Analysis Overview
SHA256
55e25abc5fc0cf49010c437a6770f44fb9103bd0034e2cb0ee40e8115e5c5b49
Threat Level: Known bad
The file 2024-10-20_25254d694617c9f5e62baff92b13782c_virlock was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Modifies visibility of file extensions in Explorer
Renames multiple (89) files with added filename extension
Executes dropped EXE
Loads dropped DLL
Checks computer location settings
Reads user/profile data of web browsers
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Program crash
System Location Discovery: System Language Discovery
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
Modifies registry key
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-10-20 16:42
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-20 16:42
Reported
2024-10-20 16:44
Platform
win7-20240903-en
Max time kernel
150s
Max time network
124s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\dEQYMgEE\CuYMQUss.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\dEQYMgEE\CuYMQUss.exe | N/A |
| N/A | N/A | C:\ProgramData\KCokYIcg\fasoEEoE.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\CuYMQUss.exe = "C:\\Users\\Admin\\dEQYMgEE\\CuYMQUss.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\fasoEEoE.exe = "C:\\ProgramData\\KCokYIcg\\fasoEEoE.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\CuYMQUss.exe = "C:\\Users\\Admin\\dEQYMgEE\\CuYMQUss.exe" | C:\Users\Admin\dEQYMgEE\CuYMQUss.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\fasoEEoE.exe = "C:\\ProgramData\\KCokYIcg\\fasoEEoE.exe" | C:\ProgramData\KCokYIcg\fasoEEoE.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico | C:\Users\Admin\dEQYMgEE\CuYMQUss.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\dEQYMgEE\CuYMQUss.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe"
C:\Users\Admin\dEQYMgEE\CuYMQUss.exe
"C:\Users\Admin\dEQYMgEE\CuYMQUss.exe"
C:\ProgramData\KCokYIcg\fasoEEoE.exe
"C:\ProgramData\KCokYIcg\fasoEEoE.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tCgUsYAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ikYgAwgc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OEMwIYks.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YYkcQUog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wGcEocoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\wkwAUQkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FGAQEAgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\vEAgMgAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HUosMcwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\BGoowwYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kOQUIIIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UEEMYAUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\amokwccY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AiskYQUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KSQQUIAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\peEIEEck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tiwUgcgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nIsUsooI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FYoccYEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zqwIgsIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\UMkIIokA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YQUEsIkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OOQAMscw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eiEgcAsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LmcwIoYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hWssMUQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fSEsoMEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rossMYgE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mwYUMgkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mSQowQUg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oQMAEIEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aYsMMEUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JiwAAUAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VOkAMUgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\reYgAckM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JIgAMgEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GCwwckEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KAMgYAAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yIEAQUow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\yCssIgEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\IEIgkskY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xWQksoMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tyUMIEYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NOkooAcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TmUgMAsI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\GcQEAwgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SKIQwgss.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YEooAMUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MsoUggIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\AGwIMkIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\zwkoYosY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\VMUMgEYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hIoscEIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\owUUMkEk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MsggAgIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cQYUssko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\SykoEEkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cKsEEwAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XwQcosIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lwYAUswM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xaowUMQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\NAsYsEgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ACQMUYMw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qcQoIIAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\myMwcksc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\essgYQsU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.169.46:80 | google.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 172.217.169.46:80 | google.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/2348-0-0x0000000000400000-0x000000000042B000-memory.dmp
\Users\Admin\dEQYMgEE\CuYMQUss.exe
| MD5 | dfe743d0d640b8ef1a06f35db6255fae |
| SHA1 | ba52fff0456c44e4c32bec93275f8e7beed3ac2d |
| SHA256 | 8590d81a971a82166c55ec6ced1cb50bb3ccc6dd9b89fdb805248d56e4cd00d9 |
| SHA512 | b27bc4fc0f59b93c25c65630bbce59e3703c8e6327ef7542bec459bd2ce96c69d1545d86806e65abdb35750d9676531654e1e432fab36b1ef7030779dd7f884b |
memory/2348-5-0x00000000004C0000-0x00000000004DD000-memory.dmp
memory/2464-13-0x0000000000400000-0x000000000041D000-memory.dmp
\ProgramData\KCokYIcg\fasoEEoE.exe
| MD5 | 8e62752ddee6b9cb2a054b660fe87538 |
| SHA1 | d930bf203958532768a29d60be2865afd06b7a8f |
| SHA256 | e58aa0525feea6f4ef613879866dde124e20c3c741e9cdc7445bf9e89dacda30 |
| SHA512 | ab179ea3bbacdd57b5e470a0ec49400f2005f0206c752f5500b10c953b894c7e663c9a20081a02c9727af70efd1d0397d62aa01c40d5531099520af67c1911f7 |
C:\Users\Admin\AppData\Local\Temp\VWgQgMwM.bat
| MD5 | 7ecb36ea94f313e9ef121fd460f2d72b |
| SHA1 | 0d071f2b448a2003491c60205060f968197b0dd2 |
| SHA256 | 5afd6b12d596b2226d570dfb76cc8a2e783227fa111dddba460e74deda586805 |
| SHA512 | 7733be5fc9acdb5c7c39fc861800f916a083d39d2c5d05b6efe8b810dba13596ed5a027706742a90bd0e1375543d7d0c7013d3ebe1a43c8d639f315fe39518be |
memory/2348-16-0x00000000004C0000-0x00000000004DD000-memory.dmp
memory/1872-30-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2868-33-0x0000000000400000-0x000000000042B000-memory.dmp
memory/1244-32-0x0000000000400000-0x000000000042B000-memory.dmp
memory/1244-31-0x0000000000400000-0x000000000042B000-memory.dmp
memory/2348-42-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tCgUsYAM.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\iaIMEMgc.bat
| MD5 | 0aae3faf7a9d3f840cbc22861b7671c2 |
| SHA1 | 1b9930d2c238807733225e15a261b882e5318fdf |
| SHA256 | 8b57d9ce2986a4b9c0ac41ad388e36f590feff641ed191b63e37ca6eef5c98f2 |
| SHA512 | 7922c51badc1ba2a5a5b86012a0cca85877546ee9d8535e2c6d7d48a98edf682cfed3aa3cc821fa561e63a243aff2263f3a2e9a81e596ef5429ddd5d0a5d4e98 |
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
| MD5 | 5861d4e6983be2b92122bcfb7d239eb5 |
| SHA1 | 892a1af54e23a9960f63eae6369c526ef325b77c |
| SHA256 | b3de971f88cdd8219cd9bf4a1212107b4052f468caac1f196d756ddf095acb48 |
| SHA512 | af3ce9a9c4a7be34e1d75bd9e25b483cfadc18e50cdb3229c5bc70bf965f6c478a707711154066c446f84ae5b6216917dd34935ee69772c305a00bc6d5040178 |
memory/2832-55-0x0000000000260000-0x000000000028B000-memory.dmp
memory/2576-56-0x0000000000400000-0x000000000042B000-memory.dmp
memory/2868-65-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EwAAkwME.bat
| MD5 | 61d23ab5400af124419e0d0c88784879 |
| SHA1 | 3587ee1667cc7693fee9435eb429430e1ceaa524 |
| SHA256 | c7ca2d5844408e645ce5264828588757d867f56311cce1679bd5d1893ad09d5e |
| SHA512 | 65d60c26fc2747fd1a264a72738e1340549459fc62c49a3dc2c882710acc726b254d778118c1b3989867b5d8c562944cc98da056446a4121df54a72e3c4741c7 |
memory/2436-78-0x0000000000400000-0x000000000042B000-memory.dmp
memory/2576-87-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KOIcgEgU.bat
| MD5 | 41a7ba1ceb916d836d361d3ba1aea0a4 |
| SHA1 | e72f21df8e9e40eb7f2ef4c5e4f819ec2debea55 |
| SHA256 | fc5b783256b9fbbf72d68eb8458e9a4a6b50d27c9b4bd89de2e74043064019a5 |
| SHA512 | 0679d0ed00546c97874b77172396394f24d0c2cd883bad6091e54e5f98652caa8befd536e4ea29f5c0a1f9a7ab8fc4abd46cc55a1a14823d8338244bc5df9aca |
memory/1860-100-0x0000000000500000-0x000000000052B000-memory.dmp
memory/1860-101-0x0000000000500000-0x000000000052B000-memory.dmp
memory/1452-110-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OEwgkcsM.bat
| MD5 | b49bb5abdd90f114f1efd61a4eccab96 |
| SHA1 | 613bac6a97e66f8675aee0193543a10f703e7fd0 |
| SHA256 | 1ce7371b5282e9430d03f4e9911122a560a279bdc12fa11751616eed75bacf4c |
| SHA512 | 6b2b3e7a2f8e74094c41f55fa559c8cf8b0bb6a250608acb072f3bbe7bf6dffc8e977d64d320b3abcd800c49cec74ae6e76fbb3d236db92751a88848f047c143 |
memory/2008-123-0x0000000000400000-0x000000000042B000-memory.dmp
memory/1732-124-0x0000000000400000-0x000000000042B000-memory.dmp
memory/2384-133-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OYwMIUcE.bat
| MD5 | 920ace73cb9d23cf25abea5a3dc37b60 |
| SHA1 | 9ae462d4b0c31b810df0df83ab20918f71a640be |
| SHA256 | 726a8837358a775d2e3f16337fea002c7b4655e1f0d37bf17154f4ff23f7b8b2 |
| SHA512 | a4e785ef1226760093aca27a537603cced7e6e2c70d1f9fb29e2a770d48a9b42e0d866b11c127e644738a505d624027cd539a77346e981f76e70b8ed983f14a5 |
memory/2492-147-0x0000000000400000-0x000000000042B000-memory.dmp
memory/1444-146-0x0000000000360000-0x000000000038B000-memory.dmp
memory/1732-156-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rcocQQkU.bat
| MD5 | 60e84dd2942e43c848b9a0526b2363fc |
| SHA1 | 762552644f56cef2cb592d1514d62166bb9b07c8 |
| SHA256 | 328b7423825a2cfb73b7648ba898ed6c85a16bb07aca96e38441b605d8ee1f25 |
| SHA512 | f1ebef1015bf6c8d08a13bf7624333effa5c43c6a1051c3234db7769af6c66c5bf75edb87595ef1319fb6ee7a43274735cc2972dcda9d384433b38329b17d629 |
memory/352-169-0x0000000002240000-0x000000000226B000-memory.dmp
memory/2660-170-0x0000000000400000-0x000000000042B000-memory.dmp
memory/2492-179-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\VCEcQYkA.bat
| MD5 | 00033431438d917c27ec85f4ad682e60 |
| SHA1 | 2a43defbcd5b5c69df66c573c70dca57ed9c8f25 |
| SHA256 | 3e727828bb3d6c8cd1aa534c8668f7a4c056317354e9053bd989c3834165d0c9 |
| SHA512 | 907d0fbfc481ae92e8afbacabfaf69b216753f2c41de88e5436a349314879f5376e5a57e569b2af36ff217520d8227679f71e8e8ba6fa8b7669ed79562a92d81 |
memory/2660-200-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zeoQYYoI.bat
| MD5 | 12281b95d087853b8c2441f6f8c00314 |
| SHA1 | d80118bac22e2fafacc5096b07ca4b61123f9547 |
| SHA256 | bf5a0be099990d525bcbc1c415a6d5faf63104af7d17bcf1b44d6a878aaace0f |
| SHA512 | 78767de72be0a08b53e199f0d5674c063f418869c1b661377a1b15d38e98a0bb749ac12dbb642c67d34a909d7cd00b5d238384bdd9f04ca48b41bf2a81166ba8 |
memory/2980-221-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PqkYYMAg.bat
| MD5 | 1d7a37157a3ca62e8b3b9dc591666e38 |
| SHA1 | 2b2a9f6c8c7f469bd124733200791332d540f23a |
| SHA256 | f793dfffd20bf969612b8be7555b65063f5d6a735905db434e8adc17412ecfaa |
| SHA512 | 6e7d37d62503a416f3a5b949bd2490a5d7f41072ea33a74dbba4359eef23205ed2611d62840aeb3b83f8e80b00a5d00c9287952fec9f8a829063c52e7775decb |
memory/3004-234-0x0000000000400000-0x000000000042B000-memory.dmp
memory/2832-243-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PYkYgYss.bat
| MD5 | 371217b62e9bb6db01d4c63662a46b36 |
| SHA1 | 5b65a955e0a2112ee0136210dbd8553a109d552c |
| SHA256 | 63c5d585b7f653019d64d1dce5b9e8761c0590a8123f8a922cdf480089f9b3dc |
| SHA512 | 9097f435cfc6e7920c37946cb1b7dbe3e4bc10a6162722c3b3bb166599ac49fb3217c55d6a64b199b8b7fc9bf05ecb3540f2e827480bb0541aec3f26e4bcf070 |
memory/2132-256-0x0000000000400000-0x000000000042B000-memory.dmp
memory/1700-258-0x0000000000400000-0x000000000042B000-memory.dmp
memory/2132-257-0x0000000000400000-0x000000000042B000-memory.dmp
memory/3004-267-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\UiscQEog.bat
| MD5 | 53da65d5b734442592502039aa77920a |
| SHA1 | ae21b3a9f62c7550970700f11ec9f57914895252 |
| SHA256 | 495e4bcf3d9a8c15adfa9d2af5055353fb6a8e3bcae1bf96ad82aa5c9d8d79c2 |
| SHA512 | 817e2799acee7903a08133ddf71ac8faf8e85a332fd778eaa27896a2ac112511a00a2928e6057b0fca739c8fc9b4731e2795828907b648395d0cf8e58a9550fd |
memory/1424-280-0x0000000000280000-0x00000000002AB000-memory.dmp
memory/1700-289-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uKIYQQYA.bat
| MD5 | 98b71ab1c49e31e8d009cc2273e09221 |
| SHA1 | 249ac30b3b43c5d541ab92a78946f01540515d8b |
| SHA256 | 4eb76803ace3b8f045ee060c696ea7dfd11602895fce4531f0c7e0487d3a1037 |
| SHA512 | ce93c944f972bfa5196f1e063e36bd8c949471a8e877dc4580a641539e43849a3670f3b54469383ffb7294e77d0ad77925d770bbaa786a6c806633c682457e78 |
memory/768-302-0x0000000000160000-0x000000000018B000-memory.dmp
memory/2492-304-0x0000000000400000-0x000000000042B000-memory.dmp
memory/768-303-0x0000000000160000-0x000000000018B000-memory.dmp
memory/1000-313-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\wMogIUEE.bat
| MD5 | 37f6fb5191d53f5e6e5c1fde616d71e3 |
| SHA1 | d2f245b8d3eb4f035d9b07c1bbeb3903624cb193 |
| SHA256 | 977b12de14848ee7aac18d59ec1feb94ffec3d449790067f988bb620701049c1 |
| SHA512 | 8ec38d1b2994ecedeecda327f8aa87bccd3adc204fbccac0742bd9acb233432379cccb5fc44f5673bfabee64fe0569517968b6e98d11a65937f1ad20c9d723e1 |
memory/2348-326-0x0000000000120000-0x000000000014B000-memory.dmp
memory/2492-335-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\giYAIYAQ.bat
| MD5 | e6fda01d5ca249e1e009179d8a4974e2 |
| SHA1 | 2831ba7d090f34338fad35f330c525c205a455d4 |
| SHA256 | 8d531ce94f06dd597ab7c814e7d4074c75d43c2841192d8fb706cb15b3211d94 |
| SHA512 | 891e0ae6dc1ed332894ab18cb4e25791214e24112cb4880bb8cbe12c3d165351ed1cc4182cc3a923690b5c34ae53e38749ef8cf2228fffb54f28e55666829ab4 |
memory/2236-348-0x0000000000260000-0x000000000028B000-memory.dmp
memory/2980-349-0x0000000000400000-0x000000000042B000-memory.dmp
memory/1324-358-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\biYwcIww.bat
| MD5 | 706828337e85ccbce67b7215a6538f1b |
| SHA1 | 64a9ab146b604c907391eee65cf8cce6048b12bb |
| SHA256 | 34b56263c660d8be4645829694462f12e9ece529720a542424d4a063b933c4d9 |
| SHA512 | b5650b3cadd9bc727c35acd4c232f346cbb91ea9181dfcf39cfba3891f942987316da41e8af11212638575a7a4d25a90fdf122945424203bc7b234fdfb3a0af9 |
memory/2528-371-0x0000000000400000-0x000000000042B000-memory.dmp
memory/1784-372-0x0000000000400000-0x000000000042B000-memory.dmp
memory/2980-381-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\xcgscYYc.bat
| MD5 | 76828225034ad0baae571a75f13f0f94 |
| SHA1 | e31c5d28850ff1129e10ecb3fb197e0f335469a4 |
| SHA256 | f8340f0225efed30339d842c8a4f5d7b3b1f616a742cf78d00dfe86fc290f83f |
| SHA512 | fbda7bbf56aba4f13e6f60dc3b605ecfbaad44f686fc00b326f2a72f63a37c7dc4c92a527ce30166c156d94b81a8c992906ca3d927457cb25d8f212d521914cb |
memory/1928-396-0x0000000000400000-0x000000000042B000-memory.dmp
memory/2216-395-0x00000000001A0000-0x00000000001CB000-memory.dmp
memory/2216-394-0x00000000001A0000-0x00000000001CB000-memory.dmp
memory/1784-405-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vmcgcYMw.bat
| MD5 | 2c136aef90ca8826946760caf632fcc8 |
| SHA1 | 36b19d45e95dcf0135d2ca87c08e347d0962cd90 |
| SHA256 | 529aa5a6bf91cf578045982f7a96661866c7b193a0b08c3550441ef758635d79 |
| SHA512 | 80ffb9cef6dc6a75dad440e1e9a92ce2646b5495283efba86667dccc2cf0f6c5ea5e9143fa739bb315e586760c41ad07dcc4e52cdb8acc045c327966c48076cd |
memory/2096-418-0x0000000000180000-0x00000000001AB000-memory.dmp
memory/2384-419-0x0000000000400000-0x000000000042B000-memory.dmp
memory/1928-428-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jksUwcQc.bat
| MD5 | 2d3d6f611fdfa10210f0ca5433ee6b66 |
| SHA1 | 1cf4eb2ffca6e6692fa68373a522c43bb3168731 |
| SHA256 | d346ec81ea3f0f190c2f8af369c4e205ce7085f69668174ca31735f387995efd |
| SHA512 | a50b852bd70445f88ddb4a891304c0b854f216d718e6fcec8a23fecaef445d8a5f6bff14c296b337737b4a37c45a108572c304e2b33125250131349aa964c708 |
memory/2988-442-0x0000000000400000-0x000000000042B000-memory.dmp
memory/2536-441-0x0000000000160000-0x000000000018B000-memory.dmp
memory/2384-451-0x0000000000400000-0x000000000042B000-memory.dmp
\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe
| MD5 | 9d10f99a6712e28f8acd5641e3a7ea6b |
| SHA1 | 835e982347db919a681ba12f3891f62152e50f0d |
