Analysis Overview
SHA256
edc6d589a66d3457c04eb7e5ec5d4ded396a78417a81fa307abc434306d709e4
Threat Level: Known bad
The file 2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock was found to be: Known bad.
Malicious Activity Summary
Modifies visibility of file extensions in Explorer
UAC bypass
Renames multiple (87) files with added filename extension
Executes dropped EXE
Reads user/profile data of web browsers
Checks computer location settings
Loads dropped DLL
Adds Run key to start application
Drops file in System32 directory
Unsigned PE
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies registry key
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-10-26 04:25
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-26 04:25
Reported
2024-10-26 04:28
Platform
win7-20240903-en
Max time kernel
150s
Max time network
118s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\GYsYQMgI\LYoYIgkg.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\GYsYQMgI\LYoYIgkg.exe | N/A |
| N/A | N/A | C:\ProgramData\ZEEkIUEw\MwkEwYMo.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Run\LYoYIgkg.exe = "C:\\Users\\Admin\\GYsYQMgI\\LYoYIgkg.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\MwkEwYMo.exe = "C:\\ProgramData\\ZEEkIUEw\\MwkEwYMo.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Run\LYoYIgkg.exe = "C:\\Users\\Admin\\GYsYQMgI\\LYoYIgkg.exe" | C:\Users\Admin\GYsYQMgI\LYoYIgkg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\MwkEwYMo.exe = "C:\\ProgramData\\ZEEkIUEw\\MwkEwYMo.exe" | C:\ProgramData\ZEEkIUEw\MwkEwYMo.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\GYsYQMgI\LYoYIgkg.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe"
C:\Users\Admin\GYsYQMgI\LYoYIgkg.exe
"C:\Users\Admin\GYsYQMgI\LYoYIgkg.exe"
C:\ProgramData\ZEEkIUEw\MwkEwYMo.exe
"C:\ProgramData\ZEEkIUEw\MwkEwYMo.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\dgAMkMIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RmUEMksw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xOIAgIAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XqwMwogY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\COYMwcYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MOsYEoQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sEgAcMcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oaMkYAUs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\YMEooUIk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XWAEAIQM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\XMwwYskw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FkAsgocI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jmYMQUYI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qkoIwccQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ycsYAEsg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MckYocIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QMQYkYAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mQskEcgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\HEYwsswI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JcEMIIcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hisoMkcc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RkEYUwME.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gWMcEAYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\iIAYMAAc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\QOYckEkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\qYogIYwE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FycwIosI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\DwksIAcY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jqQwUwIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\LmgQIcgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\osMkccsM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\EwsUIsow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\sOgYkYoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\JaUoEkMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\xQowYMww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2089044808624891229-101608699522611638-5065813581524281281278221420-1041939983"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PCoscAsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RyAQMMko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\PwswUooI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\uUsgcQsc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1706217001-410527333-115893158-1208604595137520514-961840061-1894422437976166444"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MkUUsUII.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ASAAckoU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\CIMsAEQc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-7682095171800466318-86348262-1490769997-917876612-1443762089-312032531672737632"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2047394265172089962275746143890913207-1303681359286561942124493825374613304"
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tiAQcIUk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\bYkQgkAU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\foAIEMIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\ogwMMIww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\OMcsEscw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cyQUEQYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-6922323511963032092711334643-176801489113260018943092825951848929-270080740"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\mOwEEMcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "555359331928007242-15361886448232186821160271609-712150563813248503-1923581963"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KqcIwUwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\jmYAQYoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\RkIYEUAs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "880484740-999056844629051268-3943819707454871871634564016-1813183613-93027008"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\rIQwIUAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "699658129-1317269949-506264212350837382-834346933-86376069114514688651761173995"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WuUkAgEg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-156901242434308679-991843576-1478371928-1160923810-1759679295137454970277770413"
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1827022792752768908-917765500-70104922-1840492179-363942183-909441982-872109985"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oQgEkUIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aCIcAYcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1629975553181318446-961041315-6012566591143947397-540051193-159979291729362708"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\osIQsAcs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fYkckAUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\FwskocMY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\nMQMAAIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lCcoEIsE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
Network
| Country | Destination | Domain | Proto |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 172.217.16.238:80 | google.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 172.217.16.238:80 | google.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp |
Files
memory/2980-0-0x0000000000400000-0x0000000000420000-memory.dmp
\Users\Admin\GYsYQMgI\LYoYIgkg.exe
| MD5 | abfe50060b3d9a17b8ea5396db2aeb6a |
| SHA1 | d783f0817f48da32c5d3ee7d5bbc0971ba394471 |
| SHA256 | 66df5ca881cbbc62c9121a18343b5d6260453b156e033ede57a5f9793cd6ddc2 |
| SHA512 | 1c7df668058d5e8463533e9aede7755f7b8002dbc6eeea1fb72a344292bfc221c5869f069d6ff09c6d2a84275d6463ca508490ffc12b020a30252b2490926262 |
memory/2980-5-0x0000000001BF0000-0x0000000001C0D000-memory.dmp
\ProgramData\ZEEkIUEw\MwkEwYMo.exe
| MD5 | 1f2c1f536d027950876668986d7dfc7a |
