppData\Local\Temp\WwQU.exe
| MD5 | 86dfa6608510eb709e9fa6499f878b3b |
| SHA1 | fc4da94f3187d58e7fdc6ab179c1d687ecefa3cf |
| SHA256 | cf35086c25830331f7f920cd1f1b9b9bcf454a1a4ade2dcfae8f46eea86965be |
| SHA512 | 841ab0c1c4642f042b2b76870c64917c719cd30bffea692c8828ef2db09bac24c87e314af892ae7601c221059980552bf27b54d9daf831fae144ad7632c57cba |
C:\Users\Admin\AppData\Local\Temp\GwoS.exe
| MD5 | 992d300e2951fa2affc6e9053ccbe1c0 |
| SHA1 | 43fe04f671bf627a9a3456264465a358c2115b44 |
| SHA256 | 85fd9bffe4e36e69f4074ac9e7842ab351d918ffe3d86096c82f10ee0c888159 |
| SHA512 | 47a1753d3df179f7a85eb6a0ff51ddda76f17b618f7e9b3c0e3762e4a66d0d093dda2818424d6fcf3cf52cd7768781e4845efee6cbacbef35aa5dbb2b65251d4 |
C:\Users\Admin\AppData\Local\Temp\AYUu.exe
| MD5 | edfe2800440b44b4a16df8f092e6d1b3 |
| SHA1 | a667ebee7f2f1484dd4750af70f9e7b8952d7c81 |
| SHA256 | 958dd30c86f8aca11794867c627a2732f2b052d049bc195d1d03122871d61807 |
| SHA512 | 6f182ec3ce0f9cc9184424524fcc96dc0562c582ca54be203aa0e9af5f466aaefecf30918febdc79a36795df3edc1da77a66eb2f0862b4cedc2ddc5c4c9efc91 |
C:\Users\Admin\AppData\Local\Temp\eUgAAQcM.bat
| MD5 | f41427a25de61d5a61f67ecf6e6f877c |
| SHA1 | acef836c5439ad710daa5c0d67a0583f1b189163 |
| SHA256 | 8a059a25d7b03e666bd6507ae2a8a2d3cfc634b0176b1259398f39ac0be28c96 |
| SHA512 | 90315f1ce3bef8465b6d9e3168f18c3c8f95ed5bca9fc58d14ad5ff11884069752ee8355cf08661e77bc44e9181b0c2855b4b5a3fa4b3660e07ae249ecaa9b67 |
C:\Users\Admin\AppData\Local\Temp\AwAS.exe
| MD5 | 2ddf3478b655b7ab9c3061859eb3da04 |
| SHA1 | f1af4318216983cdb98ae77b2319c8aa1cb74962 |
| SHA256 | e4332cc2d8e6310c7fd4431c2e1399e61fc7982834ca74ebf797e46ce4694e78 |
| SHA512 | 510e0560422483a8f9842e273e56e2b966c683a9eea3771a8710572c3ce0b346666019d797bce85a92c84fb43bf4ee007547c4b193800ee66155a499a41e91e2 |
C:\Users\Admin\AppData\Local\Temp\cmcQMMgw.bat
| MD5 | 26cc3a23dca19db141236407a3c6ceac |
| SHA1 | 4647fec3a96b5f00a09f160bb16cdbe0b4998cfb |
| SHA256 | 51582a6f01fe3c5240422681a264398ccd857b54cb99eebb2971cb07b96afbfd |
| SHA512 | 198a171cb46d5aca3c1a0a0706b3d157a05fc0bc092393d5c23aa794315e5f3785939f1b6fc85355d6c71af05c4a8bdbb6bb32abac659f58e1fc705390b25892 |
C:\Users\Admin\AppData\Local\Temp\acosooUM.bat
| MD5 | cbdb2632628e9ed7d677a713d9817b0d |
| SHA1 | 328f0742cf74e8ffdb253376b1803615055e215b |
| SHA256 | 15e96cbef5080e0adb10436249d795178bc012f444ef39acf8866d33c82608d7 |
| SHA512 | 69deeae0c536fcdd914ce82f7454de27ea07efd1cd3f15192694f92e18325f0953909110b8aa511d858a17c2e45e9300e869e4f4f3f3febe6bc0676600be7606 |