| SHA256 | 70964a0ed9011ea94044e15fa77edd9cf535cc79ed8e03a3721ff007e69595cc |
| SHA512 | 2141ee5c07aa3e038360013e3f40969e248bed05022d161b992df61f21934c5574ed9d3094ffd5245f5afd84815b24f80bda30055cf4d374f9c6254e842f6bd5 |
C:\Users\Admin\AppData\Local\Temp\FAkYAQEY.bat
| MD5 | 21429ebe299a6c45d9370e33e09d3d1c |
| SHA1 | 72c39df3e9d8878e21cad64902d91c611e60d14c |
| SHA256 | bd201029739b22bfa8490134f6122b7b48b3ea53a7eb961333f34067f01fccc6 |
| SHA512 | dae5cdae46654dc361294dd2f5844a604e4d3b6c926d7136e3eadc183197f8ad7035f6f48afb0881f13283c08a57fc97ed4dbc3119ba4f538befcf714d974e36 |
memory/1028-465-0x0000000000130000-0x000000000015B000-memory.dmp
memory/2988-488-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\SAce.exe
| MD5 | 7bbc89ada5ddf6e935d71aa180d19b1b |
| SHA1 | 86916c27d382ac548b457ee828d78145eb2a1c08 |
| SHA256 | 4e6c3ced01f4a4960bda2266b2bb94b29ea0949312230610b7673968cc9131cd |
| SHA512 | 35d65541e8613c870be524b5f2def689005ca32332fa94c9d5956a1e3915c3a02ffed659e58a8d008054a5d2ce7fbc2cec80d4355a90e5bfb748163869cce4b7 |
C:\Users\Admin\AppData\Local\Temp\uIIggkgo.bat
| MD5 | 651c5cde9b8ed86a67c6f94ad58538f2 |
| SHA1 | fe833722e4a28a72829cd57425ac8b61c6703b2a |
| SHA256 | 965e419458f718f35a8a2eb92ac1cab94f52666d9ef16604b6e22afe7f8939ae |
| SHA512 | 8db2522e033b4ad2a0f3ef367044fe4a96215ee6564166daea61c143ebc7eaed8ce86e91a258a60785aa5c50af36d64aee9f99849979c251f0300fc89e6e5924 |
C:\Users\Admin\AppData\Local\Temp\cswk.exe
| MD5 | b8b816fcf82c763271da66cea7113205 |
| SHA1 | 2f880abc6269efcdd5caa52de0d6a9eca4a308d2 |
| SHA256 | f2c2ac0988126bdbe8b626ea0cbc29a87ad0a6e10143ad9a1ef753fcc2b098a6 |
| SHA512 | bb879994fa0c583669e640853a9918a1166795ce012a95abfd341a7705fbd17773c234f3b4a81074dbf26668ca38e7b81567ea8873d123cd2594367f915daba6 |
memory/2256-511-0x0000000000100000-0x000000000012B000-memory.dmp
memory/2256-512-0x0000000000100000-0x000000000012B000-memory.dmp
memory/2832-514-0x0000000000400000-0x000000000042B000-memory.dmp
memory/2892-522-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ooEq.exe
| MD5 | a58b02a8d5c960908d239cf809e5b576 |
| SHA1 | 2d65aeceb3d3522bf951296d61dc7c75ec2df29b |
| SHA256 | fb477fd70c2d8fa9c1fa2b74a1cf09b2a2cbf15c9dba7b3c9ab5caa136913f0b |
| SHA512 | f93c98d7c0bb92a32899d1491161e7c0e8f90761d309c8db63983a444a185b4eaad2b162f3d9a9c1ea37a3fee2cb69f0d95a867eeb68b7789c6e8837712250f8 |
C:\Users\Admin\AppData\Local\Temp\OAgE.exe
| MD5 | ef299c5866051350acd3a642d6adebc1 |
| SHA1 | a1d0b4bcd3791f2d7854d774d5a0b6ee02ebf98b |
| SHA256 | 63cda969facc2bd0a597a87d65811cb4ec3173bf19667510b5e19c1b9bc4bb60 |
| SHA512 | 6cf321711bc83ca81e75fe815284c9b4f845a6f5b454338ae247b15c6eac0a01ae7df376d2004ac3ce1359f1c115f3426d5d9dd49ada0f01eca9149c0f64a34c |
C:\Users\Admin\AppData\Local\Temp\goom.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
C:\Users\Admin\AppData\Local\Temp\SoAI.exe
| MD5 | 345353467f4da1622c7ccfb4f944a2cf |
| SHA1 | de8aff207e65532195720333c1e7c60d4fe315f4 |
| SHA256 | 1aca3ba6695f3b4eb964ce4c13a22a79b862417e5d5a77b80ecb2a18043ef005 |
| SHA512 | 40e70b8e0aa85688149f941c9549f31019e122b21ada7336371b29b8cf61b345d04016b743cdc639a3d9df009adbce24c5d2d02c331144cb8e0eabdfd81d3240 |
C:\Users\Admin\AppData\Local\Temp\cgkg.exe
| MD5 | 68cba6661ae798d4fc98bc252dd9a2fc |
| SHA1 | 956022078bfdd46a7fe608d3b073a179efb00e66 |
| SHA256 | f4f1dfe7ae213ba0d793393b03f40cca972007d9f53dc573dde7a8efebec8063 |
| SHA512 | 12632b0562355c42a0f582a5390ceb6b9053c8328e9e8a5f3b8d088539f3e3079ff355dc12ed2320e7af102c7a9448e958eecaa22143fd04049b369ef6e37fc6 |
C:\Users\Admin\AppData\Local\Temp\WQEg.exe
| MD5 | 62e1f788cc54e751af2af00cd2f3d834 |
| SHA1 | e428556cd9bea21cd86347cb84be2bd98764ff44 |
| SHA256 | 2b51c040552ae9316871c479c0fc179cbe7bc3e14ff1faac1a90e3140262188f |
| SHA512 | b20983ec47de3cce51c2c9702e05704ff005d66896104072e71c700cec95dee2668db6f7845b38b742478fd5e7b932ace2fc397abd973129b870a3eda042840b |
C:\Users\Admin\AppData\Local\Temp\ieIYYEoU.bat
| MD5 | be5e0b51463e837690055eabb10a9682 |
| SHA1 | aec566e7e82f56b6b01c6f96ae98d27325e38c35 |
| SHA256 | 044b646b86d77115b20b3da3dd1960fc4bec26de2c1fad5eaed399872a6dc3af |
| SHA512 | e8521ad5d2d51d813e8f5e1c02a5d9f81905d44e076efa2fa117ed5a2a6e841ce7940c5433e3b5e475f721e1364528a7c82bfcdcb0e5c86a89775d79b4bc7337 |
memory/3056-599-0x0000000000400000-0x000000000042B000-memory.dmp
memory/3044-598-0x0000000000400000-0x000000000042B000-memory.dmp
memory/3044-597-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\iwAC.exe
| MD5 | 14ec54335006f5048ea42e6b06e50323 |
| SHA1 | 89dd251f86f062c5ab41613e6310adac739ca9fc |
| SHA256 | 786cf43ffb9c86e14407b0454e2e0f359cb280dd9273590c7a337d7ec9fa829e |
| SHA512 | 4c98404fd6cd2102dca1d926254d15acb73b6b9e915a10bb42d450f3c7b842276456beac68ec65a6b280d54f424fbf21b2f7874c6e954c6cc6cdb360c9afe14c |
C:\Users\Admin\AppData\Local\Temp\qwAi.exe
| MD5 | ded0cc2a8b5e656ae83daa6cf215344a |
| SHA1 | a350229734744b65809b55bd97f9f75522e21a24 |
| SHA256 | 8ab885a3f93b86c6af68331779fe70a1584cb6f1e3e4b56b5c015d35c0c62cae |
| SHA512 | 3a114affbc5c7cfab5d58708668f5ce2d169694ff7f2258fdaf6a2dc2f7753ef34e7bc5c45d90b86cacda898db790369e0163b47b2e38822705561c9b2a8be71 |
memory/2832-621-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OYMa.exe
| MD5 | 257f5a6d50c792fad2c1f9f2a9b23718 |
| SHA1 | 15756ddc1f926311fed3f9d6ccf06079530cb25b |
| SHA256 | 62528d3c1cff3c6604b4d52d38b3b540c8bb20b3ad561e30f16d5b4fc7b018e1 |
| SHA512 | 9c485ffee4ab8cd9807880985c75d0ff8552e842149cedf52192ec545d1dd43ecc204b0cfe425e8ae89e9d90902a539e1b99e37f26d9222194446af70ac70c4d |
C:\Users\Admin\AppData\Local\Temp\MQcg.exe
| MD5 | 467f65567e8edf4cae9d2a9517b66576 |
| SHA1 | 9ff6a46a6b1c57b44a024ffce4b204628c0e9292 |
| SHA256 | 882e9d71b0df396f2720f17131ba2aae8674c223cf5b9ae572b59308c3385b44 |
| SHA512 | dd5fc3f62d92be25073b454ebcb1597fb907667e8b5dc26b523e4ac80fd79cd7e0a77181d3f0124bb6d3e8668a9e4007e63baa28728d0b218e568e43b3aee75a |
C:\Users\Admin\AppData\Local\Temp\KoQe.exe
| MD5 | 603a32ae7a1916e069fc0b6a1c1217b5 |
| SHA1 | cf921e2e38572587a0b6be1963042d41088d651d |
| SHA256 | 211a2c6c422dc9b1a1f682d87e064f70fe2ff8ab582e28cfc6933570ee085bc9 |
| SHA512 | f1b0d450e8f07cb7d740f4030dc1cad19ad3381cb3c0e8b1c45edea036ab726f9ebbc0aa6681da52f1000de5264f3f02fc6e5f7d551073748c97b25d458ccfc8 |
C:\Users\Admin\AppData\Local\Temp\yeIsMsoI.bat
| MD5 | 8a867766551fc539ed3c73d85d679b30 |
| SHA1 | 28336b2ad0c0f0a9f841449c4fa632d0f2694b98 |
| SHA256 | f7b29ca095657f581bd4368aadebb6d4e27c975fa5b715ed13673c2599ad41b6 |
| SHA512 | 0f607cd3894c8eb8bcdc40d5b5bc1d69ba5bf07ae17c3cd2df74397463ea53dad7b48399cb23a0cef641b37cea67cd75af542717d408050ba6bf578c70937743 |
C:\Users\Admin\AppData\Local\Temp\Kkcy.exe
| MD5 | d17f965168077cf113c64368c81b3c0c |
| SHA1 | 7196b80dd48ff81991c01639326073a85b8809b4 |
| SHA256 | 7a62fdba21926efcba554a5085a62ab63ae5384fe43a15dd8f6478d5b7748675 |
| SHA512 | 3496bab96ed77c6cb5b30f4b9cb6664e2987e294b46b83b0d2c80726de72cf72f9b0bbeb6f1d6c88ea161be4cc2330e537a88a435a7723426502232c9bb24335 |
memory/2940-696-0x0000000000260000-0x000000000028B000-memory.dmp
memory/2940-697-0x0000000000260000-0x000000000028B000-memory.dmp
memory/3056-707-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qokG.exe
| MD5 | a96bc3c3c0f68f6f5f0ef78c53243b2d |
| SHA1 | 41dd07ae5190c6c6e3fd29517ee93955970cf7af |
| SHA256 | a5df71892184b192f07d60b195d43e398b1493474d4bc08ca76aeffde05a2f08 |
| SHA512 | c820e1faf9622c6b3e43c093398f7d53ef58a7ec31a38e29a2a9a309fce1922d096756e5f7278b953071010dcaa821be87716b028712aa7a353c0438c61d639a |
memory/2916-699-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uIoI.exe
| MD5 | 3388257eca0aa6361583bfb8cc1165c9 |
| SHA1 | b1a5224d7dd30b15c7df852be5fc50277299988c |
| SHA256 | bd3b5d7439728aae8fbed29fdfcdb11e76f1dc3f0c8a01a95347c38dc05e9c63 |
| SHA512 | 73fa4ec0ee2c0a41dd99cb4959785069b63adce564d6ef87c8f31544d73799a174d17cbe83d62823e971d19496f45ad6303f9edc5f390c3ae2dd0072bf57f8b6 |
C:\Users\Admin\AppData\Local\Temp\ewkq.exe
| MD5 | a81fc7f877c9919677482fba4e1ff771 |
| SHA1 | f1e0a0b003040860229e2bc0a23b501be9587100 |
| SHA256 | 6f3d6a70deb3bb14c1a9d09532a592accc0a26c824874aeec5650d925656d6ea |
| SHA512 | 5470044218d52cb95d957c42edd7b00b668c245884b0930e74c3b6b8cf6469162d9e6175c4c595aaeaba9574a89245a212c4e9bb2698be4d37108b2b7e668b35 |
C:\Users\Admin\AppData\Local\Temp\ccAIUkAI.bat
| MD5 | 8879ed75af49d3ed92f04ecd1142bb71 |
| SHA1 | 5577b428d045e5dba8c6f831a080275be9eb9a5b |
| SHA256 | 9207afd3b67912e9dae1d56dead50d837619c01c1900347d4e330b09a2c8364f |
| SHA512 | a20e1bcb50f5b25565c593c9fdef5d040fef0055fde76314352984defb207a8a6c1b7f7618fb86fe9e2f557ed94368e7d79492de8b7ec77dc0b74b0d68189554 |
C:\Users\Admin\AppData\Local\Temp\cIQm.exe
| MD5 | b912950dea28f768ab59aeb2d0e3def4 |
| SHA1 | f4749df2aed4a255f832321ff9b112bd9e073a71 |
| SHA256 | 95d4758691d2dd762e62c0f71c7e745484a35b475d15ec57b04a83185cedfdc8 |
| SHA512 | 3de6e5f59985355ad980f5e9a115570790f51ae7f6effc39b05adeb6bf699b792d4ed10f850a8b108802fd258997a88d1ad72e7d1d89188c479a1ef8e3ba4fdf |
memory/1612-770-0x0000000000400000-0x000000000042B000-memory.dmp
memory/1612-769-0x0000000000400000-0x000000000042B000-memory.dmp
memory/1044-771-0x0000000000400000-0x000000000042B000-memory.dmp
memory/2916-780-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OwUy.exe
| MD5 | 3b81435f37acb1ab2c5ea6a56f7a9627 |
| SHA1 | fdba6f4d03007b07cd1dd7902a7857eb9b595b11 |
| SHA256 | 176d25b81688e684691b208c1f54d9eb5c67792c1f43c0a20dad9eda55791fe5 |
| SHA512 | 50414233e9ceba8232b2da3f4017f847542899ec9a82c12d585a81cd0d1fa764d3f243e966ec440ab41d6aa071cecfa1d4a6244242c99afab5cc9c210fb29ac5 |
C:\Users\Admin\AppData\Local\Temp\ucAA.exe
| MD5 | c586ef08657b2eb5c3623e917e93ff19 |
| SHA1 | c1c97b6a94a1cd5524505e3101fc9b250d869db2 |
| SHA256 | e9ad64bbfaa9d601c2b6ed9088de7cadf224be7976d096927762ae9f98cd1d31 |
| SHA512 | 95e20a409cd808350354ce28e9269fe5d723190bdbca037bb767eba55ba3623e24525ccc8b247bc61023d4cedc637544df2189a3aa2af7e181faeb3d5e637824 |
C:\Users\Admin\AppData\Local\Temp\aYQm.exe
| MD5 | 4763b5be23528e1247ebf4b46befe8c8 |
| SHA1 | 84f46fb3b94b8918faa73b5cad929f2bbc2e092b |
| SHA256 | fcaf1808d4a59ce7f75479f717d4ca730d0c0a2febcf5fe0d69c4d2f2b472b10 |
| SHA512 | c864beb5489f3b67e682b53b96e869dbdfe686f487a662b1a03cd362cd3b0195ed97d0919a47c333ec98d480daebbff990b15a5966fc48b24416bb2e30c3cbb9 |
C:\Users\Admin\AppData\Local\Temp\GYMQ.exe
| MD5 | 7897f6eaea4c3b5cc7772f0e9f006262 |
| SHA1 | 2b7b34bddd81ed5e6237fbca1e884d279a52aacf |
| SHA256 | d0120157c11201b5742812d7146543eb26cb8b1745176f25f1d2ace00c53b6da |
| SHA512 | 8d357f5004dd9baa289c48b990f24bf3e1c8edc0103f065f8615d009c24ee852c07143ba272ac8965f65b9b0ec18cb749dec5d9cce88898839b4583f5c1176e1 |
C:\Users\Admin\AppData\Local\Temp\XmgIMUYw.bat
| MD5 | 6b23bdc8cb9307efd461863904ac0911 |
| SHA1 | 15a3e136944c550f9ddc9a23cdf8eaac3e2b89e6 |
| SHA256 | 387d6b95b8ae489d49d5e2090f8b858cccae01d987a1d29d222b76287b40ac73 |
| SHA512 | 00e8be1bfa21907804951798d32357f2f2580da4de32885eda0b3d919d1f0a6262d3c47c6bb41b5e9e666fe63c8773b9c304e755a5344ab2461d86633ed9ab64 |
memory/536-844-0x0000000000400000-0x000000000042B000-memory.dmp
memory/1152-843-0x00000000001A0000-0x00000000001CB000-memory.dmp
memory/1152-842-0x00000000001A0000-0x00000000001CB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kooE.exe
| MD5 | ea6863604cd920d78f3bf455b7ee6ea7 |
| SHA1 | 7d5cb38b25d8503cd5a2e32c4af4d23245eb7c58 |
| SHA256 | 9efcba51817f7854075f976fc2e1e4419bac20c4fd96eb9ea28fc0cbeccd7ce1 |
| SHA512 | c43304768185147600707e996e0028dde266151f91f1e28639956d7978a6f5609fbb822c5691812691e498793070c2fd3a9bfaf98b13704b0c1536f6dee5d9ce |
memory/1044-866-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\aoEg.exe
| MD5 | 3a62ff3cc0d4cc0accde03a58285f143 |
| SHA1 | d19f172f0a285f25d11687f40a82cd264a4a4dcd |
| SHA256 | aca314a18653d9314bdfb006ba226493cda78b152884450c13ee3250ac729730 |
| SHA512 | e74891ce59a1e58563c7936ce13f6e61e77f098be9b76132654588ec6c9c6afd03ca2b336c1ff5c26782708b4cff81a22313afa1f0a56888c4d07beff5ee0316 |
C:\Users\Admin\AppData\Local\Temp\akMo.exe
| MD5 | 7899f1f65bbdded79f3d9b6792467e2c |
| SHA1 | 34469e6a9437e8b8fcc0e0291a722c10790a6c22 |
| SHA256 | 58da4cf5558929266c89c69787ba005e95bbee8a0f954c1b25696a05b6f78efa |
| SHA512 | 3bcafc51f76c6bc6ffba97806945119f1311b61964a407670417466332b19ec9ded7f984ec392d8359859bcb8e73f387d8b1262cede69781d5e4f9c9262116e7 |
C:\Users\Admin\AppData\Local\Temp\ygwQ.exe
| MD5 | 2e5ceba35dacdb96e462101cac1ed3ba |
| SHA1 | f6cc2068d644cd2949c26a91ae0e5a1d7b387770 |
| SHA256 | fac8041c6cafac75b8e18681705d3ca3f4b0489e4491b94dd02d52b7f891b182 |
| SHA512 | dbfc720f12b289c6da8324aa46ae5abab6c28f714844e6f20a3c0fe623e2ee05af35f37e71c12d05c72c8fdcbc2f94705ddbf2193964bc1efb110b8eac064259 |
C:\Users\Admin\AppData\Local\Temp\qIkc.exe
| MD5 | 23e6754467aaacea5d2d41732b17e561 |
| SHA1 | d8c96d6afcc45593e18b35a70a5c21bfe05801b5 |
| SHA256 | 08f76fb369fcfa30648f68236f854a70a515bb54d55d6140c902dc4c518dcdfd |
| SHA512 | ed1451c397b39a0d57d064c993a8f44e3a7a27e59bd6a83707f4fdfcb5a6974a5014d6333c88c6dc3e6ab78c370b748eff59093114e9692c83e48136b534cf50 |
C:\Users\Admin\AppData\Local\Temp\zEgEkMUs.bat
| MD5 | a6ae6973732ae8a689a5161693348a72 |
| SHA1 | c6984509bd7b41af060b1dccb242dd733bfb6883 |
| SHA256 | d48e7a7f9dafe91c9e95f7a91a678f970c8f358fcaf7f9903444b1cdf49dde0c |
| SHA512 | 74c5fed462ade4eada2f94bcd61b989fb883116706606cb9fb445e348e0525cee4cf0a2e970fd30532e9746c16176577def4ac9e0ea46d6fc8b65331ad7e43fe |
C:\Users\Admin\AppData\Local\Temp\yYMQ.exe
| MD5 | 119024f8a380b273d3785d1303b77254 |
| SHA1 | c0a8af3a2d429e663d03e90c236f7298156ea8c0 |
| SHA256 | 47e47e1b39fb883c25013ab5ecb83e119bad8b2807448ce060a48fc13921d40f |
| SHA512 | 05f330deeffffb10b79f8a487f6784f71d656cb4f933b3eca69cc5696d0f8977094bb17d523270e93902d2390bcf5bdd262672cdad4f44d3a431531d3f7f009b |
memory/2684-955-0x0000000000400000-0x000000000042B000-memory.dmp
memory/1520-954-0x0000000000400000-0x000000000042B000-memory.dmp
memory/1520-953-0x0000000000400000-0x000000000042B000-memory.dmp
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp.exe
| MD5 | 55871c18e8d86e99457e2056c97d3c57 |
| SHA1 | 610d10f218bb3594a4f71b4c007431e7aecab723 |
| SHA256 | cf2e97fc48fa8c0844cbf11822e8948f12254136a982dcc93670d078a120b18b |
| SHA512 | b3ab501776731f036be3e9c86c0a9cc9807408f03d96f4048021ca4b51be2161f6df01e46d155cf42a704bee04b39402eac1418eed37ff08107b443f2073039c |
memory/536-977-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GcQy.exe
| MD5 | 6458c0842c72a412e23fb38907596149 |
| SHA1 | a7e82101f85f1450da5f48a64692592bb6568eec |
| SHA256 | 6bd2823444bfe8b7ad000e44b452f7b331ef523104ef3a7d168b4c5454598f33 |
| SHA512 | 1047a14861adc4e901934c5b8326e791d7c9a26423763c32e4c6b42c5ce313c771a9c005e95e13dfc6d4884ab4c7070f5db38d5ced620830411173ce5ac3aab8 |
C:\Users\Admin\AppData\Local\Temp\QwQM.exe
| MD5 | cb0dff9a572f8fd3e609eca368534b48 |
| SHA1 | 6d912637c5dda73a15e9c20c97c1c911508fb71c |
| SHA256 | 05b695af9174dc3beb6460901711e1a24a0e3c91b3aa30fb4917ec522b04ed61 |
| SHA512 | 8ac72dde7bcbf5913068bbb8517af9e0e4f78d6246c7e4f6a503f72bc79fdb5918f00619e8fdeca16eebf8e4d0dba83f6349730b7f01ec7856a9844e3ff13931 |
C:\Users\Admin\AppData\Local\Temp\DEkYoMQg.bat
| MD5 | bd819b604fc127f076408bf6e88b2c7d |
| SHA1 | f7c981cee3a356c1cc6fcfca416447f6addd6c87 |
| SHA256 | 2429641063c712f0e3ee5d626a8d1bcde7d76bb150404f605be33bc17fbf9754 |
| SHA512 | 0765b9a222ce7b527894a0565572f1a8017b9d2b589c6c0d55765493026e84d1ef361a126374d9f07f185ac31731d26126c073ede5c434d19831dfd85ef06596 |
C:\Users\Admin\AppData\Local\Temp\eMcg.exe
| MD5 | 167032253f740ddd1654ac019d8fe08e |
| SHA1 | 5e23e2e1cfab83729dfdd592410c3b687d36d891 |
| SHA256 | 665306988ff6ebae3d827e514749b125757ddd9326b987193286cf6e730996da |
| SHA512 | c1d90799f6da5e1493ed4bad6500aa88f9a7fedb6c3a24c2f06f5b5a0789c623e1b229b068a2ae9cad737691307e6806b852cf5251e246b94ca0e0cbd5557707 |
memory/332-1028-0x0000000000400000-0x000000000042B000-memory.dmp
memory/852-1027-0x00000000001F0000-0x000000000021B000-memory.dmp
memory/852-1026-0x00000000001F0000-0x000000000021B000-memory.dmp
memory/2684-1037-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AwsI.exe
| MD5 | f4b6b7c361d59cfdc8fd6d090ee41450 |
| SHA1 | f79e1e3b63fecb5f755edb1ae5a67b48717aa058 |
| SHA256 | d43ed1701892bb7c87300460dbf00ebada8eee3eaf671489449a71f98478c1d1 |
| SHA512 | 7b19407a33147ceae9125885a4a33a3e530691346b016b62de62d47d128ec3bb2d69ea4f2830beba79a3240855d6809dec2c7a978bf418611a311a362a1c6513 |
C:\Users\Admin\AppData\Local\Temp\GkcS.exe
| MD5 | f91b6cff8a4a6538fa890d102ff75d3d |
| SHA1 | f4ed806cfb9eef36978b1c60b949179af839e9e2 |
| SHA256 | c6c7bc45d545c4c39b9cc194e230466e5e8ec4976f283259a0ab2fab278d2360 |
| SHA512 | 35e5c749c075ba1326f7fe27147d5c584f2c31beebdf977744acc29e0b8f32d366fd47ca5a6348cd7e8fed30edf181fc882f6adb7778e0bdbdec386581479911 |
C:\Users\Admin\AppData\Local\Temp\ekwW.exe
| MD5 | 6a2bb1f53442e46838f9d7470e76e1c5 |
| SHA1 | b7caebb44ccca5f62ddb6a140f4bad867f2596cb |
| SHA256 | 301f2f50e61ed895e7937f9d12b02159a9ac027a877d8bc9598d3cee1a0c77c3 |
| SHA512 | 1f72ad52618cf661fa4efd0845c3f760037acf1c43b3121d5e7c124784ae06c630e578c96593acf5302842e9aadf1dd0a8b5d7e36d9cdfaa186683bea5cd2543 |
C:\Users\Admin\AppData\Local\Temp\uQMw.exe
| MD5 | 5ad1985d62a14606e651c3853c53531d |
| SHA1 | d6532c077a1a6fae80dd221be2b965e2d13c381a |
| SHA256 | 81cf57924668d709d05d642674b8603370da00ae740c76f4988943ff50f45407 |
| SHA512 | 1b05e488a0caa12af52411366768cbfce7b384986998da182fc0c32680413c6a852577465ac5b343fd2730123dfae9adda308742c9e5f4ab25ac5c46f1f9c387 |
C:\Users\Admin\AppData\Local\Temp\GQUo.exe
| MD5 | d10c589d7890cba9d2ccaff2e4db8f56 |