| SHA1 | 590ffab3eb7ec8d299dc829f3df4c2d25cebb6b3 |
| SHA256 | b342b204a66fb7b07a38f0a49fb60da2820253a8e81f46864edf249ae27a6e6a |
| SHA512 | 34290c30bb7ba5ccae8a7e03ef3c425ff9ba2dc9cacc7080449e64fb27753b6c257cd830ac0011f3f4a5615fee426c129a50d2bf04ee2cce397cd832fb1e2a91 |
memory/2716-29-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2980-28-0x0000000001BF0000-0x0000000001C0D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\VsQcIcMM.bat
| MD5 | 4d9b7f3258ca69f2840010d659eba999 |
| SHA1 | fbdbd005d36d579748ac451e61eab7ca9d95de7e |
| SHA256 | 9a6e8d36d69e2056860c35f5632e633e2bd14cb9f94c80b82fd34b60567bcf43 |
| SHA512 | a955d595c6ea2ff89b03d8e9a91ab8c0caa48408559c631a64627414612aad4104ecee065b5b5dddfd6ebb95faa5b59d024bf9d56536ae5a7620254d096c1308 |
memory/2668-30-0x0000000000280000-0x00000000002A0000-memory.dmp
memory/2668-31-0x0000000000280000-0x00000000002A0000-memory.dmp
memory/2980-40-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\dgAMkMIE.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\jOYgYcEQ.bat
| MD5 | 348fd3d97c3ce553267c54dbbbfe69e8 |
| SHA1 | f42095c9e7692eb19e52a87a8d542c7d87a8fb0a |
| SHA256 | 218fc24a303b789805277fcdfa427d4e79c7f9eb6cb9e806fc28f50cdaf00a26 |
| SHA512 | f05f5eb569bbf0609fcab1a7bbd40b45ab5db1e55141223910111bcc64b9543e3f9322703df65a045b8dd83dcd0df44afe039e9ef1e3bf1a2b28d13a63a157a3 |
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
| MD5 | d7ee4543371744836d520e0ce24a9ee6 |
| SHA1 | a6cda6aac3e480b269b9da2bd616bdb4d6fa87f0 |
| SHA256 | 98817a572430813ca4ca2787dab20573f7864c5168ac6912f34d14b49e7bd7c9 |
| SHA512 | e15b6a50d9d498918a81488bf8d60860027f9a38f4d87e239f1c6e9d20fe4938e75861dad35c69e4087370c18b2cd5b482ab6ca694dfe205d053f1d303d17808 |
memory/2828-53-0x0000000000270000-0x0000000000290000-memory.dmp
memory/2852-55-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2828-54-0x0000000000270000-0x0000000000290000-memory.dmp
memory/2764-64-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\paYoEgsA.bat
| MD5 | 45b98d325ca5df369950a2132b7432cd |
| SHA1 | 1e91513526945c6ae184f3d02b975f1b0709515a |
| SHA256 | 581990fa87986fff2e5f717d2d1ee8e537a423d0092e64c20be7987e14000b5d |
| SHA512 | 3b8cfa0e4342e2a1ca207706c18c883e251f904f34b6ae5a8dfeee7f32cdc950e4461bc7df467fd548143bf93eb44858ed21ea7cf46cee3759891348b4705c40 |
memory/1452-77-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2852-86-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\XcEMgskw.bat
| MD5 | 3f5207a99d4180bf851e16708af084f4 |
| SHA1 | b9ff2f78006ea8887aa47f1245a9513c95a1367d |
| SHA256 | 8d71fad2fcc20902e7287d47f887f0fe4d53d6ea011cf207d3ac852f3658df60 |
| SHA512 | 9526e30d68894fb8682cfc2ebb092499968b2ae2be83cda29d401f8f7222f16dafbf91b3d349d60ae4197f346fe3e765e87bc4cee7c2376f2f0f63028664872a |
memory/1048-100-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2344-99-0x00000000000F0000-0x0000000000110000-memory.dmp
memory/1452-109-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\omwAsAsY.bat
| MD5 | 54e742992a444b3f393e65d919b3d43c |
| SHA1 | 1922396e7af92691c3eb0efe7a2c11d89656e165 |
| SHA256 | 7e3cc382309a6f7c6cefe1188c071f68b7f354a243963c3e8ffe1335bccf94ba |
| SHA512 | 5a7f51165b49918103364fb740fc763085c2d4a15558b4bb86724f5434400ee1c9168bf4066b7be15d8809ced9ec94cb990b125b53561ed8c8e1b0f3752fe2bc |
memory/1556-123-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2204-122-0x0000000000160000-0x0000000000180000-memory.dmp
memory/1048-132-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\UIYkQIYk.bat
| MD5 | 8139fc1369789b7a4593321422a39ba5 |
| SHA1 | fe4925f1afb6c4ac02eea4ed5ebdbec636dff604 |
| SHA256 | 8c3a23848f76ae554b47ddd51c35d3f42917b9d68761bb041aea11ed5e58df5c |
| SHA512 | 6fa15a9cc15a35e47acfc7efa0190d1896751169b24e558cae377077dc068a51f36f5bfd33a48e1e59ef2ff831b100a45c631f702035fe728ad4ac36b2413471 |
memory/2168-145-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2168-146-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1604-148-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1556-156-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AeIkcUYo.bat
| MD5 | 85ba2878c05047a79a81efa02573b369 |
| SHA1 | 91d24312c2f840a37ebc94719c071d17841a6a9a |
| SHA256 | 9366b5af3a4245c15e165d1f3e4ea938d716fb98696d3c8932096ef038a21cb4 |
| SHA512 | 3eb24d759cbcfd26cf730bfca73c64cda510844c8032ec8570ef04dfd68cea76310fe658262130a56e5c4c25597c7c7efde8af978b4eccb7ee1278ac5ac40101 |
memory/2960-169-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1604-178-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qcMwkggE.bat
| MD5 | aff8fdd0632bf07210dbbcb623bbc0b4 |
| SHA1 | 4bfeb07ce5b50ad6ed441920bf4a38677b683d76 |
| SHA256 | 217c10e86e450d289f2538bcda5cb2ac9f8004e4547bec933828c9f6624a76ce |
| SHA512 | 2f396ff7f0a32e30a48f3b48d14c95f58852a16c261229dfc254540beac4e25ed01cbf9677d244a6d33f07c358b34b1ba6b3dbfd526ffcb201d8e1d8f56ccf60 |
memory/264-193-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2972-192-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2972-191-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2960-202-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\UwYsQgMU.bat
| MD5 | ff67a1152603eb247d22fc3df270d581 |
| SHA1 | 737b0d8c67abcd835e006d6dccb4257756271ac9 |
| SHA256 | 3e9b62a1dfd7f557a999088b1f8b973db39f48f40863f7265b05f53fd5595995 |
| SHA512 | e5866841c77d553358f6f428e0a6df33088b4450fdb5968addfb5ab4daff9c98010d94ed77ed35d680c701ccdffef7c0dbf785aa8075b92fa595adc7c1266947 |
memory/2908-216-0x00000000000F0000-0x0000000000110000-memory.dmp
memory/2908-215-0x00000000000F0000-0x0000000000110000-memory.dmp
memory/264-225-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\hCAgAoQs.bat
| MD5 | cfb48d7d38ba053a34073e9d9d522025 |
| SHA1 | 80857c9330c96aaa002992ed4feb72dda9aa232a |
| SHA256 | 57d2821c1489f86626fd5b3b4be46dea457c826949539de9ccb928dcf40f0ee3 |
| SHA512 | 9b9ff8ec29f96ef330ff9cc9a6560ebb275dd04f923224b8c502032a1ff960f1299dbda82ba0824c660ddbad08f469396bc785a97e9e7babf734a45c751d18ca |
memory/444-239-0x0000000000400000-0x0000000000420000-memory.dmp
memory/444-238-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3068-248-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jcAkIQgA.bat
| MD5 | 6cd8c0381a08c955912235c4c1d9d1f0 |
| SHA1 | 74ca65f69e9975af12765f3ce5738c6e79cdf6ac |
| SHA256 | bbf88966c93ebbf2834436e9714fced1fe71df43d601e285a7a257271823fbb7 |
| SHA512 | ee1c7c5fcea984c25808c1ee7eeb0f8d4adb1c7ef9e37b3f773b418d85b9c32b006be13a359370d3a2ec4a7976bea7d48c4d820ad906f04012b31f5484203eec |
memory/308-262-0x00000000002F0000-0x0000000000310000-memory.dmp
memory/308-261-0x00000000002F0000-0x0000000000310000-memory.dmp
memory/1856-263-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1504-272-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\HiAkEAQw.bat
| MD5 | acd91723cf33db5d931573b20a29c9c7 |
| SHA1 | 65934ee6bb13b6dc5944a46bb97824969ab7d1d1 |
| SHA256 | f4032f8c721206ac5cae99dfef7a464237e4f9bb56d14801ab0a2137b50910f4 |
| SHA512 | 29786989df8502dd153fdf5a8a9b698c17ed19742f4ea4786d43a28e2ed4a4e7db672870b61dc1b1aa8f89b5f0ee3e90ab9bc7acbd023488aee2a65ec828997f |
memory/1712-287-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3060-286-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3060-285-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1856-296-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\JuIwwUkU.bat
| MD5 | 937cb6b18aac11105a54a02d30cd5449 |
| SHA1 | 4cf000e2b8b5d90fbe08a3b4beb211ceff16f0c6 |
| SHA256 | 10033414238884c4a5ffc96b10796a8cd9149e835e33f2b42980b112925a6f89 |
| SHA512 | 8bf3f2383fdf1d9c62aaacbd18719e91e0b15628377f90f753cca38625a4d5038d93cba69b5b8f4b876af50d292dc7ce1b0b6e806ab96df13cd3cea00e246613 |
memory/2756-311-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2820-310-0x0000000000270000-0x0000000000290000-memory.dmp
memory/2820-309-0x0000000000270000-0x0000000000290000-memory.dmp
memory/1712-320-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IqcUEIQM.bat