C:\Users\Admin\AppData\Local\Temp\cwoc.exe
| MD5 | 442a262ad2affae2009250dcf3dbf63a |
| SHA1 | b78005ae23e51262616ad3bca0b6a0f289fa5599 |
| SHA256 | f538b27fc7a9b9bdf33f635a4ab9995ac15bbc256e80741ae90ddedf84869682 |
| SHA512 | 1f202498ccba262c660d899d955915eb5284af558b13c5463da4c78410badeee9973a8e238fcfe716d3c45f1405afa87a8cffcdf5f158ee371fac0cf4c1395ce |
C:\Users\Admin\AppData\Local\Temp\YMIo.exe
| MD5 | 7ab913bbf5cbdd81dc885edc6f099cfb |
| SHA1 | f935b747eef16c14dc2c01a962058e1fd9f3c4c3 |
| SHA256 | ba3740d0f6d51d171480c6c2bc0295c7556ce4a55bab731d3e318bae430520b6 |
| SHA512 | 1dc86728ed44a2e3925dc16fcd490b55edba733e06ab19ae583f50c5a7738ad826ae70d2e0f968dc23bb64dbb62fd6970a708da54e29d885d98149d82dc113db |
C:\Users\Admin\AppData\Local\Temp\Eskk.exe
| MD5 | 6f0f343fdcfa6002f14734022a1b7d6b |
| SHA1 | 8418804dc6101c4345e05348cd442483a97eb42d |
| SHA256 | addba0b56b3dc4820eb53dcdab15d80acc5a18b95a597792a0df2f858a1865ff |
| SHA512 | a4def6976c6e34b012a98be030de53d61c9dc31d28922dc6eaf01b03528e572096de0b6528aceaff767a86c33d67a6f01802e52eefbecc63dea010152e368632 |
C:\Users\Admin\AppData\Local\Temp\ocoq.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\AppData\Local\Temp\CwwK.exe
| MD5 | 3b77e445448a947c2d0f0c1826d6941e |
| SHA1 | ebc9a0826324d9e1d497506d37579c3b89865a8c |
| SHA256 | a11ece9c5ab53934dcf60613b2b00902ca8d68ca39031320bc93a2f74dbfd553 |
| SHA512 | f3e275de351b7300d09f2e598078080c2a980fa69c5ff53627328604e34a19f7588200ae185a9e85c3c352a1103f40cf23a2f53b60eb2d556c878558209fd8ac |
C:\Users\Admin\AppData\Local\Temp\IIEA.exe
| MD5 | acaff308d306f7896e1a4d307312489a |
| SHA1 | 874616d80acd1c4c6395c1d34d2e4ed0be4e6b45 |
| SHA256 | 1a108cbc5dffb91eb28ccfeb22271c9f4576998fbccd243ccf50a4a999959aa3 |
| SHA512 | 6378bbeeeea85b9b0acac690a4008507a0fd0a1a2bc8cc1c870cac5666ebaf285781906aa6a82a605740134b661f18644a28d3c3503544718a36998e7b3b663b |
C:\Users\Admin\AppData\Local\Temp\agggUwsk.bat
| MD5 | db63be45433b6a9e931565099f554e4e |
| SHA1 | d9ef627ac1974d587ef8a2cbbe010d9e30a47ba7 |
| SHA256 | 71adb24a41d58bffe033b281f957f2de9e8d2bdbd24306b08a27a8c6d9ecad45 |
| SHA512 | ba151d6d7b6aacb6dac1fb013a659ad52eda265ea8851c7a15eb8aed92934c9bb1a8dee485f4b7c9b8f08800e73980d0eaa0adf727a3d419887a20455234c4e0 |
C:\Users\Admin\AppData\Local\Temp\IocM.exe
| MD5 | 9c5faae2446daf1e36d1195abc9322b3 |
| SHA1 | ea7c64cdab64d6674e19542eb20f21d002475036 |
| SHA256 | 64a82b6b74f659af65bbdfad701536fbe676dc64a3d33c6e5d0c2c3781912f3c |