| SHA1 | 3e49d4a6832475ba03c309406a4a5a82b13bf059 |
| SHA256 | 9ae09669baaa175dd10abfe96934efb51ee2bec962d2909765d47114bbd61baa |
| SHA512 | 0fbdcee224c36738b603d769bab15c576d6d8188b376a4e3839faaf06154b7ea7b2aece0be8e2b1b425fd68fbf1c1abea1b82604552b425afc07dba4cfd4daff |
C:\Users\Admin\AppData\Local\Temp\WIki.exe
| MD5 | b1537c4dac934955430ab87f4b30bb02 |
| SHA1 | 7bcdb11b725aa76797a31ecd81b6e2a07df93e47 |
| SHA256 | 0f94e3e6950c890c3d5b80f34d0b4f3f8490bb658301d092c5dc8c89e6db7458 |
| SHA512 | 97d69b3dd5f94e951b0bc35271a0684ea70ba867b1522bff67ad30ec1d15b0f95e82df7c76e3e11fd61eaeda44593021d8d977299d61321a9ce658b735d3f2d6 |
C:\Users\Admin\AppData\Local\Temp\bwcEAIEo.bat
| MD5 | cebfdb3312055ffa722197413ba28a95 |
| SHA1 | 4c9e9d79d957ef275fec14793917ebdf001c937a |
| SHA256 | 3e14c96361bf23a4ea075d6ff068cc8f278f4cd112c6145c795ab6d16734b431 |
| SHA512 | cfd14a9666d95cfb5247542d64188e282b193f08fc500dc265bb1ae32eac2f431a0d49b1f4abdae255d99831063720f4d3c392b9ba74ba2652b9d6049ce6ef40 |
memory/1920-1125-0x0000000000130000-0x000000000015B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\coQw.exe
| MD5 | 85f556c15a24267100663faebc5fe285 |
| SHA1 | 250c1f6ddcad7bf93467fe21c90b8c2d390226d2 |
| SHA256 | e82fd4ad8968c2934d9447ba7d70f7a20a76f14556fd5d4d1035e2f9aea1e9f3 |
| SHA512 | 8c977197c8822184a8761727d9ea54ae3ebbb1b3ddbe932c4424c857a1bde61dcdb3112006a517b769bf5bd9ce0f6023dcaf2de0c23b562bd8d4c94a26a67695 |
memory/332-1147-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OAYc.exe
| MD5 | c8f429a5c42e4c02cda95ae7f8c45af8 |
| SHA1 | 61e271b86cb18dc1e04af968fcf4f15b11cf6ee0 |
| SHA256 | daf5147707d51e83ea5de522ee6e60bd6805ecece17b2f279f9607e112c328dd |
| SHA512 | 3050e29bbeac76074f0a6f17c5ad2491ab2412427846304d0f22e751d6fc4244147d41e15002d4ab5bc4dd5c6edf4b119dfc8d9c82ff01073143e5ff816cd3d4 |
C:\Users\Admin\AppData\Local\Temp\sIsC.exe
| MD5 | 0a54159b7a80351579c0b093580b2703 |
| SHA1 | a7f3435478f91189ef5703c813f01e63b1afc5e3 |
| SHA256 | 87e6349303d0078c990893fb21659597ea85a519768c8916b44549f517a9a2e4 |
| SHA512 | f896a2395e07455a1406b5413d98e286544a770408f9c72d95bf97b1b6333be0c65b315bd46864fda909e98693f02319685ed7c223586fd61b32b74bccacd9ce |
C:\Users\Admin\AppData\Local\Temp\KsQK.exe
| MD5 | d43dcaa3a1c44d9bccf3208da7a5f0f8 |
| SHA1 | 11276cc142cdf9a53120863febf6b498024a3486 |
| SHA256 | f821cf743541ee276a5f5a6830ab5ad2355f6a6d8bdb37e0f3ac98cd6f9a8541 |
| SHA512 | 1f76ae11c1707f84f08986299559355204a62f80ff8dccda4ab35daf0c34bf9ad7ef59961b8d5704cde6772029a7b266fa9c3c8150532abd0faaccecee985f8e |
C:\Users\Admin\AppData\Local\Temp\iSAMQMYY.bat
| MD5 | 1e17a93c56d72695656b81e7357625b3 |
| SHA1 | c1bb6b1809d216338174e8439e48105934de046d |
| SHA256 | 135eff6a5ad1bd000278da64bd5608793e86992a087ceecaa7f5d7aa1112a6ab |
| SHA512 | ec4c8b15c110a4a4132a7a3133acb4b08b82067fb18bc33d231743703cdbcde7cca33b01b7337aadb69a3b1681cebb4228b6c68562fb78bed25e75d3ee9382d4 |
C:\Users\Admin\AppData\Local\Temp\Ekgi.exe
| MD5 | a1d97e01639de0ed5ca9c1066e317d70 |
| SHA1 | 739a5e6b9488dc22568f583024fe53a68cef198e |
| SHA256 | 2d359a66cf324ea8ba74c81e3081c4fa28fa9e8f9dd2c4218a9d5c7fdf7f4ddf |
| SHA512 | 1be6f5c56def7a53fc6fa1f03134c56702ebdbdde67d966ab8091e8d84768e843641889633bb0401cd42c2f3b5b653d3ebd06b7afc3d9d312370766115422d1b |
memory/2672-1209-0x0000000000120000-0x000000000014B000-memory.dmp
memory/2672-1210-0x0000000000120000-0x000000000014B000-memory.dmp
memory/2584-1220-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\YsEw.exe
| MD5 | 2b3a5eabe4cd671b19c249f9b559988c |
| SHA1 | aaeb49e504b1fbea7e07d0b90ad1074a2deea68f |
| SHA256 | b29b005df195c3843dff216bb2079a95c5631da675cd5ad1b6a8edb8dff010cd |
| SHA512 | 9f619eaf9e2f9d1eca058d303e54d2cc07ee82394624e124bbe3e5b4ba15913b287f21403d074e77778495fa4d10e5955126bee31619a6d38d79992de65e7b83 |
C:\Users\Admin\AppData\Local\Temp\AMEA.exe
| MD5 | e1de71cfe4e031b52fa5225b475e9c37 |
| SHA1 | 8352d4c2d899e33dc27b4824e3a36d530ae170f0 |
| SHA256 | 039b56c6978b95c92545e074e91027b814b9d3f1186bea531202c599a37bf6f6 |
| SHA512 | 2f7fa870ebf9fd43b2573a38117f11e2a5d43a273948d02d826df7c386d30f58e1f1e44be981a4e994395133c26749eceb52b3410a2683f3b2ccef7516ac1efe |
C:\Users\Admin\AppData\Local\Temp\cgok.exe
| MD5 | 88f93a525584b798329e059dbb819400 |
| SHA1 | 705efe6bb45bb95be58ac439bd7d99b44e057d62 |
| SHA256 | 28c50d09e31429fc398c23f729a108dcc8129c05f6e9ebd7f1bb4d587bfc1af9 |
| SHA512 | fb529a37369d0cc61ff1af20e6fed9f0621299c3ab10f13db7873ed4656cb28fa1be8d3f54d919d6dc0d7ffe6f958e1fc3d78e250f2ea3b72a9220da851ab8c9 |
C:\Users\Admin\AppData\Local\Temp\GoQY.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\iMkG.exe
| MD5 | 7caf386daa873f9a13dfa628d1f14b64 |
| SHA1 | 5205feaccc832bb9f6abd351b6f007996489e85a |
| SHA256 | 3960653cee334e70cdfc1ea140bc9974aac38e2ab5f69d99b299476f9ab4fa4d |
| SHA512 | 115289c43190cab25b1919a1636c8730ec7e628c96171cb5ed0448335a6f9c0d3675429d68f28df8c1b918d88be00add712a678ee95921bd85f563bfe5f7b290 |
C:\Users\Admin\AppData\Local\Temp\KEsC.exe
| MD5 | bc912623fb93c702fac9f80f38c93201 |
| SHA1 | 4ae4a154e4e244d80c26a94197a8d016701604eb |
| SHA256 | cba70768dc6b197964e1b42f595f19ade024bf45aea13d3fa293b4a52f3e43f6 |
| SHA512 | c7d7b52c6f3ba659523a372deabcc88b24e3fde5880f4868dcf49dadfec1a38341ff114be98a00fe1aee9b44a2948b1390edbf29b3e222ffb3e1aeebb827e5e0 |
C:\Users\Admin\AppData\Local\Temp\CkMcEYQM.bat
| MD5 | 850ddfef5585423ff3d5c9b798a16b35 |
| SHA1 | cab32047042031fa1f7948c73a32e6eba2ef5fb3 |
| SHA256 | ee248dabdf0a0458a72b01a16cc0bd21e13c1bcc8ff1171126ca56f0b5747d66 |
| SHA512 | df29849790aca7672b59079966e998ddfdafe1b8c35b7aa79024b093c4e323c8fd2f0dfbcc1ee7f1f1a480b86ed438329937ae7913c454a289c516cbbd329ba6 |
memory/1844-1294-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cccm.exe
| MD5 | 226143fe421c247cb7c6bce0ec483730 |
| SHA1 | d8ab7220bab52e9acd9b43b0c4536f57ebbad61d |
| SHA256 | 717520abb020bb6e0af655a037324f3d60bbed48bbee9d1c15a1aaddceb12e90 |
| SHA512 | 10ffb162dc7d87b68b944a4f0c2bf3c62030fd7ccd4d281f3989a4008223f4e676324e4e667cf76d1045c9b724df183ef5d302f69a3d10bedc1f837fbb8373f1 |
memory/2892-1329-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\eMMG.exe
| MD5 | 5dab57df5ad77da23ab43b3c73114d8c |
| SHA1 | 811a1044074deddfb22bd2a67f47695ec7d4064c |
| SHA256 | 02fb36e45d23ada72eb43a64a835cf9c566971715d62ae67568b3f67722004bf |
| SHA512 | da1deaa88f690d12cdd3f80cfae2a4c968e38ee998213afa07c6a89b3f948380f189b6a9159c34a09af305a5e555cd842719087b80c3bd025d2f10a95895dfb2 |
C:\Users\Admin\AppData\Local\Temp\Iocs.exe
| MD5 | 4537af5249ddd7b84eb4a2b538652790 |
| SHA1 | 4dbacda26a57e987c147efd0486d711a3bc515a6 |
| SHA256 | 606e53299da0dcf00d534b4d4ffbf7b854c54574a3df3ddd2fc9027400f6304d |
| SHA512 | 3e6abd8799cd5b3f0afabe167d6d9b3dc92371aca93cdd3b1b09b1a973763ecf9960d30dbb93ba1aabf9ad3c5099b8463e6b02735b2001d684870c5313cf42f3 |
C:\Users\Admin\AppData\Local\Temp\UcswgYwo.bat
| MD5 | 36f63ad0c7e85aa1b9622a3fd683fff1 |
| SHA1 | 04e6e72d457717366522a2b018057724dcb0ebd3 |
| SHA256 | a5064d4d25e4e752d76483a8de72e9268e15904313a7558577da60fd6a5bbebb |
| SHA512 | 954bd9a334003f86de46e520c0d9e4a0b63afda9e2be595b59b284474889318c60be5300a6966561dd82f622701709bc602ba03422c1baf92113e958e82d3e0a |
C:\Users\Admin\AppData\Roaming\HideReset.rar.exe
| MD5 | d41e9ee841a61335fc4b8d94210a546e |
| SHA1 | a86a7f600d22fd55870e1b3f81820d4726590707 |
| SHA256 | aff6622142e492155d94b511244eeea476326889ed287b2230bd087dda62f94e |
| SHA512 | d5804febcba7d2e9a5935b530ce44dd3dec0331b63372845b8c0470fc908f1358151d4b1bb9829bfe3d53cd7681bb8b1b2c83e72973b521b661dffd4aac7d9de |
memory/2464-1365-0x0000000000400000-0x000000000041D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KYUw.exe
| MD5 | ea81312d611b2a4cce6b587fbcccf5bf |
| SHA1 | 1a7973cc8c274462e1a50b1ed1a295b3a1849667 |
| SHA256 | 38615b12735908f23b40c441fe68ee5c5fe064f4c8f2035752a5d57230c13807 |
| SHA512 | cfd0b48002e7ebaa2713ae26bb9643ff37d9291e53c49435534bdb53ff8b156d2ca5fc9d36e9556f8b0ed62d51e3f260095a183f223fe43fcdeb5670892d54cf |
C:\Users\Admin\AppData\Local\Temp\goUa.exe
| MD5 | 458742510ee4ff3e213f97e64a2a46c8 |
| SHA1 | e5e6c4eb8cae2798e2d3c9e9cf0691aa57f2b222 |
| SHA256 | 92d3f7eff3c780ae3eaa7ae45a0129d04a8b525d805026fc8d9099c591252ac3 |
| SHA512 | 78b1e6368b36e3cf4f9260b5683369723f87008b2bc06591ea265755d598cea9a647734702cf817f0d8f1aef671d14c2da22e562b1098edcf07b1f156605722f |
C:\Users\Admin\AppData\Local\Temp\AAos.exe
| MD5 | afd9e0c7dc9c036f3f3e4fafd6930988 |
| SHA1 | c17db2c8322bbd71d2ed697793ee2658aa6bb3e1 |
| SHA256 | 148fabeecde4b0f8f45b08c37a062be20aaec275279f9effbae9eeddd0b728e8 |
| SHA512 | 28fc8097da7fa631ad2161ada1dfc452e6dca32232adb2746b30fcef6a486384a3d1fa72d86d8623a210ca9e20770482b243ed3362716131e825edf48b6817e5 |
C:\Users\Admin\AppData\Local\Temp\yIAG.exe
| MD5 | b91ce6ed351e93f8f343b113939b7662 |
| SHA1 | 5ad18d7c6e25b8ef411fe82ddd8eb8c7e95a492a |
| SHA256 | 889a37895d0146f4e66fa58eacd6163e0272e905012a3c2894cf0a614eeb4c9f |
| SHA512 | 3f4ae78118e3d7947e4e758d14969cbf45f039d454336c2a04e3a4b6718005f2dfe6a757cf2930928eca5b41c4e9005f73fb19b85fb0ee5d02c3920718ce6e7e |
C:\Users\Admin\AppData\Local\Temp\ewoi.exe
| MD5 | 0374dbbf8ee60d262a34c1bd00c6c502 |
| SHA1 | c7ee35a3076dbcd7c6d9bb3e8643582eb469a41a |
| SHA256 | a230540c8bf0ba2b9fc3c0b7eb7180a60ee7439b2ec911ef5fbf530821c288ea |
| SHA512 | 7b9fa03d4cb0372fc5dedfa36170767f2e192543a7b15087694cbbab7b437768c04411c29ae3456e4f17c82b80bd540c01434cdb8d59f42dd6789d89d3d1814c |
C:\Users\Admin\AppData\Local\Temp\GaskMUsg.bat
| MD5 | 41905373ce0ffc2b30e2b5615fa147d3 |
| SHA1 | a2b36212175bf97113aa9f938ffdf494b3a8bd1e |
| SHA256 | 8b50d6d93181f66e0bc6795cd687d8e1de18fece836ab55b6417b79ca6d5691e |
| SHA512 | 0d706f2a2fd30cc0bea498a8b47178b47f78617094a694ccf1159a981626e42b2c769be2bf4bd0a12b8f6f35adb46e73dea63c9cfd37d9166f891c11d14c77c7 |
C:\Users\Admin\AppData\Local\Temp\WAQm.exe
| MD5 | d296c4915e9c33dcc6f325686f887055 |
| SHA1 | 6c856fd3814d735cf5c67aeac4c5f9ddf9d6de60 |
| SHA256 | f1f155012444210313c173884af18ef5a1893d9c9ae4d4fc7b72158f3ca59757 |
| SHA512 | 73e6dc66b0541550ca99336124e2a679a8cec7d497026850123efd68ee419c5239dd1954805dabcc30e10f39437851940767fe5978f671670ab34dfbbe39b498 |
C:\Users\Admin\AppData\Local\Temp\awAY.exe
| MD5 | 311eaaade2f1665a03d79fdf34582fd2 |
| SHA1 | fb3d378c49aebe6b64e517630a98353fc875d80e |
| SHA256 | 7ae3c51659cf2e1832b70daabd83065f0078f345efa33426b5321c0191fc985e |
| SHA512 | 17d5fcf00cd6822ae6b4cb3d11141774ac4536bcb143cdba548282b55a53868cded6167cca8e4acb28d3dcaeebaf023d94b959331b6273ed603144d9e9025cda |
C:\Users\Admin\AppData\Local\Temp\kMwc.exe
| MD5 | 0eb0f277dc672f333d322c6bd43827f7 |
| SHA1 | be033255028ca9165bb8967718feecf9660f5daa |
| SHA256 | 96544cc51231b85d1457289decccc773a7556f5d19be9f55a289eff7c7747214 |
| SHA512 | 1d849915814b3d3201b0cf591b1d46d37089f442e9cfdc56210d1c14b0f9c14c859f03503acba5304492ae08f943dc33417fb602969ac831598a6b8d4ea26a06 |
C:\Users\Admin\AppData\Local\Temp\CMMY.exe
| MD5 | a49c97a1722481b4019f47f092beaa9b |
| SHA1 | ae830bebbfded96cf0ae620e0da9ab5a6cf4432a |
| SHA256 | 01f5a4a753b78ff471b5a567ebee1f93761a00d0a54545e9b40f45765658d32c |
| SHA512 | e0a67a4c70523da444e6a3b3a4b32bcea8d9b9d97c35368468dd546c580a2ed50c6655f26b4e5e4024cdedb8632db913a944830bc72a22111afbe9b5548eb81e |
C:\Users\Admin\AppData\Local\Temp\qgoO.exe
| MD5 | e471547b621f49ef6cd36b76f5684db4 |
| SHA1 | 04102394c114e2518e7ad7e603d3faaa3fe9dd2f |
| SHA256 | 577cbd89de53ccda6b40f3eb3e0df8bf2c4f9afa6013fd56a853638d8a01fa8e |
| SHA512 | 031850344985af0a6bb6651b2b38c0235552b6b4f6b3a0f0806add4ee0eb81e74da58be994059690fa640fc5d3bb98e8ab19bf7ac67f9de03f56d1f392f23655 |
C:\Users\Admin\AppData\Local\Temp\LiAkEcoY.bat
| MD5 | 3f0be73723b9966cd20c9fa168c0dd67 |
| SHA1 | d3c9457ece3468739cd37cfafc07b100d79f9102 |
| SHA256 | 403c14cc93e1b955518338187bb7aecc3487670873b29508fa6a91bff855fb9d |
| SHA512 | 08050dcc2d1e264d0741b3ad47a79d2b893ea33f6d9eea131d123d2e123a4e89773547442d0f743b1f82b7d6d27230ce80fa963f4f5b731eb5fa7f49fc5de3a3 |
C:\Users\Admin\AppData\Local\Temp\OgYe.exe
| MD5 | 614446adfc9f73fd02372868cc15607c |
| SHA1 | 91e62af984700afe8d2e381ab88ff498c18b2744 |
| SHA256 | 3f6aa13f2e77de59a7c7c282891e44e0cbb71a6dbb61f121bc59e938c584d7f3 |
| SHA512 | 21acd9f2beea61e882335f19870e3ca61b1944167e4318c2f16ced791f60fd59145cf9c7d7f485b4c9e59ca2ec74a6c0121b59952ca614da122347ad06cf4865 |
C:\Users\Admin\AppData\Local\Temp\CYMy.ico
| MD5 | 68eff758b02205fd81fa05edd176d441 |
| SHA1 | f17593c1cdd859301cea25274ebf8e97adf310e2 |
| SHA256 | 37f472ca606725b24912ab009c20ce5e4d7521fca58c6353a80f4f816ffa17d5 |
| SHA512 | d2cbf62540845614cdc2168b9c11637e8ab6eb77e969f8f48735467668af77bc113b8ac08a06d6772081dde342358f7879429f3acc6984554a9b1341f596e03a |
C:\Users\Admin\AppData\Local\Temp\gYcw.exe
| MD5 | 889d64b240beded7466cf55a8a2725b9 |
| SHA1 | 3f57aa224916a05a19df477361c6f0b8c822bd87 |
| SHA256 | 4d97cdbefcfc0852a3c32c7457c20b59a92f27898b0df2f889d08f70a86df107 |
| SHA512 | 12fede032bd32a3f33a441f3314dc832ab1eb74b0a67fb12a17e211f1bf338efa356b8c60ebafc8ee2d365be4c03fe425c77133ad9450b280ae2e2e521562940 |
C:\Users\Admin\AppData\Local\Temp\AUIS.exe
| MD5 | b89a0cc9e4d1f2ff79e58ad5bf5fb102 |
| SHA1 | ca3092dd867ef22eed2fc2bcbdd35fdb10c0ddb9 |
| SHA256 | ce6e765737f6134e08d5cd50913415900ef1f2fd1dc442b72286f44a927b1324 |
| SHA512 | 5063a6fb9909c49715b4b2bde5b199b6d7542b5cd6f6603661b71933bf47d6bc5b16b6a4c5e20c271cdf24c8d83365da8a0d5c720979e31904b5c3e36f8ee511 |
C:\Users\Admin\AppData\Local\Temp\iEUy.exe
| MD5 | 6667e6045fc30928085480195dad6e93 |
| SHA1 | bd9c5c4106faf44d6e9a198720ccf73f4d5c9d56 |
| SHA256 | b556a358bffff540310816c173471e8b681504a15e2587321600a34a632e59a2 |
| SHA512 | 57bf189634717985366a4deffc3a6f395bc3af658af555aed87933411c78fa0873566a6a4241d32845a69897f0a7f47f9209c95e3d1017c94e5b6185b8b33b68 |
C:\Users\Admin\AppData\Local\Temp\DCkssswY.bat
| MD5 | c5dc00e770df1d05aca830cbe4cceaa2 |
| SHA1 | 8fea82c5a60ecd263cbeba107a99aab1fa89b022 |
| SHA256 | 6a3d016ba0102124814f5636477da866ebb2769971287778ea05ed689f59a129 |
| SHA512 | ae4bfd217ced8c247b1dc9b801366cf55751494e76601719fd173795196119957cf3701e98194ced47f97865ee9a58c6ad9ba682d93d8522b1cedd66506400a7 |
C:\Users\Admin\AppData\Local\Temp\yMUE.exe
| MD5 | 6f33fe0eeccdb22ff5c6abddfe51a3f6 |
| SHA1 | 594481f623dbcb8294777a41913d8ee718b332f2 |
| SHA256 | f5ada90c6e9aa7f3680fc9fd6a828a960497156e9e6ca0501fced5a12b8b27cf |
| SHA512 | 9f3fea8182ec0f5f37448a8903b561c17e58c85e9137dbea02d42373ae5e58c533089c6cb427b81417c236407721f977a3d6643d8baa1a6d3390ceb148ec45e4 |
C:\Users\Admin\AppData\Local\Temp\YoYo.exe
| MD5 | bb3e7b2b9658e1cc57957dbc6e5da182 |
| SHA1 | 4ff86248e3d2956c60f42d4977cce2eaf8c7757c |
| SHA256 | 3bad715919c28ac44c2dcad687ee2b40aa9fdf8d06f1e8ec7e965a77434d17ae |
| SHA512 | 5269f093e8d22aaf29911f817ec943b12452d3cb7249be07920943445ce2ba53a3968797617a22cd23a54409512a4609d2e8ada1c9fbe6395668533bbe8d2a57 |
C:\Users\Admin\AppData\Local\Temp\OsoC.exe
| MD5 | 43a0af11d8bd5b6971e4933be32c8a0d |
| SHA1 | ff5cc0b127a15a94f0ed65b8f435a1bdb1f61805 |
| SHA256 | 1cb1226199af1018202df9aaf5a58c040eaa6688ba3914f8c3b933d298c9dd07 |
| SHA512 | 9cc263d372d2adbd24ac3c8226923a23e825ccd930ffdff1e560ac71d5f12cbce080fa9f0c2a463256211a7d099085a4c6cceb96b679c6d19b62490a2d592625 |
C:\Users\Admin\AppData\Local\Temp\uoss.exe
| MD5 | 4b09ea1e414499125b39e0f2f3ed74fb |
| SHA1 | fe1c2ccafbb7835d610c577b0e65987fb2f65c3c |
| SHA256 | b0007130c5552744969c09ac87193e943ca2637346ccdc0220f0ffcfa1c89219 |
| SHA512 | 991686a0a4ca1a00c7ea3e350f9a59ded05b125e18d50566a39d8135f6b048a91979ef66c9d663b1d638ba4dc6877889187ae9aeba473b9b57e0ea4bc3748c75 |
C:\Users\Admin\AppData\Local\Temp\CskY.ico
| MD5 | 964614b7c6bd8dec1ecb413acf6395f2 |
| SHA1 | 0f57a84370ac5c45dbe132bb2f167eee2eb3ce7f |
| SHA256 | af0b1d2ebc52e65ec3f3c2f4f0c5422e6bbac40c7f561b8afe480f3eeb191405 |
| SHA512 | b660fdf67adfd09ed72e132a0b7171e2af7da2d78e81f8516adc561d8637540b290ed887db6daf8e23c5809c4b952b435a46779b91a0565a28f2de941bcff5f1 |
C:\Users\Admin\AppData\Local\Temp\yEQG.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\Pictures\My Wallpaper.jpg.exe
| MD5 | 323849e9a9babd78e11374e1ef9e84c9 |
| SHA1 | 9bc127cf865af419511d2ae6153dc23d1b2d01cd |
| SHA256 | a1983bdbdbf18d189a634b54437dabf175f9730e2203067cd95bcc3665157451 |
| SHA512 | af770ba952c62581b1081525b156a04ba046b46b74fb0d9d5225e8aef8ecbb81cdbdfd22a0d21b7fa6b1e751f6c9af522e24ede451b6ff48e4a6a3c788e1e7d9 |
C:\Users\Admin\AppData\Local\Temp\tiAwkcgY.bat
| MD5 | 4c77159fec73877ef5c0cd517372b22b |
| SHA1 | 03c9fd9583e821f6fc3d43af9c7822f9a1836360 |
| SHA256 | 49cad45f6e21e5358a98e9e3dedf2930e970a7cd07e8a95c424dec3b39b41c01 |
| SHA512 | bacadcfe8f23204bfbaae4f4ab154c98e217e9ad8238c450b4f056f3393fd9e0cfc6d4f49c75a6c4519b91b357161b465a694ac83174104a1cad4fc14d90cd79 |
C:\Users\Admin\AppData\Local\Temp\qcsE.exe
| MD5 | f7d44a50bab56667e7d3c82a1f967c36 |
| SHA1 | 4d21967d902377b31cc5a0718fcc4532fd617842 |
| SHA256 | a50699d0ae49d492a18bdd5af80baa0cd4ba83ec2d47d64111ebdb60a049bbce |
| SHA512 | e9ceb223de503fc86d77f27b45913262d78c7ae28fbdda3583516f484d61274f60825cd0ebfcbaadee36c6559628d103d297c93ece95de334745d6325880e578 |
C:\Users\Admin\AppData\Local\Temp\KAUA.exe
| MD5 | dbc4e88481ee871d102b17a6cd8c7949 |
| SHA1 | 1e1ec969129dfb6ae490db0a4ecf488d241b0b30 |
| SHA256 | 054b63c6620d44b6ddcb4937a613ae993feabbbe0324dd6d6b7d515c21a99724 |
| SHA512 | 4fda50a0e9be675fb0fdcd8c0f98553171ce0e84ffdd3cc9fd96b2de103422eede4c3432a94a152a046eaedaf241985b60a01ca74d9061f5f277903540c39e26 |
C:\Users\Admin\AppData\Local\Temp\AEgy.exe
| MD5 | f1d118176caf3ee1ca2d895a780cc0ae |
| SHA1 | 7be00a0cccaf4731ab776376ee7c216d5edbc8c5 |