| MD5 | fdcfcce922e2acf18dfaf5da5683c809 |
| SHA1 | da965aea2def2d36570a4231d61c77b17a37d359 |
| SHA256 | 5d1138b766692be0cebf0e2e5abc8455634aceac60e7702f2eb9e574d15044e4 |
| SHA512 | 15c898e39e097126c8c78678ef17eba49059089966319f973d635ac1850f737abf1014b030305a32285b1ea5839051b57143a4c1f9aca9ce733d9e23fbc43285 |
memory/2220-335-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1296-334-0x00000000000F0000-0x0000000000110000-memory.dmp
memory/1296-333-0x00000000000F0000-0x0000000000110000-memory.dmp
memory/2756-344-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\wgMggkMk.bat
| MD5 | 8f78da1f0b4f7d774af0aa0108920a85 |
| SHA1 | 2c9843dd519e9095bb8103b48ce57386f02f26b2 |
| SHA256 | 03e9c72cd957b931ff82ddff2b8c4585ce6124596a9c40aab367978e39499dc6 |
| SHA512 | 1bb4c8261f7e20f00a6192efae6d69b9c9764db654ffea98655a444af77df915064a815c8dc7e0f2133478a3c88800d106071bafc20efa931cf0e16e09bfc799 |
memory/2272-359-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2116-358-0x00000000000F0000-0x0000000000110000-memory.dmp
memory/2116-357-0x00000000000F0000-0x0000000000110000-memory.dmp
memory/2220-368-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\amsYAgoU.bat
| MD5 | 61b2d5839bf2b16ff5dc18727e56ac68 |
| SHA1 | a3081c024cf72edd238b806b2fe18c7a01aa61d0 |
| SHA256 | d58b1e053643fc38727f9de122aa2bce2fe419dcd09187df2b721d80fcff2947 |
| SHA512 | 8d93977108dd8e963cdcc746a9d67059f7b0d82a9d0c1c7d8daeb7207080d7840a7f1f4c52299bee048b86f366dd695e0c36b37ec72a1e7cbd35cd73d8f3bae2 |
memory/572-383-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2284-382-0x0000000000130000-0x0000000000150000-memory.dmp
memory/2284-381-0x0000000000130000-0x0000000000150000-memory.dmp
memory/2272-392-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cYoUMkEI.bat
| MD5 | 043bef02fe06a3c464ad1aaec3d7e970 |
| SHA1 | 371adf21df1b71ffc2d8006ba71891b1838bd05e |
| SHA256 | 3621033e6ff4a6e0b833bcb51136d6d7e86305cee52b4dda346a61bc22e4f31c |
| SHA512 | 2266fc5da453364160db02f5cd652caf4847d095a02c5545c32ce0132a9c0d10aebe7bb9788db3a436ba62d9d29715eb58fa5632aa8285a13197fa08e3a5e4c0 |
memory/2360-406-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2092-405-0x00000000001F0000-0x0000000000210000-memory.dmp
memory/572-415-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EwMcEoAc.bat
| MD5 | 87873def5754637eb9bf18663db05db1 |
| SHA1 | abc41894e1cdbb090358aea80fae39744b29b64c |
| SHA256 | 2bf5ca0077d8c6eb0c225140d82ae21ec9aeacedab0a62ad182a3c4a2d5b2f72 |
| SHA512 | 4f291d3b0cef8ba70d96c10917abcc299896b784344b6302f6358eb4030a35b0511d722cc9caf7b1b6c2a276ec1b0c63c09966687e366395736f35cfd5a5f4d2 |
memory/2640-430-0x0000000000400000-0x0000000000420000-memory.dmp
memory/704-429-0x0000000000400000-0x0000000000420000-memory.dmp
memory/704-428-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2360-439-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rikkksEg.bat
| MD5 | 0449f0635f582d3b32fd327b474b53f7 |
| SHA1 | 5d52016923d612bf11177af105ceafa17c46d2ca |
| SHA256 | f46f87513acf0f427866d4be335db976f5bc64b40e05a68a395648f747b2086f |
| SHA512 | 09c3753efe6c751e37c29f1807a62630e2f0df74a0d0aa9df27eb557fe4aadd126180fb64dfdb66943c28d43711c58f5de64e39a12aebb7c59c66dce6db8d806 |
memory/480-452-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2596-451-0x00000000000B0000-0x00000000000D0000-memory.dmp
memory/2640-461-0x0000000000400000-0x0000000000420000-memory.dmp
\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe
| MD5 | 9d10f99a6712e28f8acd5641e3a7ea6b |
| SHA1 | 835e982347db919a681ba12f3891f62152e50f0d |
| SHA256 | 70964a0ed9011ea94044e15fa77edd9cf535cc79ed8e03a3721ff007e69595cc |
| SHA512 | 2141ee5c07aa3e038360013e3f40969e248bed05022d161b992df61f21934c5574ed9d3094ffd5245f5afd84815b24f80bda30055cf4d374f9c6254e842f6bd5 |
\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe
| MD5 | 4d92f518527353c0db88a70fddcfd390 |
| SHA1 | c4baffc19e7d1f0e0ebf73bab86a491c1d152f98 |
| SHA256 | 97e6f3fc1a9163f10b6502509d55bf75ee893967fb35f318954797e8ab4d4d9c |
| SHA512 | 05a8136ccc45ef73cd5c70ee0ef204d9d2b48b950e938494b6d1a61dfba37527c9600382321d1c031dc74e4cf3e16f001ae0f8cd64d76d765f5509ce8dc76452 |
C:\Users\Admin\AppData\Local\Temp\KwIi.exe
| MD5 | 3405a562714b5d407a7b77510b338ad6 |
| SHA1 | e8167bbe2bdd4ded6128e725f71bca2dda736077 |
| SHA256 | d88fe887e704fa51caf4042865afead01f3f08e12174a6bd1827d0de4d7815cf |
| SHA512 | 6dc470ae9fbee3f92e20d8d28e3b105fbb324b150cc743fea521e5a05ea1db3f363b70c79ba37931c661e942283980bc058a4a0a729b1dbb01b9f6a0508d7a3a |
C:\Users\Admin\AppData\Local\Temp\NAsgswUQ.bat
| MD5 | 80db7e3bf2f02c87c045824ec6e7f305 |
| SHA1 | e491952d23d5b53fad7cff4cdbe0e88b93a1181c |
| SHA256 | e5b28337ba88e6818edeed23de90394142ffaac22029ec80f64bc10eefc25cb8 |
| SHA512 | 47e8c7005a7262d11c8464b4b7c0f493fdfe90b7759c9d839f00dd045f50e59e039c182b8ec80765ab05f5905c57181b3fadad03197e1b37e30611ca78cdb16f |
memory/1812-490-0x0000000000170000-0x0000000000190000-memory.dmp
memory/1828-491-0x0000000000400000-0x0000000000420000-memory.dmp
memory/480-500-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Mkgi.exe
| MD5 | 568f6098ae35f52460c3c52a4d28e433 |
| SHA1 | 80049300795e3a3e5272618ef2180e29425e11a3 |
| SHA256 | e1ea6bc12ad742fadbaa2553495d9f0c5bc6fe680fb9e2ebf67e526e186f3571 |
| SHA512 | 2c98235b8a63ce4ba7f4df6f967caaeffb3956e16d7f2ec89e48a67ccb791f768944875f6a863f3597beda71d33b5320d92fb3bebbdd2850a81cff7231599019 |
C:\Users\Admin\AppData\Local\Temp\cMMo.exe
| MD5 | a8c5a3bbddeb9d68393fa329f8f2f900 |
| SHA1 | 62d4543cc2a021ed55b399a572c4fe0c793611e0 |
| SHA256 | ddc8ab1dfdad3bb2c2ddf86837475f6f343a80ebc3b280ebccd869b2540047e9 |
| SHA512 | 5d23b87261ae1b79f3525f58b023bbe762e4756c41f376ba83724d41c21633b3a84d38fa6c164d02d65e35f4e37fd68d18fddb8e367d63af9022923fd2c95097 |
C:\Users\Admin\AppData\Local\Temp\MMUY.ico
| MD5 | 47a169535b738bd50344df196735e258 |
| SHA1 | 23b4c8041b83f0374554191d543fdce6890f4723 |
| SHA256 | ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf |
| SHA512 | ca3038a82fda005a44ca22469801925ea1b75ef7229017844960c94f9169195f0db640e4d2c382e3d1c14a1cea9b6cc594ff09bd8da14fc30303a0e8588b52a7 |
C:\Users\Admin\AppData\Local\Temp\cYgU.exe
| MD5 | 69760fa8a4d9385a12fac37d15952c6c |
| SHA1 | aed9f78f10b8cf2e9c1fa40135e28a2e421cbb75 |
| SHA256 | 4ad80198c229b61df56f4acc4b3714c1da35e57f05d4c57e01039945db3838f5 |
| SHA512 | fc4443c5f297c3f6842d77543047f9109ee60981ebf6eab58ed9803ab8cc96e6c1fd514570d4a967782320f06e635a3c5098ea5c07709ee0f15d57ce88dd18b9 |
C:\Users\Admin\AppData\Local\Temp\BmsowAwc.bat
| MD5 | 0398b1722ad41355ca80201c8e8cdfb3 |
| SHA1 | 830b3dd0ee3535d538e204982eb4212319534be3 |
| SHA256 | ff692f616ba46fa268707c94c1f6e050c81e7ab9d09093d0902c06940c71e4e2 |
| SHA512 | e86e65e7199347eba84715ece958e82a430df8a64cf8ef24bc7d6fe90c07cf7c8b45106df74602449481dcb212cbf54e77c1a02915a14ef1a69a83bf36a4082e |
memory/1864-549-0x0000000000160000-0x0000000000180000-memory.dmp
memory/1828-558-0x0000000000400000-0x0000000000420000-memory.dmp
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe
| MD5 | cddc277b9483d6e043fe9a0b3f61716b |
| SHA1 | 9f21bfda1f8e5294e0c417acc3c4d9555a8367ee |
| SHA256 | 7998bebf5597da05d7e6ae6e5ba58e5f77f8e64aaceb2467f990983b33100460 |
| SHA512 | d7a7d812564822aafa5eee44e0c80e64fdf4964d454797ae3a03f9c5afbde30c12473b67782358ae4ba490f12f3f5c9b6cc0b1291e8cfa3a6bfd5f174c562cfe |
C:\Users\Admin\AppData\Local\Temp\Akgu.exe
| MD5 | 1ef9b41ff245856d645ce6c14749ec5a |
| SHA1 | dec0d375ca1a7bca70bea6c4466be4bdb80f36fb |
| SHA256 | a8e211d53d06892b6345cd50ed9f4d663fa7b637f75cee2490bb616d1c4e7f5c |
| SHA512 | 26282772c846e6a27b1624ac7380d3900525c34d34b39328bd0ac5f203d1f2e8bc9b375946b74451df60c8cca1d3ea022939e046b05f8c99ebf30b904eb4f83f |
C:\Users\Admin\AppData\Local\Temp\POQUUsgE.bat
| MD5 | 1030de0807eb637afbd1c4fcdd027b9b |
| SHA1 | 462444f57788b44d55283520aa0fe93ca4860440 |
| SHA256 | 66fa1a135d4e50b0e30ed13ba1246b3bdbc9f731f446f00ef3b16dadaf7d5eab |