| SHA512 | 724a7a466bae09cb4706d0d4845f2d3fef0d6e706575d55bf494a418b390e8b9600939c8d1155fb9dbd6a41194774d195ae88c8028ec09355a43601cd1a85a37 |
C:\Users\Admin\AppData\Local\Temp\mQki.exe
| MD5 | ccba96a9cf23e5b399b3a9cfecbd59d4 |
| SHA1 | 04bb3bebd398db1cb0c3c4b6ba77940d6c8a40d3 |
| SHA256 | 935e267fbc7238364fc140a138aa419e9ed5b3a8a0ea622d6facd1641c219753 |
| SHA512 | dd67890aff1ea0a9100b4f36648ebba1371ebfb9a23990fd6a1d82d69fabc9677548ba986853482c56d737b61f4322ae11f697b533a434f70720e52af3a9ba35 |
C:\Users\Admin\AppData\Local\Temp\xQQQwIkA.bat
| MD5 | 4a41966d69ebf0f307ebb485bc67e761 |
| SHA1 | 9c60c6cf7dcbed289e992607c793882c062137b5 |
| SHA256 | eaaea8779cf58f45c2b14262ce878f2c097a81128c0b3ad88d7087daeb951171 |
| SHA512 | bb0e04258b68f4d8c594e7d185245a09246f4ae524d022139c19fcba9b2d9f4dca501b3edc2a64d3f3b4cfad2e62b7290c7ea1c5a8d433e27fc1953bbb927fc2 |
C:\Users\Admin\AppData\Local\Temp\tCggYMAU.bat
| MD5 | 517bad96668b3755e5d147189a44427b |
| SHA1 | c02737ea3660a3a86c0b87ee6ef44c6491e51ba7 |
| SHA256 | a5de642b8a6fe7e9d1dfa5119739b613dc2394f4a04a962e4f02293f5295a9d1 |
| SHA512 | fc17d2083d48e8ea82459c19037ea365b04b2b3b82bd8a6de5f63d8823714ac895d984b6d2fd4dbf9d06f3a16b296fe051d492b52f35e48d3b8dc8a4cba50d6d |
C:\Users\Admin\AppData\Local\Temp\OAES.exe
| MD5 | 1c6cd3cf0fb9ace319b6ecd4260b6dab |
| SHA1 | eb40f7645b0affa81afde69d148d017d78129d33 |
| SHA256 | fedbd830d815d48a182bbf7850a30347f4ea93f06fbb5b4127a505ef354a6862 |
| SHA512 | ab192e32b318b0cebc4037f9cfb2b8a3267ae351721d7a46e10ed37bddfa0fa09c69a867ec83eaf9a043b006b013f86bb096a6c43587669f2a3e904030546c9c |
C:\Users\Admin\AppData\Local\Temp\jkMQwIMs.bat
| MD5 | 5ecb208a15ff4decbf418d4b217c3fee |
| SHA1 | 086c59f41a2ad67a8ea1f8d98a170568123d4e27 |
| SHA256 | 227a2bf9b4f9061127a0de5799d73428d36ef461e24f4f5e369afe86ee3c6a25 |
| SHA512 | 1bd5698419d8674711b27e0367eb828c4a6f2c263a9b068517f4e74e523ddb68b12e4b97ccdab9f5bfda96209700c23620129938479af62ff311f27a82c0069b |
C:\Users\Admin\AppData\Local\Temp\oUIc.exe
| MD5 | 19e0eaf223f11d43293b93c94c6da989 |
| SHA1 | 3636eef5fdbea5c3ceb62884f41a051872fa6a7b |
| SHA256 | 10dcc7c1e3d752a449bc931e632c0972797448ce44900310847dc29accdd360b |
| SHA512 | 0684c372b14240f11766b1335c20a92a14950fad8016a97386b769268d098383308cdaba049db6ba95ce1d792964d3b77bd324918fd334db872d2a21a30bd32b |
C:\Users\Admin\AppData\Local\Temp\WUEE.exe
| MD5 | e8179d4bbe9a217cbd075a91fa83799b |
| SHA1 | ecaa6eb189511ddde4e5bfb159cdc4665f12c5a7 |
| SHA256 | 508cbed7ab0f78387b99ba53e59dc83de150185f208fe7854f4d531e6814208b |