| SHA256 | ae105cf727dd1f2a83ffad018b445f13124026d46d3bcb9ca24223fd292fc031 |
| SHA512 | 0dae86a6831a158319f63c0758cfd87a179bb107963d39b97078df092af7b0d7aa8fe90327b2dacf622c9577799759861c3fcd1095435844528bf7de7e21716b |
C:\Users\Admin\AppData\Local\Temp\pIIYMIAI.bat
| MD5 | 22a50286d2268be54a224cd5a43af147 |
| SHA1 | a0f16229c6c1b3436b0f66668ee940166312ce13 |
| SHA256 | f7507c388ed08a6f606517697e8a961fb971cbdce5c11afc075681ff47d2a1ac |
| SHA512 | 429f3a0cf8ce38895441d9a7b5ca850b443bdf36ba07caac86c354bc5a8af8749fd48cc38a3c479f98e9ee39554de4202510598f56a7a32b618e87753903bbcd |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.exe
| MD5 | b39b99d97b78ded59348f1b73c8938ab |
| SHA1 | ff5b5c4f5e4251e37e9934292bcc3650e1dc4740 |
| SHA256 | 47750e8e8a5455486e92aeff173a4cbe2cd760ff8451e08d7440e168d262d5d3 |
| SHA512 | 9b8d5d30e496467b8922eb0ca375571faa87d5d08392cd28b0d0af1e62ca7f7d159661cb5a6069721f533364c6a724c6342e06cbfd14b0b4fbe08e1e23718d0e |
C:\Users\Admin\AppData\Local\Temp\ycEG.exe
| MD5 | 1dc2f3bd7f1d3b3ca818b7d0bdd05b72 |
| SHA1 | 2435181c2ffe0e79870a4888ca4c3c878a862c9d |
| SHA256 | 938e7590f872663f1d8962c8de0cecc140cf505142e1e2010ea9eb170fbe7948 |
| SHA512 | 8466164f8b2e7cb8e1a96a551b001161bb0256cb1997fa516e2bdad51ba3c0df8bab0de3a9c0194e2365155a35e1453ec10d373af62ae2c3c9c686be7c4e5d40 |
C:\Users\Admin\AppData\Local\Temp\nCkwQQgM.bat
| MD5 | 967f9b936322894fc5d5cc4f859d36a7 |
| SHA1 | 34cfe6b3d0a60c53423418f83677d87d81c6fa47 |
| SHA256 | d41d79da857d1b5adbaee2c3487dda26102f31e83f186c99232d7c3283b602d4 |
| SHA512 | d9edf854863a3c135352e6bc6f0fb83e6502b9488acbf5d5c40e54ace228871afcc7a05b6fdf4da4a11711f3f573e134a3140c64fef2670f5956284d18ddb827 |
C:\Users\Admin\AppData\Local\Temp\wUQU.exe
| MD5 | c76f56f018ec7532413b17a9047c0508 |
| SHA1 | ad0feaf7a0c4bf4341fe4a605fb6e7c80186e44b |
| SHA256 | 272bac9a5970635fcf4a1772e3d77fe64cf49c0268691a1c6a45c49fe5f225cc |
| SHA512 | 2a8c5e0c478179248c6dca7122451380f57291015df1ec1a1ba4fc9e10738755763da3e238626f52f3d8140cba18e493a93a1c40ad976158935cae03f5bff851 |
C:\Users\Admin\AppData\Local\Temp\qYse.exe
| MD5 | d211b2a3c8535e47c52bc245cfc2daed |
| SHA1 | 82c83240cf4a023f492b0ce21ca1ffe17e0bbda4 |
| SHA256 | 0e2ecd2c82d0cd6597d1e60cc19aa3a9387b57ed575a7b7f29df18f58048e2f9 |
| SHA512 | b633266b29d3b4889bb5cd2cba22de3f6d94d918098d939968e8d988f7840f9d999f9f9713360d6d3ea5b3a625113537b3724076e9cacfe241e1562060caac10 |
C:\Users\Admin\AppData\Local\Temp\SkQs.exe
| MD5 | 20a4b542ca985dce7873ce713aed55c8 |
| SHA1 | 3fc418e23875bcf1139e0dd789b03f6836456e1f |
| SHA256 | 3ace56367831f128c897b0ce896f2ee6dbe5283a8fc04ddd0f1e96001d784f52 |
| SHA512 | acf5dbfe3c2bf14485dd901724f6d1a062be0334bcead58b3e4bb31ab3f7bc57d50be9c7fc9933f1a107314efc0bc446a446d666e522b681d8e7b5185146e6b7 |
C:\Users\Admin\AppData\Local\Temp\iyIMwoIk.bat
| MD5 | 9c34ac9bf346c9ff7c609db2f5b53fe3 |
| SHA1 | 55ee12b9640443adf5ab977d5c6876a7c9cfe16b |
| SHA256 | 4b1adc41433adae8bafa835b87281dae603df2e079bc6ad80fdabab0e12a0717 |
| SHA512 | 9ca0391b38c52bfbdecb331fd2a91eb8b012c7cbbb40ce1f59c82d46400cfecaed29be57a1a078509851de911185eaeb8d6882eab201df8e0cbe1e0a16bd2729 |
C:\Users\Admin\AppData\Local\Temp\wUYK.exe
| MD5 | 9bcd5b1ca03c989f2fd8e93afbf4d5de |
| SHA1 | a0a41940e50ffa488875c760ee143a325b7fe4b4 |
| SHA256 | c5468db6f4b90c82a9958d57fbc02db5773f25e6cd02294df442122b3cc00765 |
| SHA512 | fe8b137f5d91bdb01544165a8cf93da4dcad31195c8b08d27a2e10222974a7c1d422136bc5f26129638a2ba5fe17e59d74d7e125e1a1f76f59b0e1bd25fb8665 |
C:\Users\Admin\AppData\Local\Temp\gMIu.exe
| MD5 | 0262f9c959d1cebf0ac80127fac1836c |
| SHA1 | 614dc0903b6cec942ced0df258ddc019c5d0dd8e |
| SHA256 | 2b2c6ea8f12bdea74bad99759104322d634f6c1d4a13e40e51a35a6014b330ea |
| SHA512 | 0b0fcc486b881fd4800511c8d1218da3e98d1dd2c1a8d71fa09eb6771ac61846a404cc7786e8b722b448ab50fb5cce2d6e8baec4cdbb3dfb2cf25edd3ca9f3dd |
C:\Users\Admin\AppData\Local\Temp\UcAY.exe
| MD5 | 501bb870d371a6e96b1d13709f16c9d3 |
| SHA1 | 2fed95803543cb0b6e834afe800fed99c29361c9 |
| SHA256 | 34ffc578adc9435e550c4622f8c6191b1e98e728bb13a82883cad36a062a4827 |
| SHA512 | 826cfcc6b06a3fc6d0af25a158d8007cf82b6e39d2787a0e6b5faf6ff42df0ea3f9bb2c0101bb9faf78193ea9a36a343f033c7a437593c2b1a0876e83e33e78b |
C:\Users\Admin\AppData\Local\Temp\CgEY.exe
| MD5 | 6d811121e423a87d30ca861a11c45b76 |
| SHA1 | 0bbc42adfa77a06b1fcbc5ff2844da847844bbef |
| SHA256 | 850e933a5efa625c33f464c8cb7bf4bc1c2b593db825f2cb18d0b791162d1e77 |
| SHA512 | 664aa82e7e65cb706ed8566f7f221226c4b44e2c74adc618e3525dd3c519086eabc2622f5b64ce314d6cff6e8f059ebc4c3a6f16ce9e89968fcb3e3f1baf8450 |
C:\Users\Admin\AppData\Local\Temp\QoUcUAUU.bat
| MD5 | 2020834dbc30134d43f71c6c7f6a1445 |
| SHA1 | 9a4b4de0c4920ec18b1ae91c5c8173a528a0b7b4 |
| SHA256 | 47bf900cd77f1c6421fff84161a2accd6c98a7e6b5b8959f71e4e7739021cf26 |
| SHA512 | 74ccd0d04beca7c726c29dc07c9193f5f4b98bdbbb82e3554729c813f725e18edcbe5f4ca65f5b46cece2b9f998457269c6abbe396123d0d60096427849d1fca |
C:\Users\Admin\AppData\Local\Temp\ookY.exe
| MD5 | 306fbd4aceb01a7f6def268ae272582d |
| SHA1 | 762293904585ef4a289dda37c51d8b065dc390a4 |
| SHA256 | ee02b10dc0579b65c96754092f1979fbbdd27cf6b823adc3e771b8a69a85b8e9 |
| SHA512 | 2cf4bc8faa47bc9c205123c56da806ffc58f15fea1548b5d1af058161f4d8a08ace86e42511b3d960bcaf6c307950d8c3862137dae145e84864899c39b811ea1 |
C:\Users\Admin\AppData\Local\Temp\YcMc.exe
| MD5 | 306ecaa530a7c566c755edface5e666b |
| SHA1 | 3df650142b23fbc1e4435b8a83b7fcf024dac16a |
| SHA256 | ce94dd33ca7eca63b7745f2e030134e45b7b2158d867922133dff73f46ef3da0 |
| SHA512 | b2d80c60fab4bb11690bc4e9be14aead625e5c285937f4aa8ba3d83a3c0af7a1ac0957b6c9e88a1e2d76d088fc30c01c4058d9881ef150a7ff0ecb5a68d659bd |
C:\Users\Admin\AppData\Local\Temp\siwokAgI.bat
| MD5 | 6df58492cebcee023b771e7ace62e4f0 |
| SHA1 | 0423d2855ca8263ad76e0ea7ac2f0bb9bbc81225 |
| SHA256 | b7d937e10dda88dc53e4f46a6e27abfad88e0c428342dbbc903f5e76e38acaf3 |
| SHA512 | ebad49766026c5716f93f9762243b4274be3a94bc8aefc5dce38852ec7338f9c3bd72108a01597106caec0c3659dfaeb3c679e42676fcc33cb8a0aa6fd8646c4 |
C:\Users\Admin\AppData\Local\Temp\csUQ.exe
| MD5 | f12a004335c41ddc0e4b591f5e098a97 |
| SHA1 | e1411611165921b2c84c277bc6c10e2679b4fa8f |
| SHA256 | 827f0f73d659bcfb34e7d436a46f955ea0914c502182e5d11b0ae6a6e0d865d7 |
| SHA512 | 4b86cd5b884f49bc5d8ad738c1ed96946c0212bbe2ce6608478d2e402132c73707bf72bf49d11ce49bccaeae2da5e7c6283bbf5a77ee368d1e3789ca43c2e600 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile18.bmp.exe
| MD5 | 2f6fa182aa32051083171a415ceacdff |
| SHA1 | 1d1e68b57a5ff0193b846c5fba3cd77c0e510a97 |
| SHA256 | 1941fa03bce4ac62bbc7bacef18f4b93f1d8bdee4466b1feb1e165f7b8b3e78f |
| SHA512 | c4bf7505c9a16378a1474a2e4c4d658efa80d71b136290dcc1d487d90b595a5353623be7c96b0bd1814004cb076fb62e2a8a7eecaf109855c50c737145c4af32 |
C:\Users\Admin\AppData\Local\Temp\WQwa.exe
| MD5 | ca92a86d94e40c05c71eb84080d98d31 |
| SHA1 | b89f085bfdd7c938ee7c6ec7bdff012a92237b2a |
| SHA256 | d707260470759b320c6b74a63578c1a5a3ac7246542a8ee2e5f44b890d944198 |
| SHA512 | 319e3f38c2be2021ffae20580d28548990805b5901a132566b473ebaf4e26489eeceef017440bfb9dc7720d6932e0156bcd2ce6e6b3da47c65ed0fffae3c4c47 |
C:\Users\Admin\AppData\Local\Temp\CoQEIgcs.bat
| MD5 | e6c0dc494cd568ddd5d8e0a14dcae6a9 |
| SHA1 | 8071017c3b4a284428bfd4ffbe461a84723c3a27 |
| SHA256 | b28f12e44ddf6b893f414f73b927d694c5ff539caca4cd05acb8b471de473267 |
| SHA512 | f356b2eefc23b07d205a01a3d79ac3407399c09ea5194190691af5919d7057e571114a2ec6c219bcbd081559d41d9694e85f156be49cb8f49957ca57c1b92465 |
C:\Users\Admin\AppData\Local\Temp\OQcM.exe
| MD5 | e736db6a62e23cb7d411c16fcd19cf00 |
| SHA1 | 3a823061dce86d6263544a5ba31f4e147d1025f1 |
| SHA256 | 26cb4d525310c1723fb25d6b0e27367fbd15ac301b3210a5125c22aaff446264 |
| SHA512 | ada3e3d8d0c8eabd7fd6443425472862f3d7999c1ac121b3d0e0cafdfda31428ad97de9c85e2da4cfe63c6c5af330a92c9b89f0d178435e77047b5b7380d77ce |
C:\Users\Admin\AppData\Local\Temp\AMUq.exe
| MD5 | 105a228c7b00fe12aac633ba79b3d4f0 |
| SHA1 | 63171edba36298eb7228949239f05d19bd067d68 |
| SHA256 | 4656672cca1a1f3089c03bab599e89ded1c9e5965357d8889a34755fe73907cc |
| SHA512 | f19c29504b11998dca8ca7200489bcbe1e9bd1695cb7b5f9ac3f953ed6b830001c56ea7bd9a23566e7fe7c66652701ff42d8ad6c1ee96765ba1e27fff720086a |
C:\Users\Admin\AppData\Local\Temp\fMYsUcsc.bat
| MD5 | 3093537c724814752492ac883917f3d0 |
| SHA1 | 193a975f9adc35fdd95bbdd18ac207293df719e1 |
| SHA256 | d96606b967d10b69907a4bdc05029e1876a5917e88d26067578750f69e58407e |
| SHA512 | d304156ae4909cbc1703b5b8c7332d8265e62c576184009eb95f23f3108c7169d7281c9a546085fdd40a8c7ec92464a7aa0a292843080817893ea41ca89c2a6f |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile22.bmp.exe
| MD5 | e17dc0559accff13ff510d014a89a618 |
| SHA1 | 552fe6a3befe7d0653a5690dbfa5f9c662499564 |
| SHA256 | 792df0024efa9de79cd279dd944fecdebe3e20fa27e1592aedab7790f04ab78b |
| SHA512 | 17a5ab9d1f5315782ebd9e8d1db9802a4404d2a1a3ac9860ce8c2a2d32c6aabba710c7e9a77b2a48d7508edede0db61a789a133028e0851cb3e4b412c6d42ce1 |
C:\Users\Admin\AppData\Local\Temp\Ggcw.exe
| MD5 | e07599ac7cb438774eb3fa81d7d872f0 |
| SHA1 | f6311dc7ebdbe763403d6eee4ec2fc6dbb38ae59 |
| SHA256 | c0f636c3417e43866cc274c80819a7a277719a2e394784226e06351aa774a323 |
| SHA512 | 585306041ff63493716bd4723e0727a36b9c323e05773371b48e86e3163c54efe01f00b91aac2fd959673e98c81a4118957dbe3c84cc984c325a7bb5e05f57e5 |
C:\Users\Admin\AppData\Local\Temp\LoIEQMcY.bat
| MD5 | 3dd74deeaad54484e9052ee3389a54d2 |
| SHA1 | c4237afe87c3433bce31391abf6f7225cb1051a0 |
| SHA256 | ef419e5a0c1e508ed9bc14f9ae6ce4de6308ff3267d57283a7cccab0ecc09544 |
| SHA512 | 54b1c281b31b9e54f66e0b58a99a338284451c4c5e011e53e683c8a422a100b1370a44ff241efef967aaf14f0e1507c2b3a3c9f29e7862d9ce288c21cc57306f |
C:\Users\Admin\AppData\Local\Temp\mAkE.exe
| MD5 | ba97c9b11ee3792b3a22ccaec1e9ece0 |
| SHA1 | 0308259c4e02a76f762f657682b84e0253810b51 |
| SHA256 | 64c54e3c004a31c0a554c69cdb4e6cd6d06f23a87fba12023b21068560e3f538 |
| SHA512 | 6d9b81d5a464d6c5f9cd20ef381b8683ae52648ea8ffcb2a517f300b7d2b9492486d5c08d4d7c4f16102197847d0df1a416f253ffc0ff391628cc0c928b12580 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile25.bmp.exe
| MD5 | 5b86933e7cd2d63ece994ac4f563c6b6 |
| SHA1 | 713c622324d895537fa4a0e695e8f8d90569d2e9 |
| SHA256 | 063a085d852484843c1936aea6a289b992afcd2eb77a11d0cec697ac1ccecd9a |
| SHA512 | 766f8d731935a1f4175a3efe5ff9f87e5ee1c8f5a81998b58ee0b5c691acb747773d09095b043bc794b53755cadfba3ddba0b5d93ca4a32dd412c42e59d86982 |
C:\Users\Admin\AppData\Local\Temp\OIso.exe
| MD5 | f881c835895b0288ef7faa7ce107e9d8 |
| SHA1 | 784f6d5d80cd5202b0ff4a41256dc4ccaa0f28b8 |
| SHA256 | 3aaff99801355d4ab91882015fc1390278e8154e24a3c8cb61b3489aca7d5f85 |
| SHA512 | 2e0a30d21e1adee60cce6e2aaad8aad7a010ab9ea7d50c3c8f1830cf4b1724299c40305e7d48005165ea73748df620b844b0760985db6d7554ee38506eaef48a |
C:\Users\Admin\AppData\Local\Temp\WYUq.exe
| MD5 | 9005393ea2efaba26dfe09bc461caf46 |
| SHA1 | 9655f034cfe439ef691f3f563d6414dabf46734c |
| SHA256 | f03920dfff9e40bedd7b371aeec0f4fbbadfebcc0cb7fb6f98a3ccd8b7fe1d9a |
| SHA512 | 7fe3bca2a2ab3e029e0295f8672931c0ec4da21f58b4fc156e597c2ed2708f09a75ca49de8135263b546b93660db1a50f587ef5219ef915a52bd8706b5c40534 |
C:\Users\Admin\AppData\Local\Temp\NWsMIoAw.bat
| MD5 | 4ad0a5ba22be1f738894e96c2c38a47e |
| SHA1 | 3a90001e380b6eba76c2a8c03dec4141b26b9e9c |
| SHA256 | c51e33c9b79e38b771b25845abcf5743c864775be3c00b3d0aaf5eb4f6e09550 |
| SHA512 | 9d0a1a3fdc39f1a70beeeaac4335f55d0e250e6816f076bf059d93a65f8d01c9d0d184e43a26dd0645b582e02831e27124f217887f1b70314bb90e712a2c8e89 |
C:\Users\Admin\AppData\Local\Temp\AEMu.exe
| MD5 | 0bb3ad8997c89e96e901d963dc31516c |
| SHA1 | 57a1f056717149c9398b8fed6cb9de76833577b0 |
| SHA256 | 64581c11a0c22e019870df25024c0235affca0b1694d3ddcaaff41af95c2397b |
| SHA512 | 676f2c866441263cdf4415187eadcb6ebba6dfdaa524ab76dfbf71a2490454b57890c07a73f6cac28eb82e06b426c8886cc59d30cf7a018017a54f4225487513 |
C:\Users\Admin\AppData\Local\Temp\cMgA.exe
| MD5 | a622936bdba45788bbfc70e8caa70465 |
| SHA1 | 9dd29dea566efec20575dd733c28701f929f7c92 |
| SHA256 | e6504e3ab3f0b9fd4e65d20370f7138604e8e53223ec5249e973e957a42b3975 |
| SHA512 | 65920a14396be1f46a8b55553e4522f98c3b43e5b22ee12abde9afdbb487eb0cc0c37c684d42cba320fb3a74f69c35b60b31780b671d9f05ae443cdb84c7633d |
C:\Users\Admin\AppData\Local\Temp\NywUMkkA.bat
| MD5 | 050d4b91a71526f4ece37bbfdc3fe293 |
| SHA1 | 3f7956f22502c77b890d7afa7df633d34bd48a4f |
| SHA256 | ae6e72bcb4ccad4a4ce8cf271b48577ded09c48b573bf904f56bc8eb937f19f1 |
| SHA512 | 1d79f367f7ffdf26af6ecdae113a6c7fd144146eb413fc3f43eaf516e62ef204e7ef2fec2f8633f8cba937882d30e1d0673e2d1e7df15974cf6e9c850e40c558 |
C:\Users\Admin\AppData\Local\Temp\iIcE.exe
| MD5 | 63e5617db3df310923a7830493cd3ea9 |
| SHA1 | 54352c150b7a475b969bf7910f76a1f6db6fc1d3 |
| SHA256 | bbcf25ec8e099f6516eb7ac722841a141c9c94a47d86a7dbaa4f438c3392a059 |
| SHA512 | 86e5779d16a834f2acec335e646db7692381ef3e303d8255a5a7dbfc2f3058a49bc734853631a9eb5c1e8447925c2a8d1918b8e5fadd8c62afb8f079cf650817 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile31.bmp.exe
| MD5 | 51bb9a5698b849c305b42bc6e239c032 |
| SHA1 | 9c722a202dce7131108326b4cd8520c2d468279e |
| SHA256 | 54e9f084ab94b6b45a837289c3280e8e91ec1b883bbbaa85ba0bb8d1bc341af6 |
| SHA512 | 5114b9c559098a14698264235645289ce44dd0f799721415de324310593c95600cebdacbb4faed3ea419c3e64f584c874dd370d07a3c72fe754ad47291205b49 |
C:\Users\Admin\AppData\Local\Temp\YwMq.exe
| MD5 | 43a6726aad09f29450a83ca104b8db0b |
| SHA1 | 6996214e41cd2075751c0c9b1d8c8392f7af7884 |
| SHA256 | 071ec0627fed4abdb9553c326af754a46ed5d3e03703dcef2bb0a0bc3cf1a54c |
| SHA512 | 71f6c1043de64e06ce0c8782201b6afbece8ba8b78dc7f7d4a436f6023e82f6b4e1f9145f812b7a9933b41a050a9600c4e49ffd5152ef8af43fc4f390f83c680 |
C:\Users\Admin\AppData\Local\Temp\Ucwe.exe
| MD5 | 5685068d183c1e7bc71073e202e1b316 |
| SHA1 | 739911fbb21270a4e51e4e7e786c8e14a201014c |
| SHA256 | a27445d7b6654191c637e5f554d674e93907e04c2de004b2536edb5a7635dc73 |
| SHA512 | 151074441c7b29f43dc686655d2a88e07ac5317157a17d68b35a9ef107d0e8f2283c9dd7687d33aa662fbd54ef9cd76ddc7c9d5c81fe83bbcb676036c9c60622 |
C:\Users\Admin\AppData\Local\Temp\jOIcEgUE.bat
| MD5 | 648d052f658980895c3444970b2ad6e8 |
| SHA1 | 6f3c9990f545a5a904d2d3f367cb92f5a172b4d3 |
| SHA256 | edd49a6b2b547d9235badd3c41238ef0de7cb40cdce50de04e5e1dcae5365f56 |
| SHA512 | 7962521d0a5ff4eb44074e3c84a0b2d3d574a5693fe1c0fd5283e94a7cd4e85e5299e3eb2ed16a1eb89d166b140bbc064fd0cd8d7a0dd0b2f2c0e5a33f0168d0 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile34.bmp.exe
| MD5 | ccd771a9660ef0a62f2053d8369f72d6 |
| SHA1 | fa160dc1805721266cde581a48c7303d17851648 |
| SHA256 | b1c2c3cd11102dcc241cc8b43a8eb2777f8f1ea093bccbec97e6a5b5b2a96d48 |
| SHA512 | a5b384131e917b74b959aaa02c25fa486b15342ad79c4e2c520e48fd4db5450f36ee9d62859a54ba31bb1e6d421489ea5c7d54e7782f626eead888184da80a2d |
C:\Users\Admin\AppData\Local\Temp\mAUq.exe
| MD5 | f3329faac25e87fc9a0cfefaa9ecb213 |
| SHA1 | d27ad41ebafdea8c553dda16c8cbd534fb98f63a |
| SHA256 | 0774fe011be58ac08060fc38552228ce48103b98cfe4f778b9442357013d0e93 |
| SHA512 | a8dfa1b3b6d61fabf864320d4fcd601e075dca877d05909d28de9d5dce13d57ecbdaf42e70dede3b3506d6356fc8b9960e82d86885dff35792df86e6f8169cae |
C:\Users\Admin\AppData\Local\Temp\kMQu.exe
| MD5 | 0eeced5cec9d8226a7878d7610296b17 |
| SHA1 | 3468b070a605e96a81031a785bbe713fd2b6f4f7 |
| SHA256 | 0dea0fe45510963245b9bb0d500644760981d52267a1f3a4656535da5f57ff3a |
| SHA512 | 78723c0efc1f9932f57eca4c4de38760edc19edb23900eedf86a14034dd2be82dbd4e7e6a9fbe1245895867bb1cf8f3f65d0b6ee90ba305496081d465e219286 |
C:\Users\Admin\AppData\Local\Temp\SEMMoUYg.bat
| MD5 | 3fcd5068e6a68803d339ab0b2973b38a |
| SHA1 | 6d0273a39beccd87b262fc70a93543b294ebc3b8 |
| SHA256 | 7d157bdd3d9c056cce13dc8e3b207b93b26bba109a378223cbab971e5c2775a5 |
| SHA512 | da8fd21d28343b00bd2df8bb1c7c0c943cb25bba852ec98dcbc95185392a102fdce5dc8a93ac20ce4facecbd51f55c242e02a2ad3ee9438f02d9caeb5a9a7399 |
C:\Users\Admin\AppData\Local\Temp\owUe.exe
| MD5 | 50fad3465dfad8e2e676e35fbeea65ba |
| SHA1 | 602cb806c7fc38763451622aacb4b859b155cf92 |
| SHA256 | df160ae92ae231b283c8c240d9cbc334c4e0ec31d67bcd960fb2e743a4f7560a |
| SHA512 | 841d7bd3bf3ddf06c9f6ed6aa25513924f7cda7e8b7b934260c50305574e175d83f085fd161ecb695d7675807c5d5ade9da268a41e551284d6e15ab4e358f681 |
C:\Users\Admin\AppData\Local\Temp\cEIg.exe
| MD5 | a1276d1a3c060d443a4ff999c99ee72b |
| SHA1 | 0adb9b181ed7efc8c5073535b2f3d88f787a9aef |
| SHA256 | 48d5cc6fff138b06f26d3810ceeb6b42f364c5bb32c8895da61abbf268c31e8b |
| SHA512 | e62fe258ad2c9c40c2efcf06a9a1fd64304ee6d982c550103fc6b3e7b0660cc20c9e4c66a0ea3923f86c1a375618202f132f56bb7e70e97bed41ec4c1bed3a79 |
C:\Users\Admin\AppData\Local\Temp\EWAwokUw.bat
| MD5 | 948c0e906b52014acf1d028c2d57267a |
| SHA1 | 734d7944081455a76b1647bcd5334475c7b51eaf |
| SHA256 | 2e590a986d5e7280461b9a0345324170f29ea111261e0899a2a8468b910cf216 |
| SHA512 | c6e11d84abd49c2253ad158e30aae415a9fb1a6a7a7ae8362733c4fe27b4f72a28eaecebf3db1bfcc17f783d1e1101c74d15440f4daafd604beea784d77e8795 |
C:\Users\Admin\AppData\Local\Temp\UggQ.exe
| MD5 | 720a4bb9d89bde62218c8efb3ae2dac3 |
| SHA1 | 852b4b7ce3331149c63590516d2c4930743e58cb |
| SHA256 | deed004a3783e2523f9d2744f724795fa3bd739c48e5cfe7825dccbcbcb57c41 |
| SHA512 | 14f5c095f80ee8e7c8d78aa7cf023a0ed9fe49ab0d1cf5182cf95c7e1cd8347d15b8abe50df89d039562c8cca92168e82e6d7e4b735f261fd15595221a9e4b7e |
C:\Users\Admin\AppData\Local\Temp\OwkI.exe
| MD5 | a0b8d3ec5dc68518051b78471d806bfb |
| SHA1 | 2c6e805519e734c3177af7e545ebe99fa187cc86 |
| SHA256 | f969543079cb09ce68eb545889ce7bb042caedf1702521645d8ec2b2c24422ac |
| SHA512 | 850ac51920c13126c4ea375b0ba9e955bca68bf0ce69e969e80cf9fad1889e9a03059ac7e70a1b290536ced2de204183825b65b7c50d960e82cbacf9152cf4a6 |