| SHA512 | 38cab0a6103daccb4375bd2035503d13188f39b2e20625bce32f53c1753eef852ef0814e2343a33bbeed911ad0454b871072a41e67a402e5594262fc9f012c04 |
memory/2600-621-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2796-620-0x0000000000260000-0x0000000000280000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GgoA.exe
| MD5 | 91fd70770ec32e56a164440a619d2fea |
| SHA1 | 4d3b9dbb168182e2912749499eac9fe442edef08 |
| SHA256 | 498e00886872f95769f2b484b16956e09ad5a3a7daae671a9985ad43d7965bd1 |
| SHA512 | 69571e884adbc839b2f9fbbedff1e17971acea32882d618cfd11de588f114edf4b18003cf588ab7e52d91b47ead5aa86590a62d394487758ca5bbf42e043d9f3 |
memory/2796-619-0x0000000000260000-0x0000000000280000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kAcu.exe
| MD5 | dae0fa24c3336dd1c112a7375aca25d7 |
| SHA1 | 3868ac1e179d57169bd90c533f8150538f38be13 |
| SHA256 | 23f956de4a193f0699b08050478d32d3c491413154b7d093a502c41f5ce5c3db |
| SHA512 | c39b2b99515394289535ab40f564b1136113e1b34eb90a61ec80a0e2cfdf6f1014be2578a3874ffd3394ea9314ab6a1d9d0e0880ea7390257fa6810eee69f2d1 |
memory/2368-643-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\aEAS.exe
| MD5 | a6bf77dcee5066939020ed7b72a0ca8d |
| SHA1 | ededd1d128882e18e0fd66762599d4e621925107 |
| SHA256 | b61e6f2806d6f8b4cd522455236c982070d7b60fb3da7ecefd1b6a7eae2f0450 |
| SHA512 | 12e70d30f311255337a4c615be35065f6ceb0e64c09ce982bd32505c5c0d8007662b1aa22365d6a8e35000373f5dfb92e225af99b54ec911d1c9279384e800b8 |
C:\Users\Admin\AppData\Local\Temp\YsIY.exe
| MD5 | aa85ebb17a280461d4961ca745836ac3 |
| SHA1 | 8505ab135c42a516245ef4910d6b0534674383ed |
| SHA256 | f1777301cdcecd294b18482df5843308de04ad60173b4e58d9054bf7f8a61516 |
| SHA512 | 3f1b342bd1528e72105debb57d4dc951b592715c8b26413bbbbbaa542945471454fc92e08b4c8087cbd211dd34401e4c6c5124c6e45444c15d439e6909b2e71d |
C:\Users\Admin\AppData\Local\Temp\KcMw.exe
| MD5 | bf3b537e88eec3e4673c9cab46a2399e |
| SHA1 | 7d8bc947d9e8a2ced304895fd2124adcdb54ee0a |
| SHA256 | 12e0f3ba7ff8ea5c4feae97b4af63ee8234aeba9655e85d8b0d86fef65f5a97a |
| SHA512 | d8e3ddbe557a2cee9a0bc37d72d879d0b36662f151f772ea911574bf5185073d96623b1a85ddaa0c5d79efe3cca9fe2f87b7d08d54eca6ad2ee8011e36901e50 |
C:\Users\Admin\AppData\Local\Temp\mSwAEEoM.bat
| MD5 | bab9f021dbfa2624c701b50f12f841a1 |
| SHA1 | c0ab357709ffa5a41e332e0ba2d2c5e6d6fa40f7 |
| SHA256 | 6b529bf01c1061a9be692eec5c9f5a30f8b1d372a204601b8a3b1f34df73ec73 |
| SHA512 | e86fdf748669b42aeec0aacdf44e8d65ca2fcc467a60ae249b94e2b5b5b7c74482ef812c3d00dba7e9828b58a5ee6efcfdfcd16bd294c848633a3e818bfcf10d |
memory/2128-692-0x0000000000120000-0x0000000000140000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GsQE.exe
| MD5 | f342402eec397e418a7c2e3ccbc70f21 |
| SHA1 | 0f027c8c566b43035cfc7703a8dcfd00ae8e9341 |
| SHA256 | 00d93d776f3574b46b27769b67160a2f62213a483bcc22ffb5ddc22d5830d6af |
| SHA512 | c7f30288200d093f547f394881a49f1bb78d68a2a2e466f5d72e0277364c8ba141dca7e89ea711c3c06a3c6f68939c588e25edb91a3b3834a83dcea0b2a0e4b0 |
memory/2600-715-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2128-693-0x0000000000120000-0x0000000000140000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kMYc.exe
| MD5 | 5b2ec19588169905efe629e26d6de9de |
| SHA1 | 2489d1bc54a3d80460f6cfb69a578024799461ce |
| SHA256 | 0d9467983d47bd26353aa20b8ee8b945da7f633c68357944a8a93c6a8f8aa746 |
| SHA512 | 4b9b67b05b23044f6f4e43e7da19039a19c3d0180dd3e8e4fe291328297daa969dfb2053fd72c04a74994776d98f7fbf464ff049cd3162946823b24645c3935b |
C:\Users\Admin\AppData\Local\Temp\YIIs.exe
| MD5 | e48a7d8be3cea22568fd63ad59707c64 |
| SHA1 | 3972305279c1beb161eaaa92710acbf157197ae3 |
| SHA256 | b86b96e6f2acdeb02b310193683d0a24eba65846eb75abf3ae30cd0bb1169602 |
| SHA512 | 44709085d81aad0de0f2cb47eae976c866e80916aa5539218f23a95c10dc87952b027a3e0a6ebc90875012b2c9db5257c507f90e5c4e20c48c15a598e1844a06 |
C:\Users\Admin\AppData\Local\Temp\KcYe.exe
| MD5 | 86397c6faae0c54b59f0375d4a6deb2e |
| SHA1 | be9f0241549a0b0df6bad00267630cb7ff30351b |
| SHA256 | c393b4a2caae99b6da0042ba57cc005cebee33918bd8b3406f20a9aa02e80ee9 |
| SHA512 | 44e5364d9fb1badc480b388470fd199ccc88a50e04186f1fa47c7e864d00d0d3c7b3b12eb776a062290113e9ab22d03026e5bcc0be186c2f9b88348d76d8e268 |
C:\Users\Admin\AppData\Local\Temp\sIgc.exe
| MD5 | 5d6edbf1735f6a860082aebca6553048 |
| SHA1 | 70a3761cf4ba0032b591348a557eab02874280c3 |
| SHA256 | c74342f7c15937b266f8d5dc7eaf9525885ba712049a71914c9aceef3f5ce7c4 |
| SHA512 | a434452e4a1d90ebb2ed13a5aac5ea7cce02fa4aa2a68ab16a20b696bfa9e999e5df0105b7a0b0c05f9d3af6d3b0e98c7fecccdd0e4c3732558d1345a88962bd |
C:\Users\Admin\AppData\Local\Temp\owUgsswU.bat
| MD5 | 889b7524fab6adda52cec07ec1fd26f6 |
| SHA1 | 5efca5dd1fc098fd64ff539e402179f3c4ad9895 |
| SHA256 | 7e9cdc576e5bcaa8f1825a82553ecad274c7035aa54b252601bd9b5ec3bb9cd4 |
| SHA512 | 3d836a3612ae227b237314bb877a2b4d2a6fcacb2cc7e01eaa3ac518155df6b2d0bc2baeba9cda4802d34b2a71522b1ffeac4742ea4e51fcd6f83590065677c4 |
memory/956-779-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2900-778-0x00000000000B0000-0x00000000000D0000-memory.dmp
memory/2900-777-0x00000000000B0000-0x00000000000D0000-memory.dmp
memory/3056-788-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IYcq.exe
| MD5 | 56089e9b10668cf1b4fedb3987d71ec8 |
| SHA1 | 4e0de3723637728a63ae60b9d22c4b68fed97661 |
| SHA256 | e1bda394f13d7779e4c151e90281a322e2cdee3883f0e158d704590361450fb9 |
| SHA512 | 9696ae72b23766ecce0a950bdec609902eae68223fea017a70fd4d306754fc3a029a49deeb1bd1bba6217315e87c0e00f7d02312ed6cdafaee7b6fa83a63fa7d |
C:\Users\Admin\AppData\Local\Temp\uwcw.exe
| MD5 | 1c457ed803dc2312cb2cf0b2dc3cd526 |
| SHA1 | c5cb0c0b81cd09b36d94c4be3fcd8baa1ea24664 |
| SHA256 | ce8830fb5a6068f5a85ef770c272312044e2e00cbc16b6ad065209aa7afacf66 |
| SHA512 | 22809e3e9c5a2ebcc9984ad2f2691a0edbf269da9dd282686c268cc1939ebfb416ec15dc565880a53f5106fa6ecfe5e10ad3f8e9f4658442b106899d4f31b79b |
C:\Users\Admin\AppData\Local\Temp\kQAG.exe
| MD5 | 7021f4147ae3b5ddd45a16d907db32b9 |
| SHA1 | f0d92980e61d8fb1b200a826622db0e326f984c0 |
| SHA256 | e52ddaca753f1e0a336bacfbe294ca37820dd876bcb036378463de975032a291 |
| SHA512 | ee1b0774e379a371b0b02fb48a5c095239798253c281029d12674e1e0c83e3e9193d48e6fa394ce656faf816e4d3da04cb850cfe2bab1cae9a8de22fbd22a43b |
C:\Users\Admin\AppData\Local\Temp\wMgq.exe
| MD5 | e8b494688cb75c0af61236b069c81c6a |
| SHA1 | 58314574b2f898c2fb68bb2eff8c076a6d794019 |
| SHA256 | cefbe886f3f0ab66095aeb7c998d382717245653d96043d0426c3cadad8b03a1 |
| SHA512 | 7c0205bf888ed305169498e5ad82256c0aaffc3b8a85bf7bade7f17dec7be885b57a3bc033c7e83947053f98daf8faaef6de291952b41f97480ef019182c20d9 |
C:\Users\Admin\AppData\Local\Temp\awEkwEAE.bat
| MD5 | 1bd659554880aefb596bd5f6230630f6 |
| SHA1 | d5baf7910b5ccac5a7d3c85cca9bf0d9495a3659 |
| SHA256 | b59889e0ccd1495b9a851601ce60e5ea4a94b0401ee1b7aba2a355e8012d257c |
| SHA512 | feb11eadbd8f29b0227d7798a406481d10bd6c21440853d1f29a856b8e2ccad89d5ca5d8d38673d31dbe5758f21b45af35d2bfebaa51cb2cb2845aee93b11f55 |
memory/2624-877-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\esUk.exe
| MD5 | 6c9d902abc7de63bd07cc7e12f7d0de2 |
| SHA1 | 1e4f2187cb7cd21d1087d222bb90c3a258904bce |
| SHA256 | 13c5d8f73998ceefa428021b2b31149f631c313d1fc683bb9192a4fec932b5c0 |
| SHA512 | 9c67e2cc84525bbba17afef5e379e95ed80b4fbd985dc9688314e3acf6ea595a0f344662b4a1029e2ffc05976dcea1d89a7707bbb1e7e885f92663bbe662f355 |
memory/1744-863-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1744-862-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kYEA.exe
| MD5 | f8703e606912b49e07c4bb72de671a73 |
| SHA1 | f35256ab501f875b35cc74fdb8ffe1da699c4ca7 |
| SHA256 | bd3eb51d62d2ae8625b9bb7787159451320222bdf97658eaeca0f01404f6a41a |
| SHA512 | 4091259dc9c0fe5d60751fb09acddf1f04beeeef039cced9ff23d481c41fcbfcfa9e8639193bcac42bf9b14e7076f630fb034886854f0885c7ab84d52d2e45e6 |
memory/956-899-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\agog.exe
| MD5 | 38311a6eb453630254f6607a62470ac0 |