| SHA512 | e1ce96f4a953b9d10b7341c580a45674869b8943b26a34006ed2f9e58fc60b5cbd46c4c7459aac83c5908b9875a11ecf3d1c1875056cfe853df3e92a845c2255 |
C:\Users\Admin\AppData\Local\Temp\RUcYEcUU.bat
| MD5 | 1eac9f830d47cba63f6485e156188829 |
| SHA1 | 684743650b685263f6922690b6e92d8d3ba18d06 |
| SHA256 | 2079769fa9cfde8a3414341942aed488359efaf99d61f2c316925f04ba0fb07e |
| SHA512 | f39343d38580120d253b0d13a9af800482701d388fd76c8fde2da1c6093451dbd90209b0399da8f1bb98c6b5087105c13eade09301e4d89536e7085ec4c1bd05 |
C:\Users\Admin\AppData\Local\Temp\cWocgEoQ.bat
| MD5 | 0cea4c13f1886291e7699c7159ad1b29 |
| SHA1 | 78871c775662d84ad3dbd46887f91062870a8f70 |
| SHA256 | 4a4a8cfc7be922bfb433b8713f0231a3c0897fe2fbfd26716bfe135df9bb26c5 |
| SHA512 | c864b5655809673ca3460c07c2be7056c60504e608d18b1d4b4bd7cb4a1581f7578cc43399235548cf8377da99228e28d8b5fe56e37893a36d67c674ec2de51e |
C:\Users\Admin\AppData\Local\Temp\aGYsEYIE.bat
| MD5 | a986020dad34efe809426c569ad35aa6 |
| SHA1 | 4677fbec7a4e02fe38ba8d51175f4ac887195e67 |
| SHA256 | 9cb35c929c76f8b3b03c0958da2b1360fcde5ebae564e8a93c6bebe526c58034 |
| SHA512 | 21b7919af79311da93b6410b35b59c5521eff2f57df1630e2acf2d66739478fe8c62ba75a80463d7dd576d0174b47ff23f5c9107fab1b5754f1a29d68c55cb6c |
C:\Users\Admin\AppData\Local\Temp\IYAAQscc.bat
| MD5 | 3ccb4c8931b83a272b0c429033725099 |
| SHA1 | fbefa0042ced7663477c1bfb23ce0483151551c5 |
| SHA256 | 778553e30ab07930babbc6f37cc48f58237ccc6fcafa36a9a03e81aa700928de |
| SHA512 | 53cbf36e8370cd01a61aa287642af389a4050d84c2f53de27f9fa6e0f4b6c2d1efc5b8715c2a5b36784afe2bc83d4f4471ce195afd1d9e78ecd1fe432bac4a6e |
C:\Users\Admin\AppData\Local\Temp\gUMgYcMc.bat
| MD5 | 56acc503997735f0f35390b872f324a7 |
| SHA1 | 371efe0fd366744c133a269e648d8463fa1e5a46 |
| SHA256 | 89391082e72ada6941d140a05ad8c2c575d3fb2305099497028e85f0e64bdbb8 |
| SHA512 | 2a8b68ab8e0dace79b9a0e1992fbffdd3f296a01fd5879bdb5022f42d73f660647b0010eb58f156c54fc5d634b03f139e8ef26044ec02f733ddfd8ce96707125 |
C:\Users\Admin\AppData\Local\Temp\HIUEMskQ.bat
| MD5 | 84125eb401bef3f2de8335c9a4b84397 |
| SHA1 | 7541b8054819864d7f64e2adcc1b2763fb23c2cd |
| SHA256 | 165414e79844e6fc597f465432ebeb8f81d80a844daed99620971704f7b58416 |
| SHA512 | d65a1b33940cb8496235b93dc271650ba35be6490137b722fd2a47e25830cb07f980d5b90dbfafe97e7df0db49c846f41e7a5c292b5c387e0e0c01c724b5f820 |
C:\Users\Admin\AppData\Local\Temp\RocMYQss.bat
| MD5 | 2167ee6f2983527180f50bb0aa746e80 |
| SHA1 | bb27e5e27b19b18503fb817c038413443d5c447a |