C:\Users\Admin\AppData\Local\Temp\iUEQ.exe
| MD5 | 413d0237be34447a0aa2133bea0b4862 |
| SHA1 | e52f8e9775b21911bb2cf6b7c2ff5f96f9ba6589 |
| SHA256 | f0fa165bdda5f869168b829c227c26fc4aecbe15d388134a6ac100f1a5e12b0b |
| SHA512 | 204d9dd38129aa34d860ab9fe64745e26ed9abfc576d95e8c68ff39ef9c06361eaee2ea78be15d9db6dabbe9d490aaa2081f160836aad24aba6fd01de4730f0e |
C:\Users\Admin\AppData\Local\Temp\SmAMAQgU.bat
| MD5 | f3d1b3cfa2c157f5baa34649c23fa597 |
| SHA1 | 9d5cbec0490e828769f7989968798fd5585d87c2 |
| SHA256 | 7e9fac3fdd94d79ade0134cc7f5f9f95b021115695d5bfc1f6f4c46fea802178 |
| SHA512 | 0b5c142d9519ea1b6c31e38c11f977d9d0b17638218be939b566d98334141ea9a3325d583e25d3256c7e9d2144baf91a353cf09bed5868420b59cd614e29e8eb |
C:\Users\Admin\AppData\Local\Temp\sAMQ.exe
| MD5 | 628accf81f8933bbbd73cf9bb27f0ee2 |
| SHA1 | f3da10c9dea0378569d5b250fede109035892eaa |
| SHA256 | 3a74bbf862d5b1f2c98a65f8013758bd45d32627a1a3b8699faa9325bd671086 |
| SHA512 | da7464a4dfa996dd73c82720b1aadcb0f60a87aee8dda926f56bb6bb9694280f4c914d70acacd46c392b93e8fbdb485a08494de1a73dc9d401017f5d1b27681b |
C:\Users\Admin\AppData\Local\Temp\sYQK.exe
| MD5 | bfad13edbc41611677e3cfa9fada239d |
| SHA1 | b0667c1ba96e0dfdbbb88d991185b3513985b13e |
| SHA256 | 84c2db8e7e53c29e37c911e4b1da5af5b83fdef31493cb673dfe4a092e485805 |
| SHA512 | 73e6c4860908a97fef6b0145f0f3cad079372e186aa96df07adee5b57ea99b9f4da0f8e7e034df599b31abfed8b6d6ea6cfc5715216e4f919e00cedeb2d8e3d8 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile44.bmp.exe
| MD5 | 536275d6a10e19334da2ebc07fae70f5 |
| SHA1 | 098773b4360a752d11874f1023c8430013edb336 |
| SHA256 | 47860b3c55b3b8748d7cd102549fee42d665f595549ee1ae0b991c7d46d82674 |
| SHA512 | 3330c17ddf1a3e113f7839dfc249e9c7f453c20d9bb6678b03a4b9a2355b20ec2dcd33ac160d2ba934cea91fc706a3d64e3c5628641feb6b647a5dc815502bef |
C:\Users\Admin\AppData\Local\Temp\UUMEsoMc.bat
| MD5 | 0152b2230d22d384c23ae21cf9e0c56f |
| SHA1 | 47da43ed126ac5f0bcbbf59cd301def68b892933 |
| SHA256 | 5379dc58fdad432d7076e8f2cccacb88bf416e8fdbfa7187e380e37ff37f099d |
| SHA512 | 98efb91d42a6116943caa850cdb695e80b514f4555d70ed6761a1bcc8fcb56e2328f9ddac1e6d7f1b45475024f0cbe2d0b970b54c53f4b2bedb60977cbda5e44 |
C:\Users\Admin\AppData\Local\Temp\zMcEgMIs.bat
| MD5 | 62d33c0a4b8975eee4daf86a70db4eee |
| SHA1 | 82534b579cb46dbe65fe4f3fb44e65ab4191761c |
| SHA256 | 575670ae6319a8b20fa03f9e2249b1c382b8964ab9d0eeb539a46a91411bbf04 |
| SHA512 | 0e093a4b42c1e517ed2fa2ecf1181c7f389b36e1fc02cd05d942764cf6ede35ca099cfb3b8f3264e11b4b3ba5ab9f647859661c4ede2ecd89e26a38a43e23fa7 |
C:\Users\Public\Music\Sample Music\Kalimba.mp3.exe
| MD5 | edbd6dcdbcab90d114e2e69145485d84 |
| SHA1 | 093d01b316a6a78cd9535da51ee525eaa026fc88 |
| SHA256 | 134e843e62384beba253f8a9d7a3231535df24dc8b8e1b1dfc96cce963e5cef8 |
| SHA512 | 7c7af249e8d1211cc7aba38be9401a8e544d5e266fece95228f369b631faf7dc2d188534ff79f0fef154ba8e518e54fb9fa5e9af40bfec37c08d46060ed19a20 |
C:\Users\Admin\AppData\Local\Temp\ksYg.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\KwoE.exe
| MD5 | a180091a66338a24aefc9ac5273cda33 |
| SHA1 | b593b88b7c32f9140bcd0e47d16e791934e75896 |
| SHA256 | 19090aca6bebe1d3058c9615a47c27e424e665fe8f90bfcce103767ed4c88ddd |
| SHA512 | 307be9a5a8e301e89b6082285ec1697f0c15525f6a3534ee4069dac6cbaaf9b374baa45a8e36c0e6dfd8b764b95834cf731e9afab1a84cdc7748468a07a8bd48 |
C:\Users\Admin\AppData\Local\Temp\GAoo.exe
| MD5 | e38bb346671d9f1167b82ddf6bb92282 |
| SHA1 | bb6bf9946bcd32701f341052ff9c3436fce3c75a |
| SHA256 | 551461be77c6c4f3d05ccd0c470071528b9d786f72f55f674a4fba806a9c7d80 |
| SHA512 | 6ae2c45f65ee05ab934850e6b9f534b6bff3ff8d09ef86a4b5191a161abc17d789ea287fd00235268e12e0685aa2ba47717ad9c8507c66b140936807a7c09b16 |
C:\Users\Admin\AppData\Local\Temp\WcIK.exe
| MD5 | ef76d8dcb90433ad28b2e8cb74647a74 |
| SHA1 | 18c7854c112d14a99a8f9aab4597eeba1eb09751 |
| SHA256 | 66fa6ebb96d9be71f919582d5287c639d5352fd24bcd59443f3fd4c334462aac |
| SHA512 | 50a0f3797dff7ff836b0105fb90429a077060c9ad2e853ad2ea17ff9b2cec005b7c4aa41cb948e2d8526c62e3821df037745a078d50484365a4f9df4e2ad5e85 |
C:\Users\Admin\AppData\Local\Temp\kcIk.exe
| MD5 | 7eea4ec94596f462abb1d8eb82dc7272 |
| SHA1 | 10e5adedf037a1ca3477b14a3cb008e6eac7a34d |
| SHA256 | efa5be7fd07dca7864ec2842f3117426a8f924137c2932a95a3f7989c869ed71 |
| SHA512 | 1d1505ad4d9b699f457e2449a4784954afe6a38375be4620af80c0a67731efe67854fd6e276e654585e2a479a003c5b37692f3168f6b7104dd9690c6f767abe5 |
C:\Users\Admin\AppData\Local\Temp\tCgAkwUY.bat
| MD5 | ec3134adbb863fd4d054562d5fac57d8 |
| SHA1 | b89db9252590dbe1f650938a30ab57772f3c1756 |
| SHA256 | df05220e074738b6fbfd1194567f82d0601038f478ff2c25158ea312f91ab750 |
| SHA512 | da52a5791d354656ea6a9c6862abf44fb1e6d2b9e0163eeb76da3ba5f0f734a8a875eb8c8a680b8d5e738c14746923e573b85d2d8226d325374951de17157452 |
C:\Users\Admin\AppData\Local\Temp\ekUw.exe
| MD5 | cd3e560e4455e7ea9576c548b0f46e70 |
| SHA1 | ef0bb051b191ec722a068be58e5d77220879f014 |
| SHA256 | cebc0b0995cb2b97315656af0278e7901788684089b9876908b38eef0158d5fe |
| SHA512 | befbf8d6ab33a2b89f8c40d7864c74b0ef4e2a5a9485f09801acb4065afa31bdcd5c07ef9e30f840bc5e9bf1feafc84b2d056e905e7facae45eec48f434122d3 |
C:\Users\Admin\AppData\Local\Temp\uIcM.exe
| MD5 | 192e27bde14295f10b07508a5281d2d4 |
| SHA1 | 247d20bd943a91b29789fc5e8b1e3042c81822c5 |
| SHA256 | 3c581f7fdb28e7e80c2592275062f694de887c2454c302eaeb2c02aa809660e2 |
| SHA512 | bf6c3f8003ec5881398e9407fd60d30f55e0b656805957110bcc8c24a1a1fb5a38a93bbcbcc1da5876e3144b8283d818a9ffe1793e318a32ebf6d15f4b8b7483 |
C:\Users\Admin\AppData\Local\Temp\MoIw.exe
| MD5 | 1de898edff043757c8e7b41b0dced224 |
| SHA1 | 49c932741a33f10076839da1e0ebd87432103ae5 |
| SHA256 | 6ee7f59999ea2b26355d2323e208bfa4dab707548222c9f338a2110cc9b3c266 |
| SHA512 | bdd31211eabfa1dfb052c10b0efca819ab78c2ad76c127e17b10e29c13162328cd4b19276f643b80d9f80a41239b324e51db988ca999055616d7d2aa5a00f9de |
C:\Users\Admin\AppData\Local\Temp\YkwQ.exe
| MD5 | 92d383c1873b212545949624863fc99f |
| SHA1 | 5408f39a74c39fdecc7ee5ac2e30cf7770c4d3e9 |
| SHA256 | ad85c881b0c86c525099ad22b7c0144403c81367b60376bdd28e0fcfe0951e1a |
| SHA512 | 1e7080e9c97189ca272f1aa55cf1173f384a8e82b5e03ba074cdf158d0aa6371f6dc13eb71f1bec53c7378bf8b46d049a8583821d89e5ec36ec13b3ca1f14687 |
C:\Users\Admin\AppData\Local\Temp\CUwS.exe
| MD5 | cc6b47984cb4e4e14d042e95fbc1ef4e |
| SHA1 | 61c13f9d6a34f6170af3340b2f0c9dc5b75dc4d2 |
| SHA256 | a40e019341aef6a62c3ff5d2ec1e59cca2958394ee6b0833c0780fdd4517a640 |
| SHA512 | 9904f3008d62489c1abc28221b6df77448548b409384f6a2a11540f36ccb351f5c35cdf2764b811202cdf8c86ac1a06e0eec111bd58be21466ad6b8c30bbf27b |
C:\Users\Admin\AppData\Local\Temp\aUQY.exe
| MD5 | a39650cbe855e113887c661ff757c334 |
| SHA1 | 0ad121ab53a6f45f1b8f27cf20ceaa60a3227bed |
| SHA256 | a976726990badf15d6e2525d551ed9df6d53bd6f51f46645c61119f281020b8c |
| SHA512 | 76a37e01a9dc6ecea79ca7754405995c1f73d2a3789b7c0cfda840aad0464fec04850919d114aac63ebd80a0e647791f4890b07f3fde4f2501ed6c2b6bffab03 |
C:\Users\Admin\AppData\Local\Temp\LGccwMMg.bat
| MD5 | 8e5dad5ad7807e6d38541c4571c98ea8 |
| SHA1 | 8f8149ba138d1debbbae6fa2b79b6a45363f16c0 |
| SHA256 | a4a7bdf9127d1219c1248821cba20b62c0299764e7a461ec5dbe5bb514629392 |
| SHA512 | 5d7dd200cc3e561ba311643e9527772a85785bd1564d84d2e0e98fef3a8cb3f202e94ec71f15c0099fd90f36b8f4d0710e4377307ef349dff29f8b4b96425c87 |
memory/2192-2896-0x0000000077790000-0x00000000778AF000-memory.dmp
memory/2192-2897-0x00000000778B0000-0x00000000779AA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OccEIEMk.bat
| MD5 | daf9ad8fad0c58b47a31aad1c1354d5f |
| SHA1 | eb3370e7cb13f30f5d7194ffe36f3f3cf35764ec |
| SHA256 | 388cdb1cd447255b30f3401156df9533c17cbf2c2cba5a73aa78d277a7057008 |
| SHA512 | 1f6f8b555c1d6d98bbe4e9adb879e5ad7d45b7e6e81f4b37d5bb7a94ac5a4f4ebe7e307bbed5a25f1ad8fb451372f0141fe8fe4da6fc90ad429d4ee2092f23c2 |
C:\Users\Admin\AppData\Local\Temp\gKkIwwoM.bat
| MD5 | ae5d77e4b8c0237a3ac708fa903a0afa |
| SHA1 | 8b59afd4acf7e83a047cdc0a52c912abe1a6d0a7 |
| SHA256 | c0e8e796026cda00776202b954a4af947afe2119e14479ba71004bc74f93d7f9 |
| SHA512 | 11736bc14be7a881dd95412c78487b3aab48620f519a0a29e367c531fbfb13e52a7228b24acf5f3479226545980e6486fa7490babafdf2d8dec9cf971c667ea1 |
C:\Users\Admin\AppData\Local\Temp\aWQkwEYc.bat
| MD5 | 2883ade3860c24a673a08c5826e9e08c |
| SHA1 | 8f2a80901219eca1ec83f342f6b4a55eced0692d |
| SHA256 | fb3f713ad7f551ee7b8bfb72235279de3eae5108bb6bae1081eac912e465b200 |
| SHA512 | 84f3bbb2a7656092464e35702bf822a11d779ec0ab910ff89ecccfdca99d90a458cfa12cf086ae3259b1644fbdd964a2f1217a6cd6bd860e8279e86ee7a6d3a5 |
C:\Users\Admin\AppData\Local\Temp\KkgEUwgs.bat
| MD5 | c7e9bf557adce6f953e098922804e701 |
| SHA1 | cf9dbbd344e47bd72f411704f496df89f83cbacc |
| SHA256 | 466c2bde6dcd157e116b9c789fc13092119dba37df9249ab8c6130143d327825 |
| SHA512 | 43112c08a58541e5891d87087759ebf33a990d43609a4bb7987c2053b80c3b26d5639b1fc4844984dcca292dacacf42baa3867e2142d3d91b210ea11c02242bd |
C:\Users\Admin\AppData\Local\Temp\UCQYgcEM.bat
| MD5 | 80c0b963038a3a75968111a247a1bf80 |
| SHA1 | cd500dbfd1810bdebd6822987a847a32dc44f45f |
| SHA256 | f83d58018cd383e860c693f2ea3c8f9cd64a4239bfd6348c0c158701ade2f59a |
| SHA512 | d356f96531f09882afc34b10ee0c6d5b3e94fa22eba785f9bb9390bfa37025df6d18ab10f82d25489924056b3783763cd6e4921a8ac72343c0f53aa219f1bee7 |
C:\Users\Admin\AppData\Local\Temp\xCwAkMkM.bat
| MD5 | 13b89b88ac36ebe8ca2b2ddcddd16391 |
| SHA1 | 7a196e13dd480d4994ded28381c7bac013c44cd4 |
| SHA256 | fe6a6574d1f97fb1df7be62ac172225f03eeb4b9be90623f4e2ed55ef76d7e38 |
| SHA512 | 5b8e54ee5a045397174074b2ad6410302278951f1765300e15f669b7a1bf61c2be8fb8362193e9e33bc731d52c3d0120f5a95b7835e56a47693536a05c420ca2 |
C:\Users\Admin\AppData\Local\Temp\Docwwoos.bat
| MD5 | 0da94228afa1828ea84a8a5820bfc9f0 |
| SHA1 | 3dcb4ca6ce2c6cd988edb360ec328600a22622f9 |
| SHA256 | 949ac0186633089c28319cc2c7ba174eaf195b7a3fbf19ca9829bb399e0fddfb |
| SHA512 | f2f45ad484a6382d53965afa98a4c7c1951f3707098d4923087e7d51b48da865060d9d756bf4441ca7aaeeccfd49f3953085d2fdd509c28f02ba071d9ebb9d5e |
C:\Users\Admin\AppData\Local\Temp\hkAoUgIE.bat
| MD5 | 249c263e2ea78562273702af65e02a1a |
| SHA1 | d3829135fc192c638c0f503bc7f6b41f9e906911 |
| SHA256 | 460a5e103005b6e5f34b7cc25400e7a7d26042ab5190d692d49d7fe7551b7d10 |
| SHA512 | 09b70cd4408fb313acfbcb902d1afe2ea459316ef46fe3759a1b4265936ff3eb5a64075fb436d4c34fe7dc47c466415e80716dcff12117b172f8cd97120ef71d |
C:\Users\Admin\AppData\Local\Temp\pgIocYEA.bat
| MD5 | a0ebc663c42b08c043650db6745fb8e6 |
| SHA1 | aeedbced21053404217ed681fac8c6100d740686 |
| SHA256 | 1ab2d1bf2b320f87fc266c4ed9a7caaeb835be049e191586c85854ac80a690cb |
| SHA512 | 3e893af60674c76bfedb89384a348383a76b610bd5fd43b19bfee0a22932430a596d7bb7412b258db553bd2d77d565803a7b2dc62a575a1e85698fd11459aa7b |
C:\Users\Admin\AppData\Local\Temp\wGcsEcQU.bat
| MD5 | eeb9874aa47d4f0be4503c8638f86c1d |
| SHA1 | 0a6a640d44da23c198d4a96595e9862bd76a91ae |
| SHA256 | ca7bddb7e2d087f4f31ef68c3d2d37e338360f8d72f695131d9cb6b346f90c1f |
| SHA512 | 6003d865f65dfbe1ca5795d12553a705fc86172e1f8b9421116b9d0c85a640d9b8ea0028878bc39d259c8017ffe596cd7d5c87e0b287fb37fa7bcf32fe7e1ef7 |
C:\Users\Admin\AppData\Local\Temp\GmYcgUkQ.bat
| MD5 | abddcadd0001a346b1797a05ff86a816 |
| SHA1 | 45c5a67c197958341b4c9503c49d89319a813d28 |
| SHA256 | 65a79125fa68648a85cdcd34a0612e3215a568ac225b1d844b90eae649f1abf1 |
| SHA512 | 43ee2b1a6136ee516790d179d742cc328cfea8365e673d082fb36ffe9c94ced30223060ecf89b0431b6537694828358b6a7e1f183008c219391ee6528c721022 |
C:\Users\Admin\AppData\Local\Temp\uOAYYsMs.bat
| MD5 | 2a0f5ba1a2eabbbf1d09a0296f42b38d |
| SHA1 | f8e7525a818a5c8c42b829d4a927a42ac3729887 |
| SHA256 | 4c4bb39ed725b67672e7d83829860dc37b7e4cb4c5ab458d5eeeead8dd847a65 |
| SHA512 | 3d6c1b4d423c69ef55d9009121a210c4b68a3e64088e275623f5cb4697966508c8f07f83f1d3f89778243a0c1d47350e6d6375352ae585e651b393e6a4a7c493 |
C:\Users\Admin\AppData\Local\Temp\meUkIcMQ.bat
| MD5 | fdfbe3c6f906df0d63007c76d216259d |
| SHA1 | 9eddc4ba9c128ea63c6b19d3df3096b81843cfbe |
| SHA256 | e6a545b6da825391765edd56fafef905b305f60c4d4a20806fb01fbd7eaeea89 |
| SHA512 | 1b7d83db12197e328e99db81ada73dab0bf09faa0083cb0ccd7f663dc942a5fe3f9b8428c15d2e59c9dc5a77ee56d49dd859cf6454d31d5bd4d4e449c37aba69 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-20 16:42
Reported
2024-10-20 16:44
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
146s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (89) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\MYsosMME\OYogwQAQ.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\MYsosMME\OYogwQAQ.exe | N/A |
| N/A | N/A | C:\ProgramData\OqQoMYIE\ZIQEgwsg.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ZIQEgwsg.exe = "C:\\ProgramData\\OqQoMYIE\\ZIQEgwsg.exe" | C:\ProgramData\OqQoMYIE\ZIQEgwsg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RMwAUEgU.exe = "C:\\Users\\Admin\\iYsIoIMM\\RMwAUEgU.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\AaAAcwYY.exe = "C:\\ProgramData\\BMgMUkcQ\\AaAAcwYY.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OYogwQAQ.exe = "C:\\Users\\Admin\\MYsosMME\\OYogwQAQ.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ZIQEgwsg.exe = "C:\\ProgramData\\OqQoMYIE\\ZIQEgwsg.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OYogwQAQ.exe = "C:\\Users\\Admin\\MYsosMME\\OYogwQAQ.exe" | C:\Users\Admin\MYsosMME\OYogwQAQ.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\MYsosMME\OYogwQAQ.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\MYsosMME\OYogwQAQ.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\ProgramData\BMgMUkcQ\AaAAcwYY.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\iYsIoIMM\RMwAUEgU.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\MYsosMME\OYogwQAQ.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe"
C:\Users\Admin\MYsosMME\OYogwQAQ.exe
"C:\Users\Admin\MYsosMME\OYogwQAQ.exe"
C:\ProgramData\OqQoMYIE\ZIQEgwsg.exe
"C:\ProgramData\OqQoMYIE\ZIQEgwsg.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OisgsgUA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nWoIkUIc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hoEQkUEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vOwAcsAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RWEQssYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LEkQYUck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iigMgQMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kEEooQwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QYUcsIQo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dCEUooMA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bcUUMwMs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tGkEUEYo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NGAEcMIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WmskUkkU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SaQAQgAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uSQYUMEU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TkwIEMQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pCQgcooc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LAMYgUgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\imwoIEwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ASYgAsAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\waYswgsU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OcckgkQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NyIIkkko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BYckscwQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZEYcIEog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zYUoEkgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IYkYsMws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\coUwokUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MKkogock.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zWYsMQYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vQkMcQEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DuwoYIIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LecgkMQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aOEAAwMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WUkMowIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YWkkIMQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hgwooEcQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DqsMAsoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XiQgssUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nesQgYUc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\twIIgccw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MIEwkIAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AuosswUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SaIkwAow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LeEkkYsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pkQUsAQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bsgEkogo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FqAMIcIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qeIIscck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CeAkoUYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iugcwsQw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lYMkIMcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RIssksgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\negAgkcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rAQAwMso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mCwckkkE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wCgoYkME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qGsccwwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PuEUIkAE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jMooYkwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tsEwkMcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pCcAswEY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YwMAUsEM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WSoUkwkw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SggsQAkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fsUIowsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pWsIQckQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rqcIUgAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ByAEUEQY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MCcAkAcw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mKsYksoA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\yoEkYMsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FUoAkoQE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HIcEQwko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wiYgIQwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eAUUMgoo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KskYkYws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VcgcIUAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\psoMskUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\iYsIoIMM\RMwAUEgU.exe