| SHA1 | e8d36fef7094efc2ced7eb517d7ef07d5978717f |
| SHA256 | 8d6f67ec301c8e9c6d67389c9cad3e2b8aee664e8d1e7566d246203c7cb1f556 |
| SHA512 | 209abb602439ab252c38f902164c20fb5f62382540643f35daf1cb213af3b6e51c72f97c8bb3b281f8bb464739234450c706fe66589459639c2ab0cc6a535f46 |
C:\Users\Admin\AppData\Local\Temp\WgsG.exe
| MD5 | 631e403e698391d4f0d2b5742799393e |
| SHA1 | b39243d25d61e4e66a08e9ddeb771f9c367f3edf |
| SHA256 | f810740d10448edd238824a565c950df3af4ea6f20580a0c2ddd08ae453d2c65 |
| SHA512 | dbd68ad2508ad4e9610fe40e2592a157a7d42ef40ccad38678e247bc276309df202b2111f52c7ec841836d447dcf2ce61dd49d21e5d2327a98c5f4eca8113d13 |
C:\Users\Admin\AppData\Local\Temp\mKEYsEIc.bat
| MD5 | 635ac9aa3390bb0c34e8153275be2e7d |
| SHA1 | 76ba63bf297eca40e429a9b5c63c0424af04b3d2 |
| SHA256 | b2c117fbae8dc3f60ff689b4ee154145521d2c8496477bb164693a3ee737a662 |
| SHA512 | 35129e0b72b8a9b10c27324689275c885e9b12079e238736669a43bb669b23526a4104439b878316a51c771794fddcf2a23e2540e130dcefa908829d9b1ec91a |
memory/932-969-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2624-968-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cQkm.exe
| MD5 | de274d7d2c0b8f95bd03cafa9a0e0277 |
| SHA1 | 9d0239642b4532e8b6aa26bc454a9e2fb68aaa65 |
| SHA256 | 8536124180024d6a53ee96cc75bdb526a8f2b0faff1b0522d99a9b72a759e335 |
| SHA512 | fee7ab30310b070360fecd4b86d452db69c2e3324ebddf6b6bfb582f85ca387687d0b0f2aafc5179db7aa02ada0a6caa151ecac6f26616c7122f731908ff74e9 |
C:\Users\Admin\AppData\Local\Temp\uoUw.exe
| MD5 | 4c4ab99458ced2bc25f76c551c6d7482 |
| SHA1 | 0d1281c22f11567d2faecbf465f673ae0fc7671a |
| SHA256 | 06e74b0db7690b69425101ea4139021397acb184c50969227dddda5753e425af |
| SHA512 | f349c2b3d9cdb4be9026a8ddea059cdeb65d56320b30ffa77e582c1c03c74ac34dda8bae5a6b78b06e1fc9b7428da1a54125576b2dceb14261c2f8a0e1217a4d |
C:\Users\Admin\AppData\Local\Temp\iQQY.exe
| MD5 | 4f4a23bf639f9d03f9878d72bda2c411 |
| SHA1 | 24ed6b51f0055cc8fa80fbaf2a670b021bcd3f08 |
| SHA256 | f24182b1926c4bef19e2412d64813ad80419bcab6f8b741150414a755251686a |
| SHA512 | 6ac9f443da15f2149b24b2b813b5eb19f1d76d9828732a317b46174aa9179e371dea59db19ebb0a524465c62eadb2974b2af3796087153eb24810ba991f95de3 |
C:\Users\Admin\AppData\Local\Temp\IkcI.exe
| MD5 | 2e8e5cb13e5bdbb3cb2ee551d671e75a |
| SHA1 | 2c99d7791ca4f8a221bbd03e1ac2c9bb08776503 |
| SHA256 | b9d84be42aeb485f77f8d06818be14d6b843d870871e4b5240c7f32ed63b0a92 |
| SHA512 | 85438d085c70efbcf82d180eb2fa925e75203dc9b9049997ef27ebb8ef24a6c9a70120280b9490ed4c2c7debfea770c1c5f71c04afd39388f6c26a55dce845be |
C:\Users\Admin\AppData\Local\Temp\UYkU.exe
| MD5 | b47deda3919e0c0b99fc46a4f0a7bdae |
| SHA1 | 2ca12293583b1b22325ff8ab21a16daa007be4f4 |
| SHA256 | 0c81b7ebfb216aa5f6fb5a27316624c3b8955ecf730fb94f12c76974b6a845d8 |
| SHA512 | 412bc86821636d74d153520801ef89e701707a3a6d2599e4ca6e3b7607f917f73258cd93ac379ba146ada4c2da5c3891984369b3b08f2af0080bb316f8d59902 |
C:\Users\Admin\AppData\Local\Temp\bwowwwkg.bat
| MD5 | a2a83356eeb91a81115f87fe31baff37 |
| SHA1 | fdb38c9d84a548e435d963fdedc26914e61d1476 |
| SHA256 | 15cc1e5643c305177083295ad7096e43dceea50a0e8d95587cb91298cb56ff51 |
| SHA512 | 90b41e032bef3c1a9d4557e13e825ca3d1248a60242711f729ea0774311ce7bad52cb103bea9bac789f9933df98894c5f23661513d6a9220989432491cdfdb47 |
C:\Users\Admin\AppData\Local\Temp\egce.exe
| MD5 | 2477404c5b80428a0c28b9a0bbf72640 |
| SHA1 | f6baf30ead855700056220cece053e3efd6e514b |
| SHA256 | 5125e3c739e23713be567cfa1113ae8d1d57abffad367e8f54e20aa9ca1e6e95 |
| SHA512 | a8075197d97eeda2135f7e9396fbe0f76be658d508f1fb2eab9957b852f833fd59ab8e1ae81181d37de36c024c53315b47c23d1d688646f048e9b626be1cdd32 |
memory/308-1045-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3024-1044-0x00000000000B0000-0x00000000000D0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MAYy.exe
| MD5 | 6197218d36fbaddd243e0fafa3b2b4c4 |
| SHA1 | 7932c3e1a2c9094bc4a7da5d62576d77b3e956c0 |
| SHA256 | a146c38a7aa1620b5ad6873270d096372e462559848ca460400f89fad76a44ab |
| SHA512 | f281eab84494fda81fc20f12b181eaa1d33f402bf0def21d379a58215898bea4c95bef47df4e67dfaf84014c5a84e82c21403b1591c27f7de97a702aa5c4c11c |
memory/932-1076-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\YIIQ.exe
| MD5 | 82d5d4a9a798d59dc2691d47e7f11d81 |
| SHA1 | effe0ee4602362dd278572b0dc9b5c3a3e4b5477 |
| SHA256 | 2b0ae9f538ec7becd389a8389d380f7618648c1c0e7550a7b978979f73baee1e |
| SHA512 | f5f73a84ec9ce0f38aab4989048b38052e4c0918aeb040397f7791cc8b02e247b4c8253b3db5568f5bed36fa238b123defd599bd08cacbf8a5a375a6455ad630 |
C:\Users\Admin\AppData\Local\Temp\KEoc.exe
| MD5 | 2397253d88fdb445a88fa19d5563c7ed |
| SHA1 | 3350589d362409b2c590bc968c4b19d37884e312 |
| SHA256 | 7bfa8eff74de2ebd2de15c14021f31592a8b7c478bf318789689e25c135264fc |
| SHA512 | 539694f90daba4c53b751affd45c3575a9a4e2afed59d228dc7b62ff3e40108818807966cc2cd7170326da8ae58d02a6405c0de9a2f4537aaab6511df916276f |
C:\Users\Admin\AppData\Local\Temp\iEgC.exe
| MD5 | 13cb9edda8df380229d695ab55bf67f3 |
| SHA1 | 27439aaab53cd61e92a3d96509d278712e05c5f8 |
| SHA256 | 1314e53e5b1261f5bbe39d86c9f80b08c2bfe40dd7c5dce8cc3a2c45058706fb |
| SHA512 | a73367bea3c87c7ec157cc7a02cec83dfeb7573ba0bdcc1d27ccdf52a22ae4c7d1e3fbba233f853f372611056df663c87dc84c3a902992692d7991e6e15e08a2 |
C:\Users\Admin\AppData\Local\Temp\EMIS.exe
| MD5 | 63b3fbecf76c12f374c39b93a77eeace |
| SHA1 | 1ea4fc88a5e6781b37f5e8f50ae3479cd0e0b3c5 |
| SHA256 | 509b6c69ad5f8001e2cddcd9c4106ba2fd844fde905bc9177b3f69409ce2df1c |
| SHA512 | 0edf1c31eebf3481e2819e0c9835c09a32131ca78ca11ff2382e7744c689a51e86be82fe13422c76486da85bcd3afa2d5fed70edd9ee3f9325bd5afb615686f0 |
C:\Users\Admin\AppData\Local\Temp\UYIs.exe
| MD5 | 9e069bdbdbd1ee618848c1a9ebc83ebe |
| SHA1 | 35fa22979cd133f0088f984d031033386a1d27dd |
| SHA256 | f1a719b675c072ea6b8de7c438ab9efe796dac024052b9091f370fc866304f90 |
| SHA512 | 786c56d29ebd146fe16c72905f1338c7d6dddfa1a0deeeeef38404dd9c190dcd8c7db2c694b84f1b9027df35e35b2b46569c81aa1f9370466fcd2e4f18e749f9 |
C:\Users\Admin\AppData\Local\Temp\iIwM.exe
| MD5 | 80f0713e3fe54ebd036c14fb441c4ef1 |
| SHA1 | 21062ca7ba0fae1f5e369b64fb1ec0db7ebe540c |
| SHA256 | db88a808a670fc009b64afdb4091f4a018bef91a931b5c2925ee8a45d5b6f5cc |
| SHA512 | 93b78ad61db2745fcae14b846b662624bf9b4e518b701af91e8622bf77e768796912b4a71ee0613ab8e9843424f5a1ef6d533638cafc9efe2b81d5c4e955870a |
C:\Users\Admin\AppData\Local\Temp\IkMo.exe
| MD5 | cff7275a37f78a2b842eafb1ed61103a |
| SHA1 | b499aa8dde4921251f0b53a56f2e4ed552286b0e |
| SHA256 | 3ee68585e895fb1bdc79142a1b01ecd1b0e02b2d342bb6f4e4d5f4bcc8add88c |
| SHA512 | 41f003714bd5befc12352f4f6fe13ed93a70f277aebf8a8a7de2e45b3f7dbcf8868881a91f92b30b759a307233ec5c3f23be0f3372521d3bf1fce3ab738ff1bc |
C:\Users\Admin\AppData\Local\Temp\JQgUQYcs.bat
| MD5 | d321148f7714c04d55d6b462eb76352d |
| SHA1 | 57f56aad54fcb8c4fb45cf0e9cc8b5473358597f |
| SHA256 | 7c1fb94ab9a9912ad22d8943caf1dc23c1c5949edcb5a1123f9e1806ad74eaf2 |
| SHA512 | 15fad6131512c7a8884da86aa83de5aaee837400982e6fdbf44b586689c762fdb0ff37bec3ad503d79f10fa492e557805469083b5c6f2be648f9813c242453ef |
memory/2508-1182-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2508-1181-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MgMa.exe
| MD5 | 0a09813fad819aff43fae040c9f23d14 |
| SHA1 | 789bd62598c686c4b90c060e1809eb3aa2757e70 |
| SHA256 | 32dec941b622be7f723af80759d7389d093a7b36ff6da89983e82b9092a20dfb |
| SHA512 | 712df4cb40676a123f78b677814831d90a7f16219431d92518df5bf262b4ece9316b81cd60427f70879509f577c0d9881cbfd77b84d287a7aad108c7642548b2 |
C:\Users\Admin\AppData\Local\Temp\sEsY.exe
| MD5 | ed57a326b286254ed8ba6c37da703a45 |
| SHA1 | ff0e782fa771bb95a9bb444ddeabfb1b70bb7ced |
| SHA256 | 4db44d4670ec6c89f015a2109fd161879d18bba433df608bf23271d04fcef41a |
| SHA512 | 86ead42b979476a5f1878ecfc4d2dfe8a2dfeb9645d4bb2c6f52533795da02b33c0dd65beb176abf6ae0c2bbdbc7f4aa74791df2ac7fe33fc415d043e41b989b |
C:\Users\Admin\AppData\Local\Temp\SgYQ.exe
| MD5 | 09edef0dd2ce9f412e986b4786816520 |