| SHA256 | 8f315c7f5c6782bc729c237c1ff04ae86b8284a9059178ab5a33f4604fd93199 |
| SHA512 | 0f5c94f93d83e2626ffcbe5ef64695af199f145092715b72345a9decf2838f94a26149719782435951c7686b122918f434019f7246eef5b2e067d2918c9ec118 |
C:\Users\Admin\AppData\Local\Temp\naIMYgkE.bat
| MD5 | 092b8d50d8ec3121f28734799848fde5 |
| SHA1 | 57d44ea0395db40317f3368682285852c3817fa8 |
| SHA256 | 0e2174e8e98156ba529b5148d4339e228f8477a22e1b8a75cc2a2c51b0fc33df |
| SHA512 | b5df844f3ca37d87f843d54db56e722b1c567330b7761907c7333135f36c8ef3fa42c187f14ff8b213e5b8e7d3c1605803b62956282b9bb322ea4c74a9a89c8d |
C:\Users\Admin\AppData\Local\Temp\lyQgIgQA.bat
| MD5 | 89ec3513f109f158dafe500d1ac22305 |
| SHA1 | b74cf5a90b230ce4092fbe1eac8cb275cd296367 |
| SHA256 | 0baaa42ebe0e9221a738f4e3454ed3468e6ec6f8c44d8dfb6cd28b4117b7e0a0 |
| SHA512 | 834ea53ebfa4c9d28749dc3685b5570717081a62e0405810fde7d5a605308a75bcdea8ea0df3ef178c9aeb4ea1942fcf1432a572f567ee82e6bed7a8787a79a1 |
C:\Users\Admin\AppData\Local\Temp\oaYsUMcY.bat
| MD5 | 89135b5c87d670c198b3c694f90b3a5d |
| SHA1 | 90b9d6d4f2fc58fe02c74564322b65c0afc6f74f |
| SHA256 | dba34969af13fadc6547b74329a8529cdb3dc00de8a4bd6513119c7cc5eb12a3 |
| SHA512 | 219b98c6b4cb9da31226632fe5c3563517543898a63bacd6af2c9c860c40d110921e20baa2a986d946b6ec7e57f3279b8d37a25034136227f1e620d3f43aec51 |
C:\Users\Admin\AppData\Local\Temp\qmMIUsss.bat
| MD5 | 76b584ede0b1481ea67fc05e83172c9d |
| SHA1 | 6e2df112eb93a916ac8448dfd7d5238ebb0eb1f6 |
| SHA256 | 5ba2a714f426ffbaf90a92261876ba3ce85c6614fc32c6bcb23359acf4827fba |
| SHA512 | 9c2968652f49a81bae03a9b5c34a1e136f10befe0ec2cbf4875f7ad3913d95101d68b8c64477cfee15011ea417b0dcb488f7a2cce705dde8e681ad05421dd4c1 |
C:\Users\Admin\AppData\Local\Temp\CwUMwAgw.bat
| MD5 | 687f975e0598be0674da4e9508393c36 |
| SHA1 | ec35e26972a7fa2ecd09d38bb9a716a5b16ec499 |
| SHA256 | 0ba829c5b9b2dcb93af2df51bd35106a4df49e021b5de18a120caad9f3502858 |
| SHA512 | 3a40199fcfa0af47f7d06bda8aabcab6d216258a5957f6aa4a280a44e20e9ee4c40ca3529b305509937b0156ea97af7bd69d09ae5ef32a984f9d584b5ca04297 |
C:\Users\Admin\AppData\Local\Temp\acMgkYQA.bat
| MD5 | 7ca2f51690d5321dab3b370465a6516c |
| SHA1 | 6de2b253da873c25f60a93f8a25943be0e17be79 |
| SHA256 | ef0276c951394a5f568510550e3c6a10cd330f8143042958f2b8c48baa858a28 |
| SHA512 | bc3762b3b16daab5941c34f156ab9d928392252795f6a2b856552c4e4299719b3e81ed97dd54be8543d25983482a51b3f5527e93bba9bebbce94e8871ea9b450 |
C:\Users\Admin\AppData\Local\Temp\bSQwkccM.bat
| MD5 | 9d27edce7df6b4da3d354c6b0f855bc5 |