"C:\Users\Admin\iYsIoIMM\RMwAUEgU.exe"
C:\ProgramData\BMgMUkcQ\AaAAcwYY.exe
"C:\ProgramData\BMgMUkcQ\AaAAcwYY.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4604 -ip 4604
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 8 -ip 8
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FCcogEwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8 -s 224
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 224
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QoYAMUwg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\oAQUgYwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sCEMkYcM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dIswooAo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pOgwIgAM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jgYooYMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uycwMkkg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UKkYIYYw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gWIwAcgY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gsEYIMYg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zAAskcoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\roooUQAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RqUAooos.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\byUoEEUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\iEQQMUwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WoYIkUsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UkUUMUwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EaAIYUck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nykssAIo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FwkYksMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NUsYcQUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 172.217.169.14:80 | google.com | tcp |
| GB | 172.217.169.14:80 | google.com | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.209.201.84.in-addr.arpa | udp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | 101.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
memory/1932-0-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\MYsosMME\OYogwQAQ.exe
| MD5 | 3c6495366911cc71fd8825b9a769de19 |
| SHA1 | cd995f585e128d28558117102c7025be28d2b721 |
| SHA256 | d883cf9e98de3ac51e915cd963016a643e3ed48d428c77fee2742bad7a6876fb |
| SHA512 | ed5a469bb2b09e0a2accfc437853dff3dd0bd304a8577fa3dd8fea25504bd74050a3582b4ec6f2bf68a57603471253a23e8d8da4b07931df68df3bd894b71135 |
memory/4004-5-0x0000000000400000-0x000000000041D000-memory.dmp
C:\ProgramData\OqQoMYIE\ZIQEgwsg.exe
| MD5 | 454a137aaa73393b783bac3ee5ae5779 |
| SHA1 | 77c646aa71edf9071a1b18b0bc83bafc382470d0 |
| SHA256 | 9bb19bdc8e96e05a5645067ec4f88c7f998f3127a757dd9cd44f28fcd4bcfc6a |
| SHA512 | a23bef4912247c0b19feb11eca214663793065fe81d42c92e86fd735e990dd6008bc6b69b95d037d165fa79a40db8fb39ef88f9088f9e34dabd033ff1a1ad1aa |
memory/2844-14-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2452-16-0x0000000000400000-0x000000000042B000-memory.dmp
memory/1932-20-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OisgsgUA.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\2024-10-20_25254d694617c9f5e62baff92b13782c_virlock
| MD5 | 5861d4e6983be2b92122bcfb7d239eb5 |
| SHA1 | 892a1af54e23a9960f63eae6369c526ef325b77c |
| SHA256 | b3de971f88cdd8219cd9bf4a1212107b4052f468caac1f196d756ddf095acb48 |
| SHA512 | af3ce9a9c4a7be34e1d75bd9e25b483cfadc18e50cdb3229c5bc70bf965f6c478a707711154066c446f84ae5b6216917dd34935ee69772c305a00bc6d5040178 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
memory/2452-31-0x0000000000400000-0x000000000042B000-memory.dmp
memory/4872-42-0x0000000000400000-0x000000000042B000-memory.dmp
memory/2180-53-0x0000000000400000-0x000000000042B000-memory.dmp
memory/5084-64-0x0000000000400000-0x000000000042B000-memory.dmp
memory/1916-75-0x0000000000400000-0x000000000042B000-memory.dmp
memory/772-83-0x0000000000400000-0x000000000042B000-memory.dmp
memory/4972-87-0x0000000000400000-0x000000000042B000-memory.dmp
memory/772-98-0x0000000000400000-0x000000000042B000-memory.dmp
memory/4088-109-0x0000000000400000-0x000000000042B000-memory.dmp
memory/2084-120-0x0000000000400000-0x000000000042B000-memory.dmp
memory/4788-131-0x0000000000400000-0x000000000042B000-memory.dmp
memory/4668-142-0x0000000000400000-0x000000000042B000-memory.dmp
memory/2336-153-0x0000000000400000-0x000000000042B000-memory.dmp
memory/3828-164-0x0000000000400000-0x000000000042B000-memory.dmp
memory/2312-175-0x0000000000400000-0x000000000042B000-memory.dmp
memory/696-186-0x0000000000400000-0x000000000042B000-memory.dmp
memory/3040-189-0x0000000000400000-0x000000000042B000-memory.dmp
memory/4260-195-0x0000000000400000-0x000000000042B000-memory.dmp
memory/3040-199-0x0000000000400000-0x000000000042B000-memory.dmp
memory/4260-210-0x0000000000400000-0x000000000042B000-memory.dmp
memory/3076-221-0x0000000000400000-0x000000000042B000-memory.dmp
memory/3964-232-0x0000000000400000-0x000000000042B000-memory.dmp
memory/3864-243-0x0000000000400000-0x000000000042B000-memory.dmp
memory/3868-251-0x0000000000400000-0x000000000042B000-memory.dmp
memory/1816-259-0x0000000000400000-0x000000000042B000-memory.dmp
memory/464-268-0x0000000000400000-0x000000000042B000-memory.dmp
memory/3600-267-0x0000000000400000-0x000000000042B000-memory.dmp
memory/464-276-0x0000000000400000-0x000000000042B000-memory.dmp
memory/4324-284-0x0000000000400000-0x000000000042B000-memory.dmp
memory/2508-292-0x0000000000400000-0x000000000042B000-memory.dmp
memory/4360-293-0x0000000000400000-0x000000000042B000-memory.dmp
memory/4360-301-0x0000000000400000-0x000000000042B000-memory.dmp
memory/3776-309-0x0000000000400000-0x000000000042B000-memory.dmp
memory/2388-317-0x0000000000400000-0x000000000042B000-memory.dmp
memory/8-325-0x0000000000400000-0x000000000042B000-memory.dmp
memory/4528-333-0x0000000000400000-0x000000000042B000-memory.dmp
memory/2364-341-0x0000000000400000-0x000000000042B000-memory.dmp
memory/632-349-0x0000000000400000-0x000000000042B000-memory.dmp
memory/2228-357-0x0000000000400000-0x000000000042B000-memory.dmp
memory/4348-365-0x0000000000400000-0x000000000042B000-memory.dmp
memory/3024-366-0x0000000000400000-0x000000000042B000-memory.dmp
memory/3024-374-0x0000000000400000-0x000000000042B000-memory.dmp
memory/1896-382-0x0000000000400000-0x000000000042B000-memory.dmp
memory/1632-390-0x0000000000400000-0x000000000042B000-memory.dmp
memory/5024-398-0x0000000000400000-0x000000000042B000-memory.dmp
memory/3472-406-0x0000000000400000-0x000000000042B000-memory.dmp
memory/2900-414-0x0000000000400000-0x000000000042B000-memory.dmp
memory/220-422-0x0000000000400000-0x000000000042B000-memory.dmp
memory/3688-430-0x0000000000400000-0x000000000042B000-memory.dmp
memory/5084-438-0x0000000000400000-0x000000000042B000-memory.dmp
memory/4776-446-0x0000000000400000-0x000000000042B000-memory.dmp
memory/3024-454-0x0000000000400000-0x000000000042B000-memory.dmp
memory/4764-462-0x0000000000400000-0x000000000042B000-memory.dmp
memory/3644-470-0x0000000000400000-0x000000000042B000-memory.dmp
memory/4804-478-0x0000000000400000-0x000000000042B000-memory.dmp
memory/4776-486-0x0000000000400000-0x000000000042B000-memory.dmp
memory/3748-494-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qIkA.exe
| MD5 | 2c107889664bdc5de1ee4dd523a44a9b |
| SHA1 | c27f58bbe6100d8f2a300cca1dc1cff29bfa91f5 |
| SHA256 | 84835455c1f9a3af5b8be0341b786eeac9f0c8356b72035112f2cd962ed0dad9 |
| SHA512 | e4a13efda2a19bf147510e2cc0177ef9dec327708bdb3cc77fc220fb42f27181fd1f11eba25e83ac7ec787562698f24da74e54f83e6de40585d7f0a7d8254c76 |
memory/3460-510-0x0000000000400000-0x000000000042B000-memory.dmp
memory/3460-523-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EkQM.exe
| MD5 | c7ac9e50b6643eb9428ec8425d70fe8e |
| SHA1 | 778b9757d41a4de2759b7c51ec492f6f704696d1 |
| SHA256 | ec4c844291e0e1b777d41d2a15cc08d7121f9fcad0321b2d5b55263550a516b0 |
| SHA512 | b2f408e74bc8d1fd1611e6430601a250f86cb7e33552d97b1c20b2bce55aae95ce0762ed13a93f20822fd08719028bc4bb257507d29302c2d685e34ac3c211cc |
C:\Users\Admin\AppData\Local\Temp\qIgM.exe
| MD5 | cafb5cb4adee98d4ca0b69d68f5bf8bf |
| SHA1 | 6057ff9f0d64d3a422f5dbe013dec327834c104b |
| SHA256 | 66281cc8fc2afae1cbe141b5c034f7ca5b66c415c0c58d9cccb5002f66d6f8a4 |
| SHA512 | 5e4a7f51615412cd7d3b006c2305b3139ed3ef2d0fe3952364d68552b7da6b5238a46d1a58e12db4ec6067ad83ad2a730360b7e01ef7023159c60b8141123ba9 |
C:\Users\Admin\AppData\Local\Temp\yAwq.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\Users\Admin\AppData\Local\Temp\qkIM.exe
| MD5 | a5d295f1de3752cac3b1dba1b93c752d |
| SHA1 | b464f4f2f1ed8b0cb4ec2f3073d3a7d62f693c4d |
| SHA256 | f4e235a233fc75fad6b05a4de88729a3b12bc3fb5fcb7a357ccd317c2a661029 |
| SHA512 | 588cc4c678abbe12ec356fdc382cec7d0e7df694fd159cf58b508297b5d8e6a1cc8b21cff3e4869fb0140b8320a2a661fab48cf1fd39061bd372d7146d8331b5 |
C:\Users\Admin\AppData\Local\Temp\oUky.exe
| MD5 | 9b47c911d39cfa0c6002a60fdcd34cb9 |
| SHA1 | 4650b7500dc058fccf1f8378b6a2553348328449 |
| SHA256 | 37e3ddce00055419f6de092793bf9ae7fe10cbe2c514286bad1b56227e1609cb |
| SHA512 | 3005b370c4e7e272ff56e2d1cfcd91cfa1daece0ba6d60e47e8ace1841fca204d9bf1aa40f06d5180bc8e773ea94c17e0f1d02d694762ce0d29b27598ef2bbc7 |
memory/1172-582-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\iMcY.exe
| MD5 | c6d7015b22fce616d7b40898df9fd81e |
| SHA1 | ddee7ef4cd8ef150b5bdc74704ad63551b4e6866 |
| SHA256 | 2c5da65834bfc8ebe3c548468f645bb74305f85dcea19cb4fe4d9b9efb663bbf |
| SHA512 | 244b72d6378fc2f72b34a4abce4ad2b3e1bebf04009953f36ac128eee7d6982f0c2c1f8ba7367c34d362ead711d18be3a368b532566d477a7dfdbeefdc8f291b |
C:\Users\Admin\AppData\Local\Temp\OYQE.exe
| MD5 | 5c047bcd5081a329144137bd42e36a2a |
| SHA1 | 10ab047095a3e9a4ea4bef40dd9a9d06d365cb34 |
| SHA256 | bbdbb8ef3243b0f140f01c6f513b88fccca79b0cc4d3d87665d47802caf7d7d1 |
| SHA512 | 3a62989ad1448667010dbbb6c58929c7980b3c5401140877ae02d0f1a4894ce0f934330dbd246f9b2641919f8e65faaf532d1515485788276db4f5178d4a304c |
C:\Users\Admin\AppData\Local\Temp\UQEu.exe
| MD5 | 683141d83c9642206c18491ab00b8641 |
| SHA1 | 1f64be2529292adb7dde8437dca9a3cc0058903b |
| SHA256 | b65be318159216dfaf3368a5a1f6aded84aac0d7c69fc79568ab60a913f0ad55 |
| SHA512 | 769b1531e6786a25f89eee46e7191d7b4005fadc0fd7ce61671934dba137d2bece2df9e92244b2dd9e955b05db8be0c023a7b8d3a48988f31074d32b302f2c36 |
C:\Users\Admin\AppData\Local\Temp\qoUk.exe
| MD5 | de02fc75b1402f8ccd217a702f6ce5b9 |
| SHA1 | a83bf2965a86bfdb5ac865ae1ef5f625d075808a |
| SHA256 | 2be44da02b0b89e419c82b2f37abc5137534ee0971f5ae49383c155aecfc535f |
| SHA512 | 52558789eb9ac304b8f7867e17f14d2575ad250a8f79e86a98bcc823a22ff410807caf7302716da704f338859e7755987ef5065ad0aaf221d9dacfd68a8a0935 |
C:\Users\Admin\AppData\Local\Temp\eQMi.exe
| MD5 | 6dc9527df88e12e83171a18146595575 |
| SHA1 | df0bb8ed10d957507b5fb5379e2f12b493404f27 |
| SHA256 | 908eaa2901297a0bd79274fe0b826ff8c78066a731488b1f484e29f726346820 |
| SHA512 | 7a0d4ee3e9b7deb81a2610ca7fc0677cbf7126f61386935ab17349558ed7fc7d2302a08d9577944f3390d6f4feab0167a8a5ba48aa64f4e848d76cd3d1257293 |
memory/1976-659-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IkoA.exe
| MD5 | e0df38d070ebcb73e01209656719b050 |
| SHA1 | 42130b9c6fe38ae722ce2641c4c46575db90767d |
| SHA256 | 980efb0738c15256e703468660e3d0771fe0281f770cef0956af0ce505f46867 |
| SHA512 | ed15138c187ad5339589a4e42a99cfa05cfe51e1ee371009c52320471964484d4b31e7e900f52cd326007508dbaf352c702056216bec5c58a6ea1853808d99de |
C:\Users\Admin\AppData\Local\Temp\cUgY.exe
| MD5 | 0acaf1660d7026cd0f7b36108695faaf |
| SHA1 | 435ee6e401fe90135c555d047a3121580fc04cb8 |
| SHA256 | 30baa43067a211b9f92c3aa3c4aa929de28399ecbf40d74df68e2f1ebbb0b6f9 |
| SHA512 | 49469350cdfebeb2b7a7a1efe2481abe91cb8af74a7538a6dda2e516f6244798497fc07cd5ef51ad48df1c2365be28e413639fe66bc753007cf7289cbae376f8 |
C:\Users\Admin\AppData\Local\Temp\gcYI.exe
| MD5 | 5d9aa81913d052e246a16defe28ec8bb |
| SHA1 | 0dc4b4b531cce8c784b40ca04ed890f505e3cc86 |
| SHA256 | 3c2d6575e718bcf944848af021bfbbd0aacdb3237a11059663e0ed6921c5d9e7 |
| SHA512 | aef387ef43d09a5fd9bf835202438a70839df5d98cbde16d5f3e08f26db7f3f9db1bb69ac0420cd1055f3346a6ac153a09ff2403ad34a76295e57f97a13c8e7f |
C:\Users\Admin\AppData\Local\Temp\SAkW.exe
| MD5 | 4551430535c7ee1a2cc91608f0d841b0 |
| SHA1 | d4d1522234dc672682dce5b6c4f04568364a7d99 |
| SHA256 | c174d6ba262118b48bcd361f7d77f3e283ba36c3375be967d72ea48465b667dd |
| SHA512 | 1a5d96d51fc6029b5f1bcfa6d8f36727748bf2ae90e881f47fa2b7757a031b5f340846c15552b53a8171c766f6388b6b855646c03d13b0cc8563f7312b092c8c |
memory/3644-723-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ggQM.exe
| MD5 | 99ddbaf0483cbc879ecc2d6bc18f385c |
| SHA1 | 955a5af11c00dbb41a4367c71dd01f8772025bec |
| SHA256 | dac9d08fdd7f7f7b7eb766b38bb36fe59d4025d5ff8a6880b4780dbcfde94e83 |
| SHA512 | e47f048c1f6d8598b3127e9e660cee7a564b066f7abee60fa62d79654408ca0962acf82d4a45881d3e25b5299d788d6e0797f73ca4ca9a1aea8d954705c91625 |
C:\Users\Admin\AppData\Local\Temp\gUMQ.exe
| MD5 | 2e478ba9da828d2365cab8b3c41ee903 |
| SHA1 | f9176d8487001c3492cabdd4f2435fefdc537fc7 |
| SHA256 | 9b55a05f84c11aef6bd007d9f7bc8dcdafc14307dd21df9d7f6f224c971ed8d3 |
| SHA512 | 4a9e8380616dbbeaaa74d387c6d969d48c439c9ab50803512e4564a074f23f104cd0dacac93f08ff7080b1eaec04feb3123ff072b6e9baa93b17e2b4f4ed8600 |
memory/2428-760-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\oMcM.exe
| MD5 | b24df0b5fd3484f1a41bf296214ba35d |
| SHA1 | b20bdf0a7bcffdf24bbc2941658e35fbadefaf0c |
| SHA256 | 7990e7d4a2441eb157926780ee97fc8abd72609245769404d0f8d9f755cb32cf |
| SHA512 | 27183de045f5d849e59ebf7f299758e874184741cd33ea824a89edb32124d536a0c99e2bf8f8902716bfe0f904131de0f0a6c3e77c73079a71f5d2c85c93cc45 |
C:\Users\Admin\AppData\Local\Temp\SMsC.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
| MD5 | 3ab1ec1a25bc3335195374a539faa722 |
| SHA1 | cc709f35d97841d72f6c9df2083c250254547bdc |
| SHA256 | 2ee12d6ec95fd0fdd8754ea4bfbf0252febbaa2624336855efef20934783f5f0 |
| SHA512 | b3d45c187af51c5517e4294ff085576abcca9f24a5013166aa3835f14678e706039c72f116b482e5b66a5d71e3a72ec3ada6c4e06bbd12245fb273032a441286 |
memory/4152-788-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\yUoc.exe
| MD5 | 7c35844fd66bc877cb58667b805aea96 |
| SHA1 | 148b3766e062b144d73f1bed247e8b335dd6a8ba |
| SHA256 | 622b60f4a2a53a35594a6b8e6fd89070f887c52cecf5142eb7bf8247dc72b9c1 |
| SHA512 | eca988aab34a6825afb809877688b5cfe607368ee4c6e4711e2ddba6ed0652d59bc0dcf794a49f1814978531bc2ba6205b03d4bfe4b802ab4bb7b57a764e1a79 |
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
| MD5 | 8254b865065afaae9e1834cc7b5c2fd8 |
| SHA1 | 97c42d86a886d51b3662e8e895829d0baee1c1da |
| SHA256 | df61c125f63ee05e44b1a67dc8e8bd44206be0f9963689bdf03c9c74b9020589 |
| SHA512 | 8a3cbba15db0b369d0d6157ea80af96df4eb96a2555cce4e86f5736ebce2358ae51b3737c2e780879c8d843c1f6474dcadd1f26718bd5a19e7632727618e8d6a |
C:\Users\Admin\AppData\Local\Temp\eIQK.exe
| MD5 | 85a23df48259b8d150bafd95766bdbaa |
| SHA1 | 4f65cae6b3e83f0bee7af8f9be2dbeb0bf826917 |
| SHA256 | c863a0a69ed75779788056a1e0d34dcee47cb6a20e7bb86b43a84db14c07f4e1 |
| SHA512 | a4692c5b08b680ed72ec0fa231a6c97800444c8ea64b0cc973ed167512d9ab5d76e1ee8050e8d9b526ac26f61a571f8a9afda275d5d0878153980008ef805ed1 |
C:\ProgramData\Package Cache\{d87ae0f4-64a6-4b94-859a-530b9c313c27}\windowsdesktop-runtime-6.0.27-win-x64.exe
| MD5 | 0f434b01599072a4126d78de495df669 |
| SHA1 | 6049fe2da3ae00be58b0200dbd4564a1ae5be30d |
| SHA256 | 9bb79fd9e8aaad5ed039e5e30faaced43ea1539e2a00012dac6abbeddd639b49 |
| SHA512 | 30213a569bace8ced739b5ea9e05fe0deb53773158c22d46160a4e4c49af63e37e9aa96e4e84ada7049e0a2a31f68f2121fb5b519003c8b1018e9bd2cf96e5ea |
C:\Users\Admin\AppData\Local\Temp\ascm.exe
| MD5 | 44d285d6958f975ec50af879fc3efb45 |
| SHA1 | 975f91b03b1347469d97686ce836e9312cdc4bbc |
| SHA256 | 0b15942a5d589d861149be51056a40c3bdd7e7599078e04ee6beb9399b0ef945 |
| SHA512 | 7070830f030509c377fff0408372ef744c329e0c93d663859ce7ad92575a119dfd506b66340005587a17fc74eb11f8e7c7a50e230125f158dc9e7aa9bf101ba8 |
memory/1496-863-0x0000000000400000-0x000000000042B000-memory.dmp
memory/4152-868-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kwMI.exe
| MD5 | 02a8f1173e72042c56da190d4c8f9369 |
| SHA1 | 24e559dc2be338013511109ead7c481e71b53393 |
| SHA256 | dbafb024438ec3f58dc08ed2325733b050b3bd2481ba4390cc28f45a560b0991 |