| SHA1 | 874ae6dd3a5d50d4e4887d4041367176e8b88f00 |
| SHA256 | 428186f97c60d643b4d104c925e931e6bddf2a032227ed3e6441f3de0475f994 |
| SHA512 | 384d25011c9b1ca4592567cec701cee4d2ec45a73db7a36fe1ef49dbc626edb950b9c91c8f7caf2e61a4d76314c1e73d86b81867821b89a65dfd2c574a945ccd |
C:\Users\Admin\AppData\Local\Temp\EsIS.exe
| MD5 | 06c7a220142f4c08ab88818d7bad945f |
| SHA1 | 1989fadfe28b478e2107f37de6bf2730d6335298 |
| SHA256 | f883017b49850f3eb6cf7025aac9862ff4e19f2872b1dff70344383029632d8e |
| SHA512 | a4b6c5aad177c7fe0f7d0214e547a0044a2aa020ce39ff4c6a545f4ece2ae63fd398e8e756f39bc4cdc1abf0be04e2a611322528fabc9272eb6ea76d7ea16d35 |
C:\Users\Admin\AppData\Local\Temp\uIQM.exe
| MD5 | cc2de67ae695c2a4cd007affcb337e62 |
| SHA1 | 133278140807eba9badf823d958bcb07a39e01b1 |
| SHA256 | 986e235d6f0896d7b633d61e7a36d4114ac725087d26488e62dddb6bb60f3d26 |
| SHA512 | 8d61a3f5ac243f4e45a4d4cfbce9cf72a3b31e87fc150a734304649485b8001a80ad3ac6bc24cda35807633216ac79b311781dd8790f3cbc9d8d202e86e6db06 |
C:\Users\Admin\AppData\Local\Temp\YkQS.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\Users\Admin\AppData\Local\Temp\wckQ.exe
| MD5 | 1f21378a5084d0892e04aa9843621ef0 |
| SHA1 | c3324760d358bc13c34febffc0fb4b880c72a963 |
| SHA256 | 651c8c91d5a3db433caede03f10a9b1eff523cc5a8decb5a81935474d3c81c45 |
| SHA512 | 131fb6da91caa22c92a3b797ae784c8b6d2ff7851cab9d38d5ccef891ec5fdc0110bd9bbe76e7712c7501d92b453361acfa871dba823d0f81cff488aab239b0e |
C:\Users\Admin\AppData\Local\Temp\ZqEcIEcE.bat
| MD5 | 8213b2749333fe4b77e7a194f88e8abf |
| SHA1 | aec7daf53add1d38d21527dcbee272ede3762cc4 |
| SHA256 | 2b1f199e380cacb48d51786456138e1df5c938bfc83d77bf6e6bea9658dd7b08 |
| SHA512 | 570c306fbb73f78e31e972c3bb68a6f4ef62a2e30564748470bbc19dd83e892b29acd53a344d971b97b0e3e5dccada0285626d4a17cc8452a0ca7d7cd12989d3 |
C:\Users\Admin\AppData\Local\Temp\Qgoc.exe
| MD5 | d68e15aa6ac3cf2e2a0c05a18176e8b7 |
| SHA1 | 186c1f560264f9a4baa2af36fe015559cb2f24c7 |
| SHA256 | 1df1bb197c307c6d42c7c0a42dccfe8a6e3fd2f13f3e5b60dd130afbc84e9f18 |
| SHA512 | 3bfbd67d0370ccbd3a7c5496e31978636c41723d97f3e472f6e31996d038022b1a6a61b5569dfc09d28b79e10237931bb9bf7062ae9ed4e1645ff15a76f93efb |
C:\Users\Admin\AppData\Local\Temp\gYgW.exe
| MD5 | 222dd3b2e38eb3c270e29a2ad83f3301 |
| SHA1 | 9d47bb0910450af7ce2b533e1c24e75f87618b07 |
| SHA256 | b75d218bebf824b516e9c1760edf47e17d71291b18a34455e7752e154b2a393b |
| SHA512 | aa8b99155e53fd429c51e3eafa840d904b59d4db1b0564e466965b1524e8184d82fd748bc1597b56ec93b223d14242710ca419d4b9a19ac3b6f0a4c81d6a3866 |
C:\Users\Admin\AppData\Local\Temp\ggUs.exe
| MD5 | b1fb25518cfc02bd6fd954bd0ec80661 |
| SHA1 | 03f54afa10ae21e7c1d8be396bc29816da0420bc |
| SHA256 | 13a69ede0189cb2199f4aaf3266eb58e588e11634b90135c45625cfe3cc3214d |
| SHA512 | 1fb0d4df882e6792de5aa04d940813477f37270c98efc6694db68cfee618dba5912801135e6ee59d36215babf5f347dfdc25aa3d3f0c41135efa46366b4065d1 |
C:\Users\Admin\AppData\Local\Temp\aAYe.exe
| MD5 | 916f77d99fc9422c37de074bf5443933 |
| SHA1 | a2baf03af1d5864e2a0437f01434057ca30bb78e |
| SHA256 | 69262e0bf1ce497d9874fe0dffe53be068debcac63fe0509be654958c2187b2e |
| SHA512 | 4fa1af6fb6774e4594be27650ab1391640b8321c34a8cccc2e410cf672db1fe8c29e1a6bdc8d5bcfd29e0c78ac77998a265ccc4a09823324dc8879096c0ae069 |
C:\Users\Admin\AppData\Local\Temp\gkwI.exe
| MD5 | 842df6abfbb5883f2d604ca0734a0ad3 |
| SHA1 | b7253680506f9029e62565db2c87d5b82322f5a1 |
| SHA256 | 856b9d3218943aa3f850dd732228912bddd10a1913c3cc0f5d81fa50d81f059a |
| SHA512 | 9c4a9164ab50cfccf528e68cb6c8b8bcf27a152e1519a46518e931504ddcc37f7b68a95ce3850d3fedef32ef9b0a0aad0e48840b5e7ea57df673e12f99845640 |
C:\Users\Admin\AppData\Local\Temp\uMgG.exe
| MD5 | 3e67ddc31648036a043d68b70715cb63 |
| SHA1 | 6af645f50cc5534ae7147ddd925466e2e62cdf3f |
| SHA256 | dc1a006181984a3cfbc261da6330ce86ed1dd06777d98bf98b192dc902941dda |
| SHA512 | dc6642b68137b71d97ad1da988a90cdfa7fbd935a60046d7cc533cfa6d8d9eb0fad384a91046de4f2c13c787fbb7b5a1c4ad518a78745e08876f54f7c6105beb |
C:\Users\Admin\AppData\Local\Temp\NcoUUYYo.bat
| MD5 | 20c28bc97381d28f316d45f384998b2b |
| SHA1 | 2654f78b4a153ada5e603cdbb3c4eb7e4e72c818 |
| SHA256 | bbab8ad3ebde82f08898643e5fc4e63f4e545289fc03e0bb27dad2abbc23c8ea |
| SHA512 | f183a84de5e98a6dd21a1fcc890d0474bfbcd80512016377bc5cb0bf191c165abcdccad1de7328363cc2063cbfa27033064f557368a1a66f4e3db1273b68e94f |
C:\Users\Admin\AppData\Local\Temp\QUAa.exe
| MD5 | 8fad27182dde99a419c4c27d465fde1e |
| SHA1 | 902f592175ddd956c23adeb08684924318fb4e72 |
| SHA256 | 055dcc068b4276e7b51e3331993247d98a137ce076f2fbaa535fdb20627b344e |
| SHA512 | 3ee559902cfa63878f3165c1b2b17ba4535d25bf6818518f8767c5b7d0f8d4de9a6c0bf6639737ff5ac777622854a41d3145744247c06a5894311033defcf8f9 |
C:\Users\Admin\AppData\Local\Temp\Wwki.exe
| MD5 | 126266155615b0d14f9f4a85ef13253f |
| SHA1 | 3f857e13feadc170db0f0c79ee084e88e0e09e1c |
| SHA256 | 0a9e73ebde6d45d757fb3af6be8b96057980613e4e5638ffe17a78681bb922bb |
| SHA512 | d86c32ec658e18573ccdd19fc174e201972cf853e4aca043f2a7a789a0c56c5a223d2ef32186804c2ca3f8026751d2e88d192b80ba450997fc44966105584ee7 |
C:\Users\Admin\AppData\Local\Temp\moAm.exe
| MD5 | e8ee8125d181487a71edd880ccc5b26c |
| SHA1 | 5130d6a3e8c87b87ab0f69ab863edcdd615324d8 |
| SHA256 | a861b7372f061b46a0f3204ac0efab2a70b367030bea11590c98eabf3ce8d91c |
| SHA512 | ba47ae3fbffb3b9572dcfcb84ff29ac37523e9c2e840c83fc58b041fab680127cf8eb60a961f3ca28cd29e930b8ed24dc4dcca901b7443c24088bc59c59626ac |
C:\Users\Admin\AppData\Local\Temp\WwgY.exe
| MD5 | 93a4207eec622e8989ea21af4e1f5d99 |
| SHA1 | c0c2a326b97c1c4aea88e7d3d015a1cba5bde08a |
| SHA256 | a48c21f09635a21262205f3be22dd92b5537cc433b82ed58d239469c6c7cdf75 |
| SHA512 | 443dfbebeee33da25059ae5d8b55ac2e272884b7b3c1c9841468e2c7d77f21313c98792946b30616705fbc6e50d94953691df0a7c6f7c62b2622cc898828123c |
C:\Users\Admin\AppData\Local\Temp\oYoO.exe
| MD5 | 98a42b3344d177d6acb18cd50678d0ab |
| SHA1 | b81881eca2f9abf544f7968bd4ad994c4deeee30 |
| SHA256 | b3c6a439a3a0841a85799479293d0a1cfe369fee65e976176cc1ec25b8780388 |
| SHA512 | b6b8ad70bfb92d01ecd774ed1a179d2e59ca26aaf6812375ea35515495b9952c6de0a68a1bd16227ae7cac554e37e5c71731816c0fc82b9b1b6b3f9c3a14756c |
C:\Users\Admin\AppData\Local\Temp\ocYMEYUA.bat
| MD5 | 135fb81b534cbcaaa5319535985e07f0 |
| SHA1 | e3dda16ba3e8a935d8bf4b48983fa1c4b6d1dd6c |
| SHA256 | fb0c1e88e77e0fd1f6b13ea7046b653ddc905bca7deb06a2276739ecfbfb8788 |
| SHA512 | b9fe1f6ce7c90c17bf197533bd33204cd91a56e3a9ba958e04db09e00f6f96fec7268e3a73e0643b4b2db4d9499b74e0ab5ff6a60afdb14d68e8707b7556dac1 |
C:\Users\Admin\AppData\Local\Temp\iIIE.exe
| MD5 | 6b3919d078d3e1f7c36bc921ba1fde7a |
| SHA1 | f8aae035809a250f795c47183578f27df837cba2 |
| SHA256 | 9705bb58cbd64aab641707d0a68acaf19680b8d1dbe7333ab32174aaafd942c9 |
| SHA512 | 738f978d783e1427bfa566d935092b64689bd0f4165aace87109cf8f85eef60dc6ee172c7836d7496d426adbcc62da601ba062822962b1045c423e7fa90f26a9 |
C:\Users\Admin\AppData\Local\Temp\eYca.exe
| MD5 | 74410423ae241c20dce8593a2f1936c5 |
| SHA1 | f0e568c96a3cdae66f1bda94784afdcf258e40c7 |
| SHA256 | 976e710e42675087af91c761ae11a791dbffe89e0a0cad997012c9f2f7dc86e4 |
| SHA512 | 34c554bd1b3d4e591c2aad81ab0184f7d2fa1feaea635c31738bcbd2d801d0d9aebf9d3aade713e3848242826314103049839fd32cbbb4fc3a7637356aba3e3a |
C:\Users\Admin\AppData\Local\Temp\SskC.exe
| MD5 | 5035d01b6ddd359a6d6b462e02b600e5 |
| SHA1 | 52797bf8255e0c73714415c58a19ff6d4240720b |
| SHA256 | ab3c69382893c76384eda994021f6723b41c8bbfe9275b99d1e7cf854e94d5ff |
| SHA512 | 769d40688f977fc6a43bfba528d435f6481f854080562721120ddb56d8931462cfa76a1a36119692085468c4d257cd10effc79198d090047a9f2c782d5dd0363 |
C:\Users\Admin\AppData\Local\Temp\gAAW.exe
| MD5 | 74c663049c713563b7f8bf8e3860c47b |
| SHA1 | 29034be40c6efa7bc4047471157945fb16fd102e |
| SHA256 | 8f350971631dc408e969a4937db26e51f5cd14a6ae8834ed3f2f0544e2d0ae9e |
| SHA512 | 771d041334e9833d3b2344a5ad5f45203221c35b00fba06d690c253b24737cb1a079ab2f5fa09cdf10e303ce376fa1da70ec63a69a6ba36ebc3739f8a8501532 |