| SHA1 | 15243fb1a395a05969ffc35b2a6135297b60c58b |
| SHA256 | 43b1a704b8f2644dd52421f368658a1b2e29d28d7421bd78af7b82e461eb8e0e |
| SHA512 | 7ba0abf781c7723f9550a392989968a5ee85d09b2018a474ceb18ab5c41c75e54f212e020872b276dc61ea06a0e1dd1aa90d7c31a8ec90494f104102fe58fbe1 |
C:\Users\Admin\AppData\Local\Temp\TQUQAAIA.bat
| MD5 | 213aa3d79e5c28df65215eaea61a3d76 |
| SHA1 | 0c0d6252f2e7c976ea28aed220f24ca2a3e80a90 |
| SHA256 | 35bdd24fe04b6ae970f5dd8c0d17adb0e057509f8b5061834dd9c19718fa3a1d |
| SHA512 | cf9bc68308e99805b8d483e189f0369636eb21810fdfb31d17440c84107f3b0c0d5af338192be1bb55205652fd7d0546eeb6e874e9fdc82a71d1f86f54866b02 |
C:\Users\Admin\AppData\Local\Temp\LkowQgYU.bat
| MD5 | 25daf920eac1aefb9c3784a59bb4d85c |
| SHA1 | efdea25af1dd8a46e3d6cf2e3083388244a2697c |
| SHA256 | 121094b7781907fd9b88ed07f44c0f27aebe95ebf63f00ffc48d5c0b17d8ef92 |
| SHA512 | 6069cb23e315c1dcbfc3fa1a6c6ed026da44c6be1fb77b12f7babd5a777924c99b84cecb73221fc1e3187f568a9389e66ac67cc04abce35033ab8729bc9d3eaa |
C:\Users\Admin\AppData\Local\Temp\bygwcAEY.bat
| MD5 | 475db6763e102d8c0c0135781e30dcb1 |
| SHA1 | 7a70bd2e1ede20fb7721a711817af6fd7c6b9e3c |
| SHA256 | 6122ea9f5d40ffec7ffda286fca2a10501ffb0b0618273348d732a8e103cd976 |
| SHA512 | ac7d692797eb5330efac7ad592b1ae3de965239e033040d80b41a12620e5ffdb483310e0966380eef6d40e76007b70bb66a82310dc6801e1f8a45c7ce100a103 |
C:\Users\Admin\AppData\Local\Temp\JMgYocgI.bat
| MD5 | da4deea7ec348ff051e06904fcc3d30d |
| SHA1 | 001003881d824495d4caa3581b626e552132d72b |
| SHA256 | f2cf79b592610de323e7d5d7b98db2a28a6758502b7ca4abdc1296a92ac72186 |
| SHA512 | ac57d5253acc3eeb1918acfc2c77e6a935b4c63923110342fe9e5b96fd1be0421ff0cf65371e59624c0dab76057479e1777bad67a479e525d2c735826335b653 |
C:\Users\Admin\AppData\Local\Temp\UOgUokUA.bat
| MD5 | cb8475747e1068473908efea61e9171e |
| SHA1 | a84d4e52ad217ed22075d4c42b38c460756447c2 |
| SHA256 | 9d571f668917d01b3308c9729e61cc15addb1b70619c9811fd251f543f2d5ce2 |
| SHA512 | 9dda17ec026ac8767e501988d007c7612491712a2e0bf0316eb56b52f446466a90f1718bf9f3056ef10253cf1201cf608b5fd3a4b5199d15ce93a21aab5aef3f |
C:\Users\Admin\AppData\Local\Temp\aykMUwUE.bat
| MD5 | ce32a24fe655bfecdd938956c970e4bd |
| SHA1 | 081ebfc7701e979e88153700443528faea5d2264 |
| SHA256 | f902f48840ca1efbd55d6f293a964493cd60c029f67371c3e1dd1d95adeb1176 |
| SHA512 | e7e7de76313865ee9732c5430b7e0a85ffcd29c93cc230d566653daac941e86b4deb1aa838e417d9853858346b4280a6732ed096c76419d912c029ad7fe0474b |
C:\Users\Admin\AppData\Local\Temp\gcgIUAwU.bat