| SHA512 | bb07180edb98a0c0e0967c5e52f536744f335d52d36f2b538c362ad17b8d73e5d3ac7e363a4fb37508693c8377101449a8aaaac8ab5d2fe08083de06839deaee |
C:\Users\Admin\AppData\Local\Temp\UYUy.exe
| MD5 | 1c70a6c288c5423302709917bd5a1187 |
| SHA1 | 1540a41ae8d2a53fd5378e25061ad7b191c7851c |
| SHA256 | eca7bb0a591fd2f81c8f4c3086ceedb82a6eb80dafd3dc972d23a97a2617327a |
| SHA512 | 882c8edf49381e773e377e779d16a56f172124e17ec91a442aaad11d1e80bae08f743773c343622cfc49456a30d577445acf25e2d20f9f1faac7b7d45a9c1a06 |
C:\Users\Admin\AppData\Local\Temp\KsAG.exe
| MD5 | c633d2dfd4385cddb17216710ea925dc |
| SHA1 | 28c4ea04c69f5f6d6ee52ff1cb8f60df04623e3c |
| SHA256 | 680c8e4cacada445ec73b68bb0e89afd207a47a70464521212dcbca30abc5928 |
| SHA512 | a51ba44075836b885db66be4f627f3daa5c12072c7059a6c9780cd7c6096dc7312228a67a1f3d7edfaadd35aa2468ef23199896086dfa4f8b458892019480a67 |
C:\Users\Admin\AppData\Local\Temp\aIEY.exe
| MD5 | af09fea88c162b303379918cdf6b7aed |
| SHA1 | bafa9044a25831d55f7115617b5a44b316b51008 |
| SHA256 | 32468f2d83933f4f8624364d2e2bc837ba4d7812687b7965e6cdc0ca8a9a7136 |
| SHA512 | 24b3cbf16d1e5165567f367e17a838032a8f41fa6d3eed79062f89da9ab71497661964d331875fc6bc6d523392330031c6ff9667e34ede58bbc941a77f7ef883 |
memory/1496-930-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\oQkG.exe
| MD5 | f1da1d2d8647043605d0cd62ddd4ef88 |
| SHA1 | 2091d6a2e2b1b35ce2e126c91ffb0cbd66fc9690 |
| SHA256 | 5961b07eeef6f34e13caba4eeccbde78bca1c5ea282571e433485bb80dd50fab |
| SHA512 | 99d6809b55b471e86d40a59e22b26aab21335af6c6afa81f55d98f2b41b06a4edb2a123f498cc117d64f06ea77745d671c7a28e9a8c74c9d77f4ced015263c92 |
C:\Users\Admin\AppData\Local\Temp\GAAI.exe
| MD5 | 3e4398fff3d85b0b049ce4d4c0f6062a |
| SHA1 | f2dbc0ea3339e8655fcc2e346fda5bc277346dd9 |
| SHA256 | 60dbb32b95b267c18075b04b30424c0195e65368666a1266232ac3582cbf77bc |
| SHA512 | 9274ea8871f656172624f346ed56c4a1d39652f4007d1d8fa8ae22cceafcd638d7bfd96aa026388aed06687d4a6503072ade0780c7147c0ab009346c711f70e7 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\AppWhite.png.exe
| MD5 | 722200739143a4ff2ff0c764b60c3f1c |
| SHA1 | 9c84c1e6d2089cdea4fb063e1bcbc30dc5d43d2b |
| SHA256 | 3960d739decef8c5335fb01ad1a84094fff888813e4af7f16367a74654353843 |
| SHA512 | 9faecbfaa148af4e3bf896a532d0d73ebf08c19eb26ae03e2925dc6c39fbf66f563a83e76dee180e2712e414a2ec057fa18d9e949bf8d360d994540def593ed7 |
memory/3176-977-0x0000000000400000-0x000000000042B000-memory.dmp
memory/4388-986-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Iska.exe
| MD5 | cebb43077aabd56681de2b75a5c7e01a |
| SHA1 | 0bf23dfa962dcd59aba8ec5b4278d837b7c1bff2 |
| SHA256 | 38d0a599fca9580a3deb89cfbf00dff117beaee85167943408ecf0d3d9212814 |
| SHA512 | d7aa1638f171c6de45c22fad8fc57df50e040d60c82f4a746836d508f6276789ebc564dc3567fc68046e13de3afe88a48c5820385f22a743c326e798c6e908ae |
C:\Users\Admin\AppData\Local\Temp\Ckke.exe
| MD5 | b7fe86e2b9f2fbade331d3c744ad357e |
| SHA1 | cda940cbd6f5371247e1923ea037fb878d983a4f |
| SHA256 | 2dda3e328a716ebc1066ccbf22d055ed0a51ad6f8f693f1d539620c0aa48a8eb |
| SHA512 | 52b7e16d3c5c8fe4fd6e1c3f0b0037d7b9bc2aab747ab6f7984015c5ff3e7fecead99781285458b7e9c5d39ad0c55a409f1c1174402944c83825c0a5208137a1 |
C:\Users\Admin\AppData\Local\Temp\Wccg.exe
| MD5 | 5945a033e0de2da6b070dd7fd36ff9a8 |
| SHA1 | c059a8e151dda1ff2b11ed81fd3e5e8c7a2c89eb |
| SHA256 | 121bdb01dbef03054f4524898c2beb132c8a00e56caa549b0031efba71a5f48d |
| SHA512 | 2b510a17ea403a4ff01e3282a5ef04c17437fc0db91f514ba83a1172ce41decfaf6d95baa4d437f6f469ee0f315cace36cea8f4dc028c1347fa098c907baa769 |
C:\Users\Admin\AppData\Local\Temp\iYIk.exe
| MD5 | e14ac119dc7421a6a20e16723614699d |
| SHA1 | 7f42a1406112222309307148cde79916e573c9df |
| SHA256 | ea8417240dbc0e90f4c7ac9b2f4efc89b9c11009220921ffa57b8c09cdff9816 |
| SHA512 | f6a3c8f3df5a01c113bb0adde1ba832461b2fd2f2d0d908eaaeb5942c1e48e74bf5096e79fb3b91fa8d1dfbfb1b23f890317b09d12a7db886035d1cecff94900 |
C:\Users\Admin\AppData\Local\Temp\UMkU.exe
| MD5 | dbb085648ca84950a2eb71d3e17dac3d |
| SHA1 | 75ead5dd24de14915728569239090adb698b435d |
| SHA256 | e788efe5342c032a17b46d57f0c3f4ba0832734aa7fcd3c65a069c6238493c56 |
| SHA512 | 18b0fa3c7bc5369e829e92a5309f4002d2a04b01b38403151f2c4cc8b519d819f111e60dda094e9b8eab8784a5a1a40c3ad729070888a182edabbde1fd7a6bb1 |
memory/3176-1059-0x0000000000400000-0x000000000042B000-memory.dmp
memory/4936-1067-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ccom.exe
| MD5 | c724776924da666821ad6fbd05910614 |
| SHA1 | 7c6854772d80bba5695109b298ff9617edca9fb3 |
| SHA256 | 0d47254f5c9919f5b31e5d2a5a25fc845adf7063f4d40a73d8f1ad8213dc0af1 |
| SHA512 | 847691d271c813231ea7105a79991feeb09d449584a0de52288930fab939a857d318fef34af2c76a055e51466e37eaa1aeac717a5e4dc58bc692afc647fc5f49 |
C:\Users\Admin\AppData\Local\Temp\agAe.exe
| MD5 | 12d507f11ba978c1a677553c00d45c9b |
| SHA1 | badbce33c675ea531aca2f012688f70feb2c252e |
| SHA256 | f1424e03fe0856b4639bdbaeadbebaa7db995256ab2e776c9bee77a696999eab |
| SHA512 | 410ac1e191bb60ae3931f91676e1568843d2a406ad41e3a4a53c8b59d6b7be617d239157815b7a0ec9311dfb65abeea8c189e8f9b01c59047e966adb50288de4 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\KFMLockedFileToast.png.exe
| MD5 | c389259e7d4b7f2283b437c3a6dbcaa4 |
| SHA1 | 528a44c31a428ad00559ab527b390912c0ad1c2f |
| SHA256 | 0d1ce0f341abedc3f3882aaf044bf3b788ba5db50d6b6db8bf9d156ac3408cf2 |
| SHA512 | bae92b93cf3105fa4dba2e0ca919f2300db83315d3257bdf3a974061532e55471c759d1c09c0ea49ba3303d10d1d8b2b4862d169343be0a66f0c6e569e0f4b65 |
C:\Users\Admin\AppData\Local\Temp\mMgU.exe
| MD5 | 42ed76943a77e972e91a893b30fc8ac1 |
| SHA1 | 9559f94d1819401c622625dd8545a720afa759c7 |
| SHA256 | 5557139c4520131d516a902b268f63133a84e2af1b3c0821a89c44dc6cc59415 |
| SHA512 | 9e3cef5b196c5c9fd46cd8715fe5c8d734c9d43ff70abf603d9e63fe9bfd0c331e7bd2a62b7b43223b2a5765e04b9744eb6a14239b68be0a06fb017734a2213c |
memory/3920-1131-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CIQg.exe
| MD5 | 2f14339e56a94ba439e5a11b513ae787 |
| SHA1 | 6d36a6b5fa812107b0d4b5f3d6c52db7cf07bb2a |
| SHA256 | 2c077a2abcab4535bccf3c77a0f988c26ecb97aee67c6154b38a0aea75d07672 |
| SHA512 | dec635e74d9990a6af70e532b1c0603a15f7ccaa840cf57a77e3e7c3528502c45e71cf35bf525ed14e011c587d01268ff29fb09ebd54d3b8f4e64cd9446c8e87 |
C:\Users\Admin\AppData\Local\Temp\kAsw.exe
| MD5 | ab5a8e594bde6c22d2e8532ca63a79e3 |
| SHA1 | 4490262b6f2972d3010284179db054c73d9faf41 |
| SHA256 | 69eeec167e4f62cf1ace1b62a6f3532aa3ebc3c8cefc5035d8f4a2c1c8f981c1 |
| SHA512 | 0e2bb0d6caaa815e73d7174e0f4cf85f2f97ffcd97057fd6b5420d702450be58bd2fd284c3763c7061e8a4742ab493d84d84c93f0005e7681561e51627ef751b |
C:\Users\Admin\AppData\Local\Temp\gIgq.exe
| MD5 | 61ae0287a6e56c235b7a479a63d4f9a0 |
| SHA1 | ebfd7c3317d26a1cd5c058489d7d774fb42f9bea |
| SHA256 | b4746cb872bef3b061bb8c5de779540533cfb33e78d13ceac991f9c6f13ccc2a |
| SHA512 | 65d3b2a102610b0043fcb58ffe2eda57b1f02ed2cd08ce76b2652d8ce44f3d351ac2a0161ebe08d0c94f70caa4d6df1a58fcba2c623072135026628886fd7ff7 |
C:\Users\Admin\AppData\Local\Temp\cUIY.exe
| MD5 | aa240499ff20847d1ce189e41b36c89e |
| SHA1 | 736d922e372a83ec8301a2a3f16f01a7f2954ac2 |
| SHA256 | 4a9d16cd3200bd544534fdec1357677345f0379e248c94f737621b7d2d9ed719 |
| SHA512 | 077754af938d93fe9f4d7df726a5764f4bda14f60e9db46f460f551d2c9d857b1790fd6c264cd59f9f35b97b7f1ef86c4d7d14d33c77ad10a874d41ff0c396e6 |
memory/2612-1195-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GocS.exe
| MD5 | e37f9172bbe870a281f700abf540e1e6 |
| SHA1 | b007d1733b8ef46ad9aa4e161cabdf9cdd19e544 |
| SHA256 | d00e3839d1b9d6cb689fd9eeeecbe528c6e784b53669991981b21a68f2131419 |
| SHA512 | 6cb26671214897adba2363d05495c7f91b10d3a06adfcdb06668b641dcdb2d9a7db69d45a6afed03e0abf0c4818c558324945af60288ba0c7564e6cbcec76fe9 |
C:\Users\Admin\AppData\Local\Temp\AwQc.exe
| MD5 | fe28487410ae6f7a8bb1e9a4dca8559a |
| SHA1 | eb8986f839720e017fddbabea00b35797437072c |
| SHA256 | 06f0205b85f5841b9845f07b16b4eb29b52f75ed6e76299d6ae57394ebf9d4ac |
| SHA512 | 2a31b07c2e41e32301d9d4cc6d18be501d503a092879b61fb766713c75510b900097d30e5103c35df026d16d6b1a7d275c99cfca71208913c05376c42201e184 |
C:\Users\Admin\AppData\Local\Temp\YMke.exe
| MD5 | 6cfbe1cb24e0a8baad143fd59a72d160 |
| SHA1 | fbb256ee65c9d9a919cd318d4876a1c3a1f6ed96 |
| SHA256 | effe7c436c593bfe6fd744cf333b03c3bbb63b8bb8595eab46055a12f29515ee |
| SHA512 | 87c25dc8b9c48d3847c7ff6757900ebda5228230671f81231d5ab3fc16c631ebe0c490194fefff4e1e35fe896b2daa2b6f93a881d061a2c9a768923f2e6382ed |
C:\Users\Admin\AppData\Local\Temp\AwAo.exe
| MD5 | 8bb3960ce534c73d242d5447953e40c8 |
| SHA1 | e7136b76e5991b078714df15cb1550d989ae89aa |
| SHA256 | f9cff17ddc2fc8b79b95ef2f1e1eae294197b0feaa4d86234ef10b219811335b |
| SHA512 | 42988b026bcdc081d4b0f77c54ac6d08ab0074ca6018714c017a0c359f92978f76111cef766b8eb84e86613768c87c570c1c7ca5f5a04bf72060cd6c92a995c4 |
C:\Users\Admin\AppData\Local\Temp\cQIC.exe
| MD5 | ddaf43d8f2f25874e1a8b8f69311282b |
| SHA1 | e4afcabd84ba61611395992fc9cd952855b8852f |
| SHA256 | a362836cc618bb0960a8d8378530a25af3bbe985f5e12b0a1adb321eae555bd2 |
| SHA512 | 6e3e7dba00bd998fd3084553770282d4e58268d5ad1850dc059fceaf55081e3f29e9849cde425894ec7b82bb4eae671f2753320d90906c9dba313d9870a27962 |
C:\Users\Admin\AppData\Local\Temp\sUcO.exe
| MD5 | 4a2d4d86a580b6663a4652f22d9c709d |
| SHA1 | ab72c606dceee7b139e4d91c27d52712d8a8c194 |
| SHA256 | 5904bb79caf5c0d19a8107f4e29720701fdab93591661fe44c34ab8121f7a7b5 |
| SHA512 | f976024e5ac042b7e0a8d0276b5f87241ae60ec2e029012b1feec2cac9913a486871892ee16c7b851a252b0170223b935c1456a9700c911df6446c4e6dd48206 |
memory/4480-1287-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-400.png.exe
| MD5 | d88bd3271b5e9e6ab830daaa236ca930 |
| SHA1 | 9914fc575b9b4731e735109d61047e4910806843 |
| SHA256 | 380676c66b42d1e7fb0430ec32044a264c1da6a656f1c102af7fd7e2ee71d144 |
| SHA512 | 2fc620b47943daf959f49af5b33f078eec4335b2290fd23bc8fda3dcb9af1223b116e7de9cf8dbcd699cb0fac62122efb8ba7839aa087d1e398ec27d21b7b461 |
C:\Users\Admin\AppData\Local\Temp\OsoW.exe
| MD5 | 9d08ecea003c642398ee31e4297a6e6f |
| SHA1 | 03f6825e7ce786020e083662b79f1e9de27af04b |
| SHA256 | a90ba1ceee3f2d90cce09965c275b8ff8a9ed0659292ef23dd957132ba05c25d |
| SHA512 | 01bbc06570f31791331963d66e976306d3abb2e71450cf994fbd84971e90f24eee24f2750275e04ffdca8091014b09e5892522e03ff0efea4a3492d880da5d85 |
C:\Users\Admin\AppData\Local\Temp\iMkQ.exe
| MD5 | 0eb9199b4bbdf2f30384210d80b5e786 |
| SHA1 | f1025a398af9fa35ca0217d0e3eecf40d04dd54c |
| SHA256 | ff6d19eb6e3951da8284bd0db5e7601d488dd574181b149bb3a12b96916622ec |
| SHA512 | 453714f6a6f1a39a7d1b56ab84817af3b835695d55f653d5c1576214180bd3acd747e19b22df54db0c589396aebdeb3029665b7eb465902ba9ce9f75600393ea |
memory/1204-1337-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WwAC.exe
| MD5 | 91bd470e3f8d128100dd669c146e0eba |
| SHA1 | 251fe85b7849aed33e2342217ec16f896cacfec3 |
| SHA256 | dcb35f06e2ecd5b4bda1e5e3c7129040636a3df7f087519f91dca331fae94ba0 |
| SHA512 | bf2ae0ddc56014b44b76c411c2ef30f95be8dedcb3fb40fa862f64aa0143f1cc9c5fe01d30d8a7c81bb1d9961af7c36a77c1275826e7309521607abe06eca2e7 |
C:\Users\Admin\AppData\Local\Temp\kYYI.exe
| MD5 | e43a067f37adb228e60fbb739af340a2 |
| SHA1 | 6f2d619a5019e7cfb0be0ebee1b51d0a485e01a2 |
| SHA256 | 96e4a4a9f2ba2938390bb71d46f035c57edbd52f79bbf62e286b240b089e0087 |
| SHA512 | 7559be9b2482051e8ec12ca3b2ca7b72ca125c0a359de1214a873df34d929976142eb749262f7976ec05910eba6cac1fa9fc6236e9bd94495a7235cb5c8b7882 |
C:\Users\Admin\AppData\Local\Temp\sEQU.exe
| MD5 | 21c673545d9bbb3ca77b66f879f768f5 |
| SHA1 | 9f4d9f6ccf303bf101c1ae336555d929ab0ba70a |
| SHA256 | f4984bbd6cae12d903a2d65e6a0ac06f362f8f511b8f430ca0a8fb0522953e69 |
| SHA512 | 3ff4a0b573a11c5b4e6f12ec9336cd51646ca8f7a6e80f52d0e8aa436c225bb159d38fff86e8c43b5d1fa092348e88277aead8031972168f18638ce7c5cbb465 |
C:\Users\Admin\AppData\Local\Temp\YYwS.exe
| MD5 | ec4e479cfcc79b638052fcb086250817 |
| SHA1 | 2e705304642b0d1d58802039febd2caec01966fd |
| SHA256 | 6a0a8f9a7c17b1d74960a664925b11dd1bac35ae8f9971d6126a85bc285e0ec2 |
| SHA512 | 61ddef57e83f539a1f1e31483f7f4c1c44f128580c04057576dcfbb479b07b04a317c7f1e67be582a009f5dc800f297ac9473d4ec370ede28c9ffe8b7eaa9da7 |
memory/2620-1401-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IQMs.exe
| MD5 | c9cf98395f244f7ee32b252019ac95dc |
| SHA1 | 15dc780ac054a158fbba7a4ea317016896b9f206 |
| SHA256 | 0b6d571eab604e741d3187b0d5c469212aea8c7749339298c0ceffffc364ffb8 |
| SHA512 | 28d45a45193901945d125a769d7376972ce7825efc07846bb3219f03ad81b97f370abbc477eb4e1d02e451721e4265ede5b478cfbabf393fcb9c48c6fb05b7cb |
C:\Users\Admin\AppData\Local\Temp\KUwa.exe
| MD5 | aaf0eea3acb2e477b2628a286b590c09 |
| SHA1 | 6c2f3745b8a47f4efc4b24e35f50e184230c1db4 |
| SHA256 | 6e8a63a372b9d450f7080a59742cb5ac145057317849c77f5269646abb39b089 |
| SHA512 | a0494a66ae24f94fb80c2b3e2ff9f879c475cb218dba85488373a62757951f96363f5ea070368979b815024ce8138cd6dd972bf03b694ca36cb5ecef1dbad305 |
C:\Users\Admin\AppData\Local\Temp\IIkc.exe
| MD5 | 303e0c9915f967e0f9342a20d69eb6c7 |
| SHA1 | 153c2145b4b11d250e8a41fffc7018d9d595f832 |
| SHA256 | 6d526321e1c7234acc4294e621b3c91fd6486d94077dd419a206568165e6407d |
| SHA512 | 04778dc1715c566fcd2d15d7d67510bf3cd268ebb1d31b05e25bc0c8f156b23dbb6b81cc055deb0ba6c810069d3fc5fd5e21f396722d2a92ec5cc5a931ac7ce4 |
memory/920-1465-0x0000000000400000-0x000000000042B000-memory.dmp
memory/4420-1466-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\egMY.exe
| MD5 | 40d7f1fa398a01b94a4eba2dd1d1df31 |
| SHA1 | 6df3242c0b0751b14ed81e9b7d642021fb0b1546 |
| SHA256 | 49d0df6a068be79630b95a9ca9147546609a74c244c2ed75e90d96e7a080bbba |
| SHA512 | 4e8e3647b755a7e34f0263f2e7c0040a6d26940531b46ee73cde44184162ce92a84971187267132460e252618bd966788a24d4827268da2b83429464131a2ca7 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-100.png.exe
| MD5 | fc28fe43dbeb77c7f7fa63ebf0ca1e92 |
| SHA1 | 62e4b3ab04db7365fdca709d2596a613e568ace6 |
| SHA256 | 11f0e43fa1ccade2ead10364551fb48e1602f6d722945f7a21b27212fdca83c1 |
| SHA512 | 9c052f3dfec6009c79f7a4350afabae050c23a684824702dedc633680824a63cb7ecb73e9c1699f2419f6a6f756c91e9fc2560d1e6a0295a940bf741888b8b67 |
C:\Users\Admin\AppData\Local\Temp\eAUY.exe
| MD5 | 0bb4bed0633c32ab187b963ba534faf7 |
| SHA1 | c1848902c24738434fdcdc5163bdd70aaafc76b6 |
| SHA256 | 48f119b5620c69ce0e0eb87874991e19a0a8e5579567d985c18056dfb8ed33c0 |
| SHA512 | a0e3bea63465fc39d3a9696cb67ecdaa842470e51648c15b69ff0a9f3c97e366adb4fb6b92ad5a8f66176ff3909894fa2221c9a79cbfafa55d13bb00c6e590d7 |
C:\Users\Admin\AppData\Local\Temp\ekYQ.exe
| MD5 | 6991355f2973c8d9ca68e5e8157c6465 |
| SHA1 | 4ca688fc2921c8aecbd63c7dae7470afccdc87cd |
| SHA256 | 5cda25315dc5052c3d50c52d5f34c8310228c5fdf8f800f1cf2110e9d2a62430 |
| SHA512 | 9a36918fead4bf733ff78c5f04eb4b198619cf3daa03f2207a9d3b6801b1c480e977c4d7d0b7facd018c4f0f8d3978118f2cf3683817eca158db94ad2ffb1c86 |
memory/4420-1530-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QEkA.exe
| MD5 | d781d60ba530ded83964b26772e6e99c |
| SHA1 | 91cd07a81788d88408c014659e411f2317546b84 |
| SHA256 | a2b0ae29d12fe52a507edb0b21a81e8e6ba7861f64bbdb055dbc1a1c9296a745 |
| SHA512 | de794cd25bad2d180d2bd1f00321a1404c5def04f2ac0f286da2bc800524f227e1e6a56db0eecbdf8e5a78f0f8559267ad6e62bcdcc139323b5f63ddc996ad45 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-black_scale-400.png.exe
| MD5 | 81c18de3da270af4f7bafbcec8976ac7 |
| SHA1 | 475d1a14449d0991a91fa893c9c29b6d9210a7d0 |
| SHA256 | b6971d73e0a1fd98c229f1a32beade920166dd8e264a97fa0084b192c4cf88ca |
| SHA512 | 9178565e38a4f8275e00a304570972f7ca8d1dd23415a32214041f3a4dbeb13b7440a80e0cf8926ef1e78693d38a2d3d43ef0d9f5db1f4fbe59ad0875e64cf26 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-100.png.exe
| MD5 | 4280aa1390436948181db1407f0cab91 |
| SHA1 | 8a459f861e7f014f509665ac742b48a03f4c873c |
| SHA256 | 2aee16484fab104025fc6598bb6841fc04b872c3bedc97d1269b16b0200db688 |
| SHA512 | 7c7bc2a4c86dcf36d32a9da64838c41cd532cf8222f69b7c10cf7df4948dbf2901da3a0bd21bbfa843972d2c610e6e9c90efcb5871d936ac70d664452e47e2c4 |
C:\Users\Admin\AppData\Local\Temp\QUIQ.exe
| MD5 | c6d3ad1719ee04e0e6c76fe3a6fbf7aa |
| SHA1 | 1b6316f16712739e944a7593e8e2f2fb194895b1 |
| SHA256 | 26dc0f55af5a9a1dbbedcab7edd1bb453e2373c13882fea0539290114ae9afd6 |
| SHA512 | 8a025e3b1ec8974b5e1c52143d9ea36dbfebb0bbe1e41ccd3a96f90e01a7e2586f201e3a7b4a36133201c1203c0511e53a578d571b07793d39778c936fdbb399 |
memory/2372-1580-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IwIC.exe
| MD5 | b8f30a4d155bcd110b47f83f64a0304b |
| SHA1 | 2f03bf4de3c02bd5fe077eb764885f8fba6b2c9d |
| SHA256 | 6b5a685e31ec5f86070738f2ed0cb0ad5df44591ddce81f55dcfdd1368b12c72 |
| SHA512 | a25455b08a893f2d9fecc06d522383dbc171cc1ea08c7a485cc30802213e1e1abb44e1851434b3a1acdebebf4604eb630ad6586a70e787917b31f10a0e4bdfa9 |
C:\Users\Admin\AppData\Local\Temp\UwAE.exe
| MD5 | bb52cb616d160e72e12bbb5b28177c64 |
| SHA1 | 9452aa6f38922317655e3df7bc4aa0c9a13ee27d |
| SHA256 | 46fa28151da309520758032a02d847a939d2114c55012a3bd5b8b90dcf405f98 |
| SHA512 | 8063dfec70a90b8a760936d569051a5275a003ffbdae45199851bfc5f2d49abf38320526d99c9af247bf43e65a383efbfb61db08a898cc1726146c546c2040c0 |
C:\Users\Admin\AppData\Local\Temp\OIYY.exe
| MD5 | 8cdef3b1bdc6da8dead7621bc65dac81 |
| SHA1 | 4c69c1fb8a222c5ab21647ca08ce2993ce1a4ea7 |
| SHA256 | baa9a31ec93f41f00c5e0c629412d90857be331c8fbb017201dd2c482083eadf |
| SHA512 | fca538ba4a3ea4d7ce8af956df1fd797d340c79e6fae85bb3c57812b898b1776090664fe3e8de418ee34fb134eb0744ad349ee0dbc993ccd60b113ce8c7c61db |
C:\Users\Admin\AppData\Local\Temp\CEkO.exe
| MD5 | 8029e544ac7a0dd6d6285a7964e4a3d5 |
| SHA1 | 2a3f98cc3a880755318e8c452afe9ad7b2e56880 |
| SHA256 | 751188daba454ecd50e01fdc693dd510aac21f6fdfb5900b661c0e6c7584dc9c |
| SHA512 | 3fb66c0bfb0b504b5c9cd08ec957d370614e68584c4637f69b2929ad95216d2cc5f9da6738bc25aa5a23402eb7ff1a3d5e189448e9d87f8d8740de160ea5bf09 |
C:\Users\Admin\AppData\Local\Temp\WMQW.exe
| MD5 | ece78c75abcdced986295ec1ee87b8dd |
| SHA1 | a89c4ea0512661c029492a35a2db66ae7040b9ac |
| SHA256 | e02c2668322f7aca46505625143ef4b9feb78c02b599e892cc6c67489e7c1f1c |
| SHA512 | e717b3004342aa02b63ab812f9113a729761419e9af7d2261311501a345cd8d215387c235822ee2661b89fa4072d70c54cfc0105d3c3ef55b307290d6abd7fa7 |
memory/1276-1659-0x0000000000400000-0x000000000042B000-memory.dmp
memory/860-1658-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CkUy.exe
| MD5 | 7cf4e9b89344f482d11b718836548593 |
| SHA1 | 0acb04ed1051763e6998dee2f0fc0279265debcc |
| SHA256 | e823bf19d0ce66b382e40cb876e83773af210865011440f6e1953f39850d5d1f |
| SHA512 | c00394168c674bb155e57e818660d869026a75e323123fec48dcf2f195857ffb2ebf5088f3676775a10f6d7016fc7cf766a16a768074b234d30136b6243c930f |
C:\Users\Admin\AppData\Local\Temp\iogU.exe
| MD5 | 8ac9c59531c271405b00319a4dcd53af |
| SHA1 | a3f8ffe1958dfdb23259b40e705456aa1aa3b7a2 |
| SHA256 | 9ff6415bca86a4c131ab962c20cd9252ef70124ebf54b1c46013dfdd218b16fd |
| SHA512 | b649db34e52041d7b1858ce27ec8e026260d8c284ea65fafd79b982d0bbec9df7aa14cf23d1679c0ad2b41881daac98f57159953556d63395b7e8ccfebcdab3c |
C:\Users\Admin\AppData\Local\Temp\kMsM.exe
| MD5 | e857d10b44fe1e89d1f4fd5b4dd89046 |
| SHA1 | 3b38671dfb72e90e31afc2da8b283e260aba2397 |
| SHA256 | da38ede156e155bfbbad7436409584441ddfffca522d9f2c62cfefb1bb214f29 |
| SHA512 | 670e0effe496f9ca8590e794fec2ac51a8df4a7ba09971523949207a7d16440df921f01362dbce63415faa8097a83dcd290aaa5e2d75929d6aeb567451bb510e |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
| MD5 | fbd63cce774efa8ff19674feb3711159 |
| SHA1 | 1d5ae4102bad6c9604b07b0b39707ef6ce92b553 |
| SHA256 | 38ae76adafa2e697e7b7454832572d5aa80bcd009d5afaabd2b21129fe7fb73b |
| SHA512 | d9c2aee201ff2d35e6e051fe83771ec23a35003d0eba559db3f7945d1957460894ab724a6c8793105bdbce799813c3e94b8dacedeb4fa1d652317d50aa9fcb7e |
memory/1276-1723-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IYcE.exe
| MD5 | e3516d0dddcc0d5fe74620a31689f3a5 |
| SHA1 | 98ff44761dce544773317f2d6ba52c5aac51aa63 |
| SHA256 | 5b0272865c115d64e22e8021fad7bea25a491664ba24c52a634922d6e9b5b839 |
| SHA512 | 64d4a974656db9f2029553a9bb3c08bc2227a09049b3d290463ba7d3aea3448aaee69788d0546537abb1ce7a5e219b804be7d23bd03489105c8f1e37240397c6 |
C:\Users\Admin\AppData\Local\Temp\Socy.exe
| MD5 | 7b310ab59f4ed97a38d8e5e2c33062e1 |
| SHA1 | 3a45749893afb4a23dd1750a227516a269e1152b |
| SHA256 | 9b99cfd60a38dec9563090452f9a4dd8390f6104160c0a8d73d39076ba91b046 |
| SHA512 | 72ed25916783d4586f2c07ed9f95d382d42d76285965e87f2410963c244aae52b108c626ea6283739bfab9dedfd1bc2fccafc7b9d33eb142eaf47040dc165740 |
C:\Users\Admin\AppData\Local\Temp\CkQy.exe
| MD5 | 420a65f21351dca3a1701c305195a072 |
| SHA1 | e98c7f8045b0a1894e5bd3c02989dbb4f7e55552 |
| SHA256 | 8a76366ae749ce002080f6b449fb41582ac3d6eb0748f681e6c821e0c989d96a |
| SHA512 | 5fb393926f3c9610cef3a7e52cf9e1549e439daa30ffb909389de845bf567e8c77419144bd543144848cac16efd762679fd19f7edbe30cc3fc433b09fc0580e3 |
memory/2372-1773-0x0000000000400000-0x000000000042B000-memory.dmp
memory/2460-1788-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qcou.exe
| MD5 | 5c18d4d5bda1ccec78c1963be2b76ddb |
| SHA1 | 9874fded69c76bc2aefeca83b91b6f9b86c5862b |
| SHA256 | 9f57e57bbf057799a446e56da3730239e858395b9bf45af5b635476d5cae9b7a |
| SHA512 | b4ebd55073fb71a8fb14ff9c94f7fa84a32c21922e65aed9892ebdce13bebedd073ac5478395ab6a1f6948b2e4b3e9fe926e18ddc38e989a03f80f24582f1694 |
C:\Users\Admin\AppData\Local\Temp\wEMu.exe
| MD5 | 2c0847eda164823c2aee07d7829b9e11 |
| SHA1 | 0f2c2522b6c49374145762ba406d4706cb6c5dd7 |
| SHA256 | f39f974ef663a571c509cb29a53751eea995584227e8a080171e571e4f00346b |
| SHA512 | c9d0a24fdf95d7c93fe9b8ef0b3e0180ed2de936c2fc1f91b8cb2ce89b2de5e77f375d99141c1873b842398619eb4e3afea8350f8ba5881dbf71d5da93176481 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\6501008900\tinytile.png.exe
| MD5 | 911085ed8bd2041d2d9479c97d6a6d91 |
| SHA1 | 4bad6995e315750ba498510a7eda29812543e6e5 |
| SHA256 | 5756534a0da53b9f5daa4740eeae136b87e7b58824e355987039ae8a2edb8046 |
| SHA512 | c8ca20c67944b48ba512141de192ffc3c6c858db9739738f1250f32f6b85f6fd377d3b052e2d3dbdd53a0d30f80d91d4f3092b800403c3eb654ffc453ff738cd |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\7603651830\squaretile.png.exe
| MD5 | 963de68ab93ddf934647431befe3e248 |
| SHA1 | e2b3faf3359eca42a78e2ac22c4c4716eb8bec68 |
| SHA256 | ea5c3dc653217375d28ca79c76fb17ca0ca0299e9b427d80200904e4c8eeaf7b |
| SHA512 | b76c33962934de1aa735b5ebfa2713358721a858cdfcba6268f5770009ed7e651f164b0a825b30e839d22143aefcffbe60a7592d815fed78f0fa88c9f8928b0e |
C:\Users\Admin\AppData\Local\Temp\KcMY.exe
| MD5 | 4e77a415b71bfe516815bb496fc8088e |
| SHA1 | 3b7fc6c61af0691557e75ae3d394977f27e05592 |
| SHA256 | f59e145ceb4ee361866a0aa644d00176a8688aad9ee6208f9641a6388f0c6ae2 |
| SHA512 | ebd6ce71ac443479156c6208ecd73bd0c8deaab9024718336d4f940bbc47b26a1be1a8694cd3d1c7e83d105ed915dfca6e103109ecc61a81c35d9323e3f63469 |
memory/2460-1852-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\SscQ.exe
| MD5 | 29da32f595b3774f0910fd164eb6a092 |
| SHA1 | 171bb68736221488c43407f674fec9151524f296 |
| SHA256 | 36340502f857b9bc03682377b8965d95459798494177e3f4db6dab2ba181bf0e |
| SHA512 | 0845427e5960304da1cc3c9ba68d39882501766aa959f7b3c51dd910c9f486c57d068f5b2e3e10a7b6707dc6ab7143e44879310414709b5c27de382c24bc133e |
C:\Users\Admin\AppData\Local\Temp\wMsm.exe
| MD5 | e8f38ca8345bef86cfee76ff2841e00a |
| SHA1 | a5bdaeecf0dd6aef7b6a046870c489e7ee849f47 |
| SHA256 | 8efd5242fdf8f5c7dc70c23a6e27131dd74ce2cab7bc2f9ef261748909c1ba1e |
| SHA512 | b148158fe34e73ae4060ac5338befc95209fea6377edd633cce3a602c882579f531ba49dece370d42f51cb9ded267faf7748ce06bce95d8a955aa01042552fab |
memory/5008-1897-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KAog.exe
| MD5 | 872eff0dfc184e871b448c4c5f6ef83e |
| SHA1 | 45cd941db5df1dce662f5c93276d95ccae35a636 |
| SHA256 | a97f60826e1314d3e39dff885c5818e066bdd793f10dea6f9c0b63ea55c8b443 |
| SHA512 | d7d11748b3c78b824b88c7cad743c9c7cc03806c8ecc99963ebeb84adf01da2a633c856bf67becf7c61b660f49660d8102c33c429f415f1b63d630e1847a2cc9 |
memory/3644-1903-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QkUk.exe
| MD5 | cec5e7c8a99c43b65e9ca0989f0ebd7a |
| SHA1 | 8163ac8545e1922df335b8aaa1a86974fcff4855 |
| SHA256 | 813c3a69a9edd814a3484f7140b9c9c71fd057d8b68c8b42856b32285c5da775 |
| SHA512 | e488eaa99ed3d1afbacfeeeb8550648a58b5e5aa1f50aff38faed42e7cedbcb66f80e4d7d2173f53771f18765d889335764fdaa8d98b8703022cb9653fdcfaf9 |
C:\Users\Admin\AppData\Local\Temp\WgoO.exe
| MD5 | 107aea234504e17a099fc4792588af61 |
| SHA1 | 035bb933d4c63c69c151404f635df3ede6c28abc |
| SHA256 | 282c9788dda97ef131626a71c216e79c7e579abb2b8dccdde76a5dbd6d89d54e |
| SHA512 | 36084e0f0b821969687ca721ed4fea16c9d2026520a8e09c50d6d8aa3e046b4d7ed0a28d223eae4a548eb8d5d73587d2541db9e72c16054a22a281d82c9285df |
memory/3644-1953-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CUIm.exe
| MD5 | 34a6b8ce582ad96dafd7019792496050 |
| SHA1 | 58a075e4b10655f8338728aa9068de4e94a0ef34 |
| SHA256 | f24049293549cc24adf53f267ace1b381e6aaf17a839ee48e02fa2512f9072e1 |
| SHA512 | 3a34e79c9fb3abd5238cbc06315df93780ab1fdc77fea4b92b9ad11573ce26f2086a5a10bfd422fa14e839d5ffff9c9f3ed5e2b2c5e7a549296ed9f1a4ed0ca2 |
C:\Users\Admin\AppData\Local\Temp\OQQY.exe
| MD5 | e92c4f9d8d21f46de6741aa5a6d29104 |
| SHA1 | 7b3192792cae09a3c7c47c687e0e62b4f28a2ab9 |
| SHA256 | c4f594519530aefd47ed005d7e07e52fd554afd81435902d049ed5e53c9409a5 |
| SHA512 | a4a02c38afd6fd2d563eaa4fded4421f216d2867d3dc7b321f7349143a785c9e5c578e22f6d99d4bf689f2f208e1c0ee0f9e3a7303e8a59cab5317636ab2ac4f |
C:\Users\Admin\AppData\Local\Temp\KIoC.exe
| MD5 | bc83166e1d2ff0e018b57dfcd2bbc083 |
| SHA1 | 1803d53a602a5be8c6732c13ee2e37c65e85dd00 |
| SHA256 | 586f8e425331b3964aeb7f685304e8f8ac9091d46ca4f0b6c5024eb55a583d2b |
| SHA512 | 78621d016dec1d672596df9cd7ec6fcd3ac2befd3e84f924706cbcb2a579743fe8ef04bb63b6f5d8b2369d3b0b180d745251d18b5c73194d77ad648980ccc62a |
memory/1204-1989-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\mkYY.ico
| MD5 | 7c132d99dba688b1140f4fc32383b6f4 |
| SHA1 | 10e032edd1fdaf75133584bd874ab94f9e3708f4 |
| SHA256 | 991cf545088a00dd8a9710a6825444a4b045f3c1bf75822aeff058f2f37d9191 |
| SHA512 | 4d00fa636f0e8218a3b590180d33d71587b4683b0b26cd98600dcb39261e87946e2d7bdcfbcd5d2a5f4c50a4c05cd8cf8ac90071ecd80e5e0f3230674320d71c |
C:\Users\Admin\AppData\Local\Temp\MQUI.exe
| MD5 | 7ff5ca8a866786f2c4f2bda8d88eb8c2 |
| SHA1 | f1e04f40311208e8860e4f681643e9b06d3284d6 |
| SHA256 | 90f6d15e42972b55597b7671543b4262a4dffba2c0790119f7c1bee3cb17ecc2 |
| SHA512 | d02bf34db72ceb7fffb0ab5fab813526c42e7a089b7a3950ead6ea81b62603287c66b33390925eb014b54871dc143b409f21f4c3dd06155031d9963c9ff786ea |
memory/4608-2004-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kMAM.exe
| MD5 | 8386aa3b7b5beccd4e6e7eaa407bee23 |
| SHA1 | f12d5691c398de6a8906400aeb33b0ac953c2032 |
| SHA256 | a6b9708e574ed5952fa8480ed680bba1eb9d2d8f490339f399d4914317b22cbe |
| SHA512 | 934607267bcf560fc6b8d3f81670b78be3da254949d7f85eb3915ec15217688e7d8f8df8541696f78286801f488c620e1556bdcb5d56732e7d44deb5ab78ad5e |
C:\Users\Admin\AppData\Local\Temp\iUgy.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Temp\asYQ.exe
| MD5 | 34d5ef1eecedb9fa689f140789a9c8c6 |
| SHA1 | f8fba23d9402d5cb77d25e49c06d3f4b3403da06 |
| SHA256 | afd1b23c8bb41c4134711df31448ce7a2c1ab01f0c47914b9b68206af97ca26a |
| SHA512 | 36ba74ca7e1539feb241c6c2a372b93e26c6308713d4ac2d5eb0e9d4b59eddcf99ff1eaea98b4b15b5f4c9691f9eeaf9bbeb2c4630232c291138870e16f8fcab |
C:\Users\Admin\AppData\Local\Temp\OIcW.exe
| MD5 | 906c553a253172e7798b8bd18c5cd02f |
| SHA1 | e7fdbbf626196ed3227d90f6f4eb4befddd95336 |
| SHA256 | 3d79683504485c0df852556ae09a4e5277974ada57b9b2fcf5f46af6a779deab |
| SHA512 | dfcf336da0036589dbd6c6a698d29a1af855ffd89d803340c346d2deff9e1a49cc4983f367a5694a88a75db7cc55febf1159eefb6520ee89806930f6a4b481f6 |
C:\Users\Admin\AppData\Local\Temp\WwIW.exe
| MD5 | 582c6c8a5efce334ff05cd684d2e96ad |
| SHA1 | 2291502ae70b6be5a23125b71bbbee5f95c5414b |
| SHA256 | 32484fb3584ca78b75c4ec5d17884bd334794f0fc9fd6c4149b82a1ca55cff6a |
| SHA512 | 46b31586d2b192096824193cfd9067b6b21e4c28aecc5ea3d0d9b59a9b26f4d593983578a82ede4da36e1ce4c34565ed9419e28898530e1893206a9b3c2c21e1 |
C:\Users\Admin\Music\OptimizeUnprotect.bmp.exe
| MD5 | 3c3ffe2ca6ffb713f8ae1e108fac7b1e |
| SHA1 | e4e7b62924f6cd52ba61e15e7e2de78de5dc54c7 |
| SHA256 | 57f45b8467da775258f8beae34470703c47fcf7322f9ddc4ac43e4d09bdf4826 |
| SHA512 | ab1e76ff29a5473c08ea9ac2f71749af0d5a9977fd87f979e4a5d71f178e91fc69f03966a527487d89af7a24245f350e3c233731e19d3bcd4ff4dc75e6bcf963 |
C:\Users\Admin\AppData\Local\Temp\UosW.exe
| MD5 | e58104ad0035fb11214f21ba11b6578b |
| SHA1 | 1198ea30f01a4866f1eb579f71ca6f3b0f121d5b |
| SHA256 | cf24a049c550807c8abfc652b46473316e055749c83cc349c0a543140a1becdb |
| SHA512 | 50b262fc58a34118865bb35c87d9bb157154b9243f4369fed7e63fa97a271d9672d0ba7520d1d77015d520a38006217d13c1cf1ae4af1a8216d2c40778f6d4f4 |
C:\Users\Admin\AppData\Local\Temp\EcMC.exe
| MD5 | 8ca6c4696d30144741837532ba46eb82 |
| SHA1 | 6b7b720393f5b7dad0c2ac732f4cc5b0d4f8e6af |
| SHA256 | 0216a92843edb1970193f8966fc852aab14e4da72a63c4008280bec9a6b004bc |
| SHA512 | e1a2f6e2f6b773ea55b90274da92f3ef3dba46c31528fda07d3c13b3642dfca77e9531f558a089b422226f89cdb392e653687b3260b14689d8c1691ff10654d7 |
C:\Users\Admin\AppData\Local\Temp\GMII.exe
| MD5 | d7f27e038d85150828168dcddf0de3d4 |
| SHA1 | ad2e7078aa1ae69980ea1fbdb5e5333b7a8595c5 |
| SHA256 | 9503d08730d8cbed663b1be2e9a048369b9fde9bcdac1342836e2a4c75bc8de8 |
| SHA512 | 2145da2cf9e59c51d0c3ffa0ec927e12a12d78f1499d9e48b0120e48de0f0ce551478aa37c810f305b8960d6d8e8ba79adaca50393760d7dab4a01e06d445b84 |
C:\Users\Admin\AppData\Local\Temp\yYMI.exe
| MD5 | 120633f4e11c3456b4f7b297984640c4 |
| SHA1 | 4cd3302a25b42674beea5051fad8a7d244594956 |
| SHA256 | d326e3d69ff1afd385d127bfc26b7565c89de304e984d97ebefa7e012a417e12 |
| SHA512 | beb5fde7acab8bf6d9452dd299923652fe4bc3e47501709af58bb3d2ace93f9e00d25b8b38a5c073f03f71a82d32e4022c5628c52669bc0f9eac0222c4c507b9 |
C:\Users\Admin\AppData\Local\Temp\cAIu.ico
| MD5 | 7ebb1c3b3f5ee39434e36aeb4c07ee8b |
| SHA1 | 7b4e7562e3a12b37862e0d5ecf94581ec130658f |
| SHA256 | be3e79875f3e84bab8ed51f6028b198f5e8472c60dcedf757af2e1bdf2aa5742 |
| SHA512 | 2f69ae3d746a4ae770c5dd1722fba7c3f88a799cc005dd86990fd1b2238896ac2f5c06e02bd23304c31e54309183c2a7cb5cbab4b51890ab1cefee5d13556af6 |
C:\Users\Admin\AppData\Local\Temp\QUom.exe
| MD5 | c6e3cd1f01809c3bc7415291a3e3fb99 |
| SHA1 | 46b16a706e74753f58cfe4adfafb32eed7746484 |
| SHA256 | d22efd60bfe7f2d4192fc14609ee5eab0a2a70e8e38dd577ef9101c246240629 |
| SHA512 | 2467a3d6c70d6f297923f49782820b2d6480483402e74ffdf06f68b2ffb71324607b60f04f83c5776694ae4d883ee58e34b2001ea29189d9e76a1b877ce2aee5 |
C:\Users\Admin\AppData\Local\Temp\AYsG.exe
| MD5 | 095bb1bd5563443e5838c149ba74e632 |
| SHA1 | 48dade04e89da4161989519166fda3c44d112a31 |
| SHA256 | 807453a4c1443a38a8189461a23e532fa519e3ea82d9eb2692939fc5117cd872 |
| SHA512 | 2421b0a6fd8f6c7b1d6bbfde40dd2474dc316f5d43a3aa4f98c59cff50e8b7a674f95df0b9dad0aa37f17eef9249a96506521cff406308f5fee81b01870a3d0b |
C:\Users\Admin\AppData\Local\Temp\GgQm.exe
| MD5 | b0d9523fa9947fb3eccf3c30a49f67d0 |
| SHA1 | 6a33c55c8324e113a08d67ef049efe04893f3102 |
| SHA256 | df46051fb64655d2ecae296d28bec587d5cfc7d9761a04e525e8685f745a26f6 |
| SHA512 | 6d9a9a34c7a164943da123c719640538dee009726d2a1f4c1a5c318e8af21312276958924bf2c4ab375afa58d66f59aafdb9203dd501c242042386fa063c35f9 |
C:\Users\Admin\AppData\Local\Temp\EsEI.ico
| MD5 | ace522945d3d0ff3b6d96abef56e1427 |
| SHA1 | d71140c9657fd1b0d6e4ab8484b6cfe544616201 |
| SHA256 | daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd |
| SHA512 | 8e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e |
C:\Users\Admin\AppData\Local\Temp\oIkC.exe
| MD5 | 362db0b9e7c97dcc6c0ec00f05a59e17 |
| SHA1 | bdb6806bb1d87adb336466f29573ea90c54a37a6 |
| SHA256 | f0696477dac2c9ef2cc877db14cd26c98b27cbf06e7feb07d7528dc07ced8a19 |
| SHA512 | 699cb6ff3f434d490ea33f32a972ee4a01522d1413bdf1f9f3bfe7d10374f95d2144daf3ee31d91df629580d901cfa8c7250e4be19ea5a4f3ac14fa8655e470a |
C:\Users\Admin\AppData\Local\Temp\GgMQ.exe
| MD5 | 619021ea937e0b5a3f2d4456a612272f |
| SHA1 | 7d1c2a93c3a76fb18b8245460f89d1e914cffbe0 |
| SHA256 | a9523a2a6d0220e81f920cdf9e91e650d4b3f26ddb99737437b0e6cceb08192d |
| SHA512 | cf3ba438e146e0148fbdb8c12262547ecd284fe1785b99508bb0b33a7d14373722f7be4d595f792713d75f6a36ad18981efd903a60ac99099718a02197242c7b |
C:\Users\Admin\AppData\Local\Temp\MMkc.exe
| MD5 | 17a61214fa47c4cbcfea4599b2d5c01f |
| SHA1 | 16a1e92baaf02a53799728971e55615cfb3b7fa2 |
| SHA256 | 0f6205c8f76b0a3c7471dc73bbf4116c14276d6d9e9635d1b2391903a0ca7588 |
| SHA512 | 3aabc8bb7048e2e0f1f48d51b0cb937c00c668f17a24d5baeffeb52e244d88291fa67f70a901dbf62ff39307809047e68acf330f1ffd009b74ac3cdd11f13ea2 |
C:\Users\Admin\AppData\Local\Temp\YcQe.exe
| MD5 | 7b0c1668efbf74d535d7cc8ff6a79ef1 |
| SHA1 | 2aba4adf2d0e6e18860d493584a82769238818cf |
| SHA256 | 5c832ee6755c46af48a0fb68281ee4c33fa072b9a01c8e5d0aabf1fef1c39c6b |
| SHA512 | a47a29afe68d85d817919045e479a9ea52cb54001a6af658f1d3c1b7eedb75430919dc2eaefc17698c34194fb7c311adf79a2d3726c9b51b8c25210ac1f92043 |
C:\Users\Admin\AppData\Local\Temp\aQcY.exe
| MD5 | d6125337a0299fa138f0dfe856e38245 |
| SHA1 | b8f8d7b538b9123dee7d30affdddc4bc53913c03 |
| SHA256 | 06f7d0a50ae183e3d12b680652969ea95b3c4a8123e45caa03ed471ea14cc245 |
| SHA512 | 8159cad86b0933399dc622b59ead9aa4cd266b933211f77c60c925d552ddb1ee74a8b516582b6b4b89ea8f90bcd66c8bf683c34d55cd14e1d1858cf396c19e54 |
C:\Users\Admin\AppData\Local\Temp\qQcS.exe
| MD5 | d811c32d21ddb0f48b0804138c8f94f4 |
| SHA1 | be512bda4ee88e3198f647618d1269c56a298010 |
| SHA256 | 06313bc54559bcfbc9a6011aa85269373b602901b660516f404a24a4046f4c6c |
| SHA512 | cd1a55c616c620920909b92a8d900d3c3bde2d2ba45b2d3c326eca2b9d47deafba40b5969c9ce563af7b3169dc69f015834d973fbf6555c340076dfefb2486a0 |
C:\Users\Admin\AppData\Local\Temp\YcIC.exe
| MD5 | f4ed3be2b46cadf862e6493c93242a70 |
| SHA1 | 4ba29fd0e1737b2d8d11eddcc50024b7d06f082c |
| SHA256 | 798f84ad201b33a720011971ab525806c8945fde2ed6e1564034109e199b70be |
| SHA512 | bbd6f8ab2701a826ca00a851d22bf704454a089f8b9669926844415f25303aca0d8109c2e5c37a42da425ff513a1dba856dacbe6195eb9c74ff2bd32d8098245 |
C:\Users\Admin\AppData\Local\Temp\Acgk.exe
| MD5 | b107661787d8d52837444f948dee1ff9 |
| SHA1 | a3f38a412b9fd7067927dc19d30f7c7e898742d5 |
| SHA256 | 5af8f51b4356c78639a78d15d1ef9b3fb83daee78d5e4a61ffed0a20b5a0d663 |
| SHA512 | 9bba88aecc46851f79e5543d583327964316f4c46f60a698a6415715b72cf7d3ff3e31851a9e1193e7bba3b3e09ef870decc196dd4d7e03d0e10fb295c0cb36c |
C:\Users\Admin\AppData\Local\Temp\YIUs.exe
| MD5 | eca4ef64d179f20db0be4f8a917a6df6 |
| SHA1 | fba4c06e0e93e6a6e388d62632f37f920303e758 |
| SHA256 | 315865cb0a3ef55658472ba3d5ac823779dbf957d8885565bd20fbd18132355b |
| SHA512 | 06644cef58e167be921307f85f9b49fded08ac7d4b6d9f076f37fe8dd000da086661a5f888598914c66d1e7c722ed227dce842ca5cff99d8b609e26ad18688de |
C:\Users\Admin\AppData\Local\Temp\GgwE.exe
| MD5 | 9fa19d159f328af07fe4ecd92b8b8c2e |
| SHA1 | 2926c6ff454918e61922ace61177b75611c3ac5b |
| SHA256 | 0a0081575e97eed5314577772e28d9c648f61ddd6aea7f0dcbee9446d74dd912 |
| SHA512 | eb6b57ed580501294ea6598f3cf3db03de17e2c253263be8a13317a53cc31ff14a7e8ad6bbda326fd05425ae7b77a95dac7c16ee772593e90162fbdb171c83cb |