C:\Users\Admin\AppData\Local\Temp\WMwa.exe
| MD5 | 4db08ea0c400192e70640df786338e14 |
| SHA1 | b514a28099ce04efe8045c7c8efe31ad06c0e899 |
| SHA256 | b0ada228fa980937009c2a59502434ae7ff1a5bc3b2411199fc57d5a77fdae6c |
| SHA512 | 9edf2effea3f62cb74a55ad4e9959ab09856147ef69f367dc2b747c2b65cdc0808dde6acf24678e91d8e201fe138ed24aaa3adbfe41d0efd3d4f451f3eb94ee1 |
C:\Users\Admin\AppData\Local\Temp\MmgUkIEI.bat
| MD5 | e0975aa7959f6800775b95cf7b65afee |
| SHA1 | 5cfdc67a10a08fa7490dca7c6e94a943d7e65def |
| SHA256 | 05498c4aec1700a34a080367df7219264567fea13adefaa048352319902bfb1b |
| SHA512 | 7135c035b472c1cbcd06216123edcbdefcd7e045985f576e9b29f3b85f85aa29a587a05b67290e4675d6f22b59874bacdd31e6acd440f1a785ec5ec2b7af7cf3 |
C:\Users\Admin\AppData\Local\Temp\iMEI.ico
| MD5 | 5647ff3b5b2783a651f5b591c0405149 |
| SHA1 | 4af7969d82a8e97cf4e358fa791730892efe952b |
| SHA256 | 590a5b0123fdd03506ad4dd613caeffe4af69d9886e85e46cbde4557a3d2d3db |
| SHA512 | cb4fd29dcd552a1e56c5231e75576359ce3b06b0001debf69b142f5234074c18fd44be2258df79013d4ef4e62890d09522814b3144000f211606eb8a5aee8e5a |
C:\Users\Admin\AppData\Local\Temp\SwQu.exe
| MD5 | 10b71a5547cf49f21e1d5cc249f4a98d |
| SHA1 | b1e7437a90b4fe58b22e679948a0fecc7af988e4 |
| SHA256 | 68cc4899f9cdf3f91a18a01f9064d1a7cb3d1b305645b600bdaf6aaabe1888ad |
| SHA512 | 4547d5a7af4c38c59d93e9c206b6caaf9ddaef4ad1aeb0c9f779bba679c5e06cb748b31864e7768a43769e2521b9462096f57a7ec78f7aaf0ffd372ed3a898c7 |
C:\Users\Admin\AppData\Local\Temp\GkwW.exe
| MD5 | b8a1f86c2faefc14a8cf2d9706730361 |
| SHA1 | b550c041d0f99cd33561613691a28520c017cadb |
| SHA256 | 9afdc60ea13daeb074740f516d537b425a6cbdffabb948f6dd5e012774f1acbe |
| SHA512 | 6f8740ec72509357b16f073acd216ad86db4b9706ee6cdf7ab8930c87bb7751b92c547a878cababbc7827ea8a1c6e509d58d56f6003383fbb102df2afeee143e |
C:\Users\Admin\AppData\Local\Temp\OMUo.exe
| MD5 | c73a8b786bc4aa8c2e906a56181a7092 |
| SHA1 | ba9e923c105b21538f5d517880e0f9e2c336dead |
| SHA256 | 2e885e66d9e77de2c5f319125ed940344519a4e02e473a2740cb19808ceecef5 |
| SHA512 | 65631f20f2b2171018ee8a72609af8cc07d91a17eb2d1b2feacdd33baf12d912838d8a1eeda906609c852f10550bc78e00afdc6c7fa26a92dd3a2f1356280c66 |
C:\Users\Admin\AppData\Local\Temp\CskW.exe
| MD5 | b69feadda3c5c321a17e7a6e86d4fd66 |
| SHA1 | f6b2a947934e964f84159f5592ee184120275289 |
| SHA256 | e581a5a27be293c0bdbaf9ce313a751a808ebdd5f95647bb30cdeb0e1c3d6785 |
| SHA512 | ccfcada0805a7462c28c49bbe30755d078da605982d08b5d63765a16cf4359954b4824354288382127feb4bf6de7d9b25cb7956ec68feb009ecf4564312f16e9 |
C:\Users\Admin\AppData\Local\Temp\UUwUcQME.bat
| MD5 | 2893091eea824bed39d6ae6e255df40a |
| SHA1 | c8dec1e56157f6eff295e78fdf522a3d2a93af7e |
| SHA256 | 65e1f77207bad34cfa19da016ed1173aab8887b2f825677c766e8597f942e1a9 |
| SHA512 | d0f480b750af0c93c0a6b83a073f6db402d9f78505deb609b3e4b5b6f64e9b99e0531fe52d5a8eeb4f7fbd49ef543d1456c839226e5a3b2aa36e4f97573e2e25 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.exe
| MD5 | d82a729684ba7a1ad7d8a016edadce2e |
| SHA1 | 9cf7a7ce9b707c813528158d94201cc3f21690e5 |
| SHA256 | 4b46c2c8ac7f9593535f6ac7f0d00c12f3a2a109149f026ee6d3ab243c7cd0c1 |
| SHA512 | a7d8e6ccbd4ff4c77f22a8a5ecd05046cb3897c4662bf43c2943e8b1760eb038436012bbfd2b3b9705fab1bb8935396ccd9fc978fe0c8566f953416f9e65ea8c |
C:\Users\Admin\AppData\Local\Temp\WoEE.exe
| MD5 | cec4b21fd0dc7f5b5b9064e9cf3acd60 |
| SHA1 | 4906f161a62b4722f530b775e936adb1e91b05f0 |
| SHA256 | 9d4001ace541fe5c8f9e8ef08255ec66096fd74cc54936e1d1275371be7a34e1 |
| SHA512 | db05f3c6b8207a2f20dd8ece57300efd299af73559d3594db18f33226f2db45fad9e39cc008689944461ee010b3cf34cf6fa23d98cc78c098fc05325f791ddb8 |
C:\Users\Admin\AppData\Local\Temp\AAEO.exe
| MD5 | f0b42a1e895a31e42e912fb74fee10d2 |
| SHA1 | 36e2aaf833acd9612a57644cb8bfc04786cb2aca |
| SHA256 | 43edff4c8f531f559df70ead14a98538c5e750de6a522b13b0b0faf822996e36 |
| SHA512 | e114e65c307225c0af0e39566e9f0b425c05f5b9b3d97f35612e20f1a4be046a1926703de8f3bd3cdf3c758ce8b22166dbe69056d4e768edd456d6a15ad32fa0 |
C:\Users\Admin\AppData\Local\Temp\dyYYwcsg.bat
| MD5 | 0ca06e20600096c0f477ccb7121c389d |
| SHA1 | 4dfbe5186a8c78f6949a63c05032a0add283486f |
| SHA256 | ad3b7ebdc60167b189b544d0854bbc682f7e8a22d2da1a28c0bd645d9225e112 |
| SHA512 | 221d9d289d469e4603e3529e7b7a25e15a96cd300e08eb566ab67ac571a95e46d0bdd8dd2b0267521a470e8c1153b3de0fb64738987618b3a0d66b67a376c6c1 |
C:\Users\Admin\AppData\Local\Temp\mMgq.exe
| MD5 | 5988933577f670f017624a419f115012 |
| SHA1 | bdbe132f79bce318703f33c5cad326ec6eaed8b1 |
| SHA256 | 0c8b06bdf1a91b20e14836f1786a22e439a4fd40c51328d1500a82ef92471908 |
| SHA512 | 8675d0be9f6017e0b32bad27b690ea20e46c12ae53c6f2b98b6c69129772814c739dbb4b2b88b4e9f618d646cca3748cda2bc5cd326a5ceaa98fb728b00f7e00 |
C:\Users\Admin\AppData\Local\Temp\MYAO.exe
| MD5 | 43c6d6ab7d55025741d22549e17021bc |
| SHA1 | 6bc67b2bd6b63df511eb5cfb716c61198cce5b4d |
| SHA256 | 38bbc20afd1118248befc45b57aa0a7a7beb98b0aa6b1e653feee2fdfa36e609 |
| SHA512 | 390621282c0626daaad494f928eafb6bd296f8b1f35d4a675ef0bb5a3aded34e1f30e95442d4f82622b9c74ccea9c2411b092fb9c892d9a63f4079cb108999bb |
C:\Users\Admin\AppData\Local\Temp\SYcO.exe
| MD5 | d1b8e4e1e5a04bbde5acb795edc69db5 |
| SHA1 | 79460bc65ec369b74db9326c91cbaab080000fd8 |
| SHA256 | a6695c724f16c7126fb7958ef901c7265deae2afc2708fdf1cfabeb12daabd4c |
| SHA512 | 2fce3f5f102b63ec2d14cbb4bb0d253c9260393038c21bc1f172de470fd70e849e5a3e63f2379f138b543478c341e8bc5e7ad8c3c52fc8e3f9e0f4eafaae8af1 |
C:\Users\Admin\AppData\Local\Temp\HOcAQEYA.bat
| MD5 | 5603988b2c1a42a53d098174213b722c |
| SHA1 | 1198e2791fb7aeb58765def5da6ec7f2a285f5b4 |
| SHA256 | d4581e71790fc6a721bf6428cfb75c6d2d4a4533e879d5bdc3e4b7950162a42d |
| SHA512 | 1483e9b5f3ec67e8be0552dabb29d850a14046705d391dd719926df1c6f48d5378ede1e3062ba60eb01ece762f31710eda02985fc74e81bc7e1371cdfdfd1bc2 |
C:\Users\Admin\AppData\Local\Temp\IYMG.exe
| MD5 | 0583db8855460cecf982232510d6b147 |
| SHA1 | af87986296e7a4bb8c90f7996b69c0b3d809519c |
| SHA256 | 6220008fe0197256dfb7a6223f06d58c8faab13a50b966a8d5e21dd149c35fef |
| SHA512 | f86aa4fc7745ff0db9f7f2ed1f11385b2b24e5c58220e2817550754c8ac1e1db185d88b470e41427a8769ee7e58bac55e2182661f7d8fb6c328a38bc8508ba29 |
C:\Users\Admin\AppData\Local\Temp\SUke.exe
| MD5 | cf1cef666fe309b9afb3e7de35c8b907 |
| SHA1 | 6c8bac659a40c22fae79deec6be6e9c739cc9ae7 |
| SHA256 | 30fe831750aa7b58a5773f50b3110cfe2e2898eac130beb3cbaf4f882c50a3f0 |
| SHA512 | c3571b3d03c18df6e5c9cf24c49b594f142939bdfbb4c776540ad61bf2d2d2f44d02f66c9dade73492874f0fdf7e02cdf51362661044d679e3315b22704648bc |
C:\Users\Admin\AppData\Local\Temp\zCEAUwIM.bat
| MD5 | 352cf243c7360d68809197dfb9cd99b7 |
| SHA1 | 4c7675915ca32d9a2ed49814498b133c5a846dba |
| SHA256 | 94d765f68c46ebb85a8863683117fb4c98d2e0540cbfd75c2ece7bcbb3fcb4bb |
| SHA512 | 573a36bf43b43260db9c333c6ccbb357d43597f6b65359b8c55e231cea5873896bb8fa9d34a0a9b5336a43684f5e448e638502e6ddddebf9f3be2e7973938bce |
C:\Users\Admin\AppData\Local\Temp\Ckok.exe
| MD5 | 607cbc52bd0b44d8b5c3224314ee3ed4 |
| SHA1 | 2658c909107e3c9328ec8815d6b8e862e8a64e7f |
| SHA256 | eb8573c52378123e2644fbf672e3a71fecfe0e5005b6026f5831297e16a00443 |
| SHA512 | 24f1acd5e8680f31da32ef9f3146bbc4082c39fe67eb20b556787fe8d59281ae26d4d7455c622af2738af39b0bac54f5152e2fe319fed468c62a31a5578e6398 |
C:\Users\Admin\AppData\Local\Temp\WwUG.exe
| MD5 | 7a9d68735d14b6585f7b9a4e2858b389 |
| SHA1 | f5cbde754c444a2e23385fad8e0c1eeb5323ab71 |
| SHA256 | c9aa424740ee1fe83c782186c4d109701535f317524bc7b2b03acdb3615594d2 |
| SHA512 | 3cee716fb714c91e25420cb9e42c76775337285145c541a067fd49eaa7d249d548b50a2aac7be173f31790a4484cec5e8cdc8329d9b0ddc9e5886e36874338e5 |
C:\Users\Admin\AppData\Local\Temp\GQoq.exe
| MD5 | 17f3d9f5834e8c148dc7db6d7f6125f0 |
| SHA1 | e29ea7baa7f6fba8cbdb7ea5c2ff495e8e6e4385 |
| SHA256 | eb72e4eed2a6ee432200db194af94c688f93f01604b241dfea80c583a116e210 |
| SHA512 | 9d395edf4327be6006b29d3aa149a11021301cd12363b8573ab172e966e8cd6343fa1ffcf47b70806f0d55605ce5582d2c9f62897312c245f454f70c6443eb2b |
C:\Users\Admin\AppData\Local\Temp\ZeIAYIUw.bat
| MD5 | f739fffc705e83ecb616396b59daefd9 |
| SHA1 | 83367170330045d86a042fb03a1771230a3c9d0f |
| SHA256 | 5826e2e76f3b0fe175b423db6b72929ebff03d5fe0eda215630d9bab860ab88c |
| SHA512 | 15f2c83e3c71a5263c089fc946639473943c921c76a80d81f044232929b253b433697902cd5acfaccbaac042d516c7cf39414f15d6d04478b21cdcf2b488044b |
C:\Users\Admin\AppData\Local\Temp\uYQk.exe
| MD5 | 6fa5dadd175ae5cb70c1043892b44e99 |
| SHA1 | 68e3a700eff72bae1c28e35d4f7b8992bdd6938e |
| SHA256 | ea5827419116c8f0c1906a22ca4c60f60e517aea03ef8dfe82c57a990efd4359 |
| SHA512 | 867ab0915930c085498bac588e9ed857ffd275ab1e00ab0e59f63e0c37d4147ebbaf1ed29fcab02584a54f2aaf26dd3371f2db1d154b8f27654b0d107115bd76 |
C:\Users\Admin\AppData\Local\Temp\oUEK.exe
| MD5 | b8bbe928c7f995d39063872d51272465 |
| SHA1 | 08c05faf4c02cca46f7004c603639c016ba1088a |
| SHA256 | eae69fbc10a3493eec657e52f9b548326199df1a765539f71356b1933a5c7eee |
| SHA512 | 89a02803099123095e36e9aa8026707c054ca68cd3e0130cf4ca8b4e828b246f2cb74b0139b9333f944c50e624bf669c5e227bdeec7f952b36c9b018ff895918 |
C:\Users\Admin\AppData\Local\Temp\FYAcgoYA.bat
| MD5 | 29548a20b8d5d1d5da539bbe0326ed7f |
| SHA1 | 912dd0cac9d3cfa38d8f40c368234457b5930ea3 |
| SHA256 | 2e1d67293d585db034723910f9d0e6d767d84086524d1edadcbe399fcfdb3a72 |
| SHA512 | 9db6e7d4de1e9025dfc5640d039ba3a281af17e36b08774549aa55827f4309e579bc5c0d17e6a9f393746261e1c5e4c067c3323280227db0b4f3f51ab095cc46 |
C:\Users\Admin\AppData\Local\Temp\qIYc.exe
| MD5 | 9ecbdb75e202214b9014ec62f417e87f |
| SHA1 | 8202d5b5b77391480db1a80f5c19dfb8f1dd7702 |
| SHA256 | d9b248460b679c2aa344a5c02898b76b6344fa37ff1a7a6d22217f7db93a013d |
| SHA512 | 8ffc68f5637639d7c64163ca8d13ea8c2b9988ee74f1b73fbcd2d9def0585933ad39c9a70439c2756fbfc3ca680aad19d9a64dc38b46769d8be6b07caa76f147 |
C:\Users\Admin\AppData\Local\Temp\eAMU.exe
| MD5 | b2f69aed2d9942d31f63dad36748b0c4 |
| SHA1 | 5a26c2cd86ad6ad8bcd0c8336e34242eda97aa37 |
| SHA256 | 706ce8e5cbda2fb3568a9fb2e037e7dec2b75b8f108a34c7c6cc090223672226 |
| SHA512 | 32cb911b766f0cb3eb72391ac644d119fb3ee100dc85d2e796f101af1c22c658a2b2843d4f8539fa5beb3a00bf8c4c3e587e94849faead346580b94ff8e12437 |
C:\Users\Admin\AppData\Local\Temp\WkQE.exe
| MD5 | 169174ab8e279068ec8fbdba1a1b5a7a |
| SHA1 | 6042d2bcc5d7b7449c41fbf77c296d7578e460a6 |
| SHA256 | 5437aa8599063eaae45dcd60d1ca0f3f641b160dd044bde91633d662c9700914 |
| SHA512 | f249f23595122e3c14baf044d82338f5ca18f7a57afe3b53ebf152de098f0b65ed08b7f0979d4a541636a4d533d0eaa4a69864678fd6cda1495c73cded8a8bdb |
C:\Users\Admin\AppData\Local\Temp\Okkq.exe
| MD5 | ebded924054baf0f615a7218d7f8588c |
| SHA1 | 21a3b2da8e5ee3ab05785350c966bc6a12825150 |
| SHA256 | de31a8b37c6441e034c95b351063a4560f5d414a8a4ef9b0666cc434ac91bdb6 |
| SHA512 | 1e8f5ae466c3000ea435df37e1be98ff07e8b671bd10c5412fd638800f5c48bee5e8aca27da66747ea9a1d29d48a21665e891927ab0edd3c1870b2d63add9089 |
C:\Users\Admin\AppData\Local\Temp\gGkYYMkI.bat
| MD5 | bf2beaf17ce735f0c60d2b4290dc48fe |
| SHA1 | 1fa38e7c3f53b0323effc82d26257dab7137ee7a |
| SHA256 | 58d8f64e84b4d0884c03fcc2e642beda3a463291be8426fccb86550b5d2ce1ce |
| SHA512 | 9e5ae03fbf1ee0108bd7a6866cd90bf455c8ee84c4e86ac8e6e2185d40c47b3c786c092961f72e07392dbf530b50e42999b3069912ce17031b0538b9f39ae225 |
C:\Users\Admin\AppData\Local\Temp\mgQC.exe
| MD5 | 177e321b727f67fa5f680e9b94fb0c0d |
| SHA1 | d1f6d02706dd2e1e7534e50d51b77b728d3dcd84 |
| SHA256 | 9b7bcc318d396fbaad6297ccff865a73b0ca0d54e945a637a093908f8659d11f |
| SHA512 | fbc271b101023b363f8ba4212db8e49bca5103c8fc0cc9a9c0271b4e4c3aec63cd6abadcee15705e87e92dc41fe43b2b0160ed3d7db2b93232d3bdea2fe9f4cb |
C:\Users\Admin\AppData\Local\Temp\CUEU.exe
| MD5 | 2fb8eda14d7305f0f235c27c527606d5 |
| SHA1 | 811e3f0fb465b794f339d146cdd013d9f9eee63e |
| SHA256 | 08a55ad850b02ddee1241651304dbf4ad586da4695a0a401f31d3b2c529506bc |
| SHA512 | 1b5852d260662c23de79fbdc0c431bc9dedac06f981125e9ec038756d8be24f0e9a122b487d42d449c76ef0a69960aad107667d8a0130263a08bbaa4c5286cfc |
C:\Users\Admin\AppData\Local\Temp\YsMm.exe
| MD5 | 364ed5e0eb319eba1e2b778d89cf34fb |
| SHA1 | a53caabaeb7e062fde594253ce08c1e29761970b |
| SHA256 | 0532f4c9712dd258d0a6082f73adbcadcff3ab72c5712e8247aa02b49b72acdc |
| SHA512 | c97e090422df586a34a6dab678b20219f304daddb6bdd9cfc9dfbb7e2a4a05d6e7fa2a983d7090e92ade8e6e77afce5febe456d22b23c60c92b4a0e3e16a9921 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile26.bmp.exe
| MD5 | 1bea54c8b49d2cc26f1aa21dbf5ccf8e |
| SHA1 | df074627c6db5bb9e35e28b26155a17eaae6bd45 |
| SHA256 | e56d5efc69d6689e25a2307bdc945c52b25402ab251a1270f510e4d4a41295ee |
| SHA512 | 87b78bcff7400f12c40b68493fba7e0fa4c9978171c087c05b59d22e134e314a98dddd978b1a939c8895039735f2a3d8758e38177ebf1561ca6a83f951a5b00e |
C:\Users\Admin\AppData\Local\Temp\esAe.exe
| MD5 | 6a52b369ce0dc901aba50e861e1ff305 |
| SHA1 | 826b5ca7e9c8ce4120dad10a3a87e89f7fb83c11 |
| SHA256 | 8043f8533674acbffbe1d15c832ad97466e2c61786859870601c147f2eff3a0b |
| SHA512 | 76761fe9baa46b1daaf870074bf1b6a0a49c3dcb4001b9bbeb3ee9797f2e696b906dc4c3072034c1898362ddafd62dcb8186dc4c0390a530c00799836a895c5e |
C:\Users\Admin\AppData\Local\Temp\sKEwMIQM.bat
| MD5 | af7679eac8558b91f9ec4b3611894acf |
| SHA1 | c32eaa94a0b67887f1245600c36ef6bd04ce070a |
| SHA256 | 086ee4b56e6db4b488a2ba21e87cfd137de85f4cebe6ab84016e78d9d3c39079 |
| SHA512 | d94fbf8848027aec680f6bfd03f7ad302428892a9c6797381deab755db12ca988699b920d6f3f83d76ba2f3dad1131a979fd335f049d1f5e32a2f9f96660b34a |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile28.bmp.exe
| MD5 | f1f4ec18ab2902c6f459f42e330146e2 |
| SHA1 | dd345f9d0121217b4dd4a39d1b7c473fc82e7ec5 |
| SHA256 | e2f6c1002369fea4265fab26bc1a92e19e95320d15cf50a093cb7ff89343267d |
| SHA512 | 5770fb280ac2d663523b7407b0e61e944d2c8600210e9b8ad9f0970b7a623ccf8d96f44a56dd2db302f0463bb66ee4a5d86b0fcf0aefd136dc591311a5b7d436 |
C:\Users\Admin\AppData\Local\Temp\qYkw.exe
| MD5 | a1079e1e1f085dd3b1030701d9bb27dc |
| SHA1 | 039b2e1244442826aec2898d9cd094eee0106bcc |
| SHA256 | 305c6bc35a12b1e133c96e75b4b49747aa737a3a4c04df573ac6149b004b7616 |
| SHA512 | 07d0b63eab072b9842a82e244556e13f655351d0d73feb6f2714cdd089a96de4b46d1c2816db56ec0224672f45f48efbcdb33bcc2a35735ffb2f0cd5a8d66332 |
C:\Users\Admin\AppData\Local\Temp\WUUu.exe
| MD5 | d03118d32f01260c40b336b0ebc66011 |
| SHA1 | f21a19f44f562b9967ae121883aea42b0f5393a1 |
| SHA256 | 8ec6729d3ddfe864422b73624a841c60a91e0d3e4b3b1390d63233ea6c23b174 |
| SHA512 | f73ce014a8e786d56de9bba004fdda31a72ac5ef36ea79c580a19ad161efb9cb0f1b9fd9a350b697512823ac7869e5bb5537b78205e3231fbc51935705d46a79 |
C:\Users\Admin\AppData\Local\Temp\gUsMUkUw.bat
| MD5 | ab933cbc833b985a0e3b1d77aedbbc45 |
| SHA1 | 320d9cc550b38b458754dd59645929603d721a28 |
| SHA256 | 740b6c8182c80daad08c066d5d5030bad9b12908324b42da3310ce928122ec24 |
| SHA512 | 484318fa845aa65c7a73775346763fe32a919d0c06a4866f97cc90f287658c6c2980cec11300cd32426323e0e1b12b51eec64b0c4a172cd3978bd11d3464f3c0 |
C:\Users\Admin\AppData\Local\Temp\ggcI.exe
| MD5 | d05b348bf85c35b411e9dff08e930c23 |
| SHA1 | de80328af871fffbbb59f3802c5634cdfdf1424d |
| SHA256 | 9ffdd55367242d6a6122e14f19f89695a8ed07bc2ed568fb6c1d9f2097e87336 |
| SHA512 | 9d18ec5f5c5ae8937d4f5033efb537aa3f096c00c7b73a361f441808999e15765005ffb3030578129d3f5116890d7caa17dba6b8e47e1245e5a87f069a2e295c |
C:\Users\Admin\AppData\Local\Temp\mMMg.exe
| MD5 | 9579edad1da8ad9e5300a81f45c4d436 |
| SHA1 | f50b8f36e514cd97a1cf2eaa4b350946b550b458 |
| SHA256 | 0ccc63ce271677a9b65e2ebe3996922685068d630207a7ad2e8ace3267ffb781 |
| SHA512 | 0f09d0323ba40ef6ab0a2f8c0b19933eec7a4d1f33cbc7c36dcf599132dbf4f6149e317074f24eb061788d922438b70b4317fbf38d8df82642c9e63719dd5323 |
C:\Users\Admin\AppData\Local\Temp\eUEG.exe
| MD5 | 2e30d6283e01a9d998cb2598b2b37e8a |
| SHA1 | 0aade10fbb71bc1e0acdcc2938d43ea1cb4f6bda |
| SHA256 | d57451c6fa015d702565645b28def340d1657cb643811f0eac61dd2e261c732a |
| SHA512 | 74104b5826e1a5367add1815e7f4c9b3b1edfb28c67e37879a326132fb2fdd0ec5528ac580e3ef228ecd48ee8