| MD5 | a7bf2cad8a0917baf6a06f3ec5ad4335 |
| SHA1 | f7c15723c289217ea01eaa35a77816ebf3d4f987 |
| SHA256 | 15d6ae38974b4e1d2041e3b2fc2ea4bd7928b3e1535d208b2ee06c64afd5af2a |
| SHA512 | 82ce10ebc3ddb066e4682b405bb32d8bfc913d24b141ee12a0f90a7ba091f70a33cccb6b0836ab4ff3f20a317a972e17805d4b657d060751d6d74c0d68426fce |
C:\Users\Admin\AppData\Local\Temp\zQUUUUgM.bat
| MD5 | 65d4bd3ba37b1da92850f0b2cf006d07 |
| SHA1 | ca62e03c3b46759a568b9498129de32ebe5fd12c |
| SHA256 | 55ba5b1eec1ab987fa5be66cd5fd84efb8155f4f21b5b605ca5b47b1afc0b346 |
| SHA512 | b23c4c541cbc2eafed9fed7c63655116103e646775a89c54a834c41a41609032f215fb9a16df8c6a9c78dc5da898ab6f0d64c2f9d31f9afd1bb09fc74292b520 |
C:\Users\Admin\AppData\Local\Temp\VYQgIEAk.bat
| MD5 | dc5b15cd55fd0031b09cbafead627d23 |
| SHA1 | 5e066d9093364c25720cd6826e0951e289e0dada |
| SHA256 | 83b6060a51d8550f938731cfb92886a8a30e37037de4b214fcaf1d0b504cbd70 |
| SHA512 | 3127876a6deb4d240420b54f099a287423ae1a7f7c0230a81e63910b9cc8a87a878a44120b752faf3dcd61b215a68526a4c1280e4687c72283a9848ba14af9dd |
C:\Users\Admin\AppData\Local\Temp\XewQgwsI.bat
| MD5 | d686cd46718e51b6599b8af60fa5a9d9 |
| SHA1 | 26ce40ad905858b56720df39084c657b4bd3ecda |
| SHA256 | 31196ae3ad974dc89256f69aed38d6969c289447fa935d306d2dd86d55e72c19 |
| SHA512 | eef7f8bd897d08befc029ea47e7130dbb86a6b384b9838ea25f3f2d7c2fac20053e3876880a7248289f59fdb976a23ea1fb0829863222041a91fc991d2995c6b |
C:\Users\Admin\AppData\Local\Temp\hWowMYIk.bat
| MD5 | b795936ba30d63aed38522c54f036093 |
| SHA1 | c28c05d79e4901bfade242d0014712860eda0918 |
| SHA256 | 1378aae9e59a016099d03af06b4e96d073af20f8e21be8855fb2cfab12afb5df |
| SHA512 | 725597c4bd363226bc2af3218ed10b0831b48b14511807ff897481b54a2f3f8626adaf692e9720edc195713699936490c72c6cc5ae5dbe887ee5fd7bb6666921 |
C:\Users\Admin\AppData\Local\Temp\KCwcEcEY.bat
| MD5 | cb9a6f53c5cc60adefd2b250f74afbba |
| SHA1 | 675b3e95aded53a071e486c4c406e1e826009941 |
| SHA256 | 6fb55c090b21338a2c7b90fcea74db2aa99b99c4ef8ed2a2c901f337b700248e |
| SHA512 | 2e26c443b73b830a626feda75aed8221aae3883b2a21a329e63bd85c87342c03b33a7893d92112ff2572db78c516db4f766b9a24f8135062f68a0f94d1efde44 |
C:\Users\Admin\AppData\Local\Temp\OqQEgMcg.bat
| MD5 | 1117761ae38e9fb7684a42d89360aba0 |
| SHA1 | 76b6774264ceefd456e56f9bc6179c6d06f88222 |
| SHA256 | 492f6865469b15756a8b177f1c26cb96ce93aa5f59fa9a4c4872fca303656a31 |
| SHA512 | b729fe3558791a845d5ccd817424fe82db772024f5a285955800c5204e69b7c5e46c210ee4ae2abaed4cae4652f36a3a8d3a997f2891394399f4cf6da81b615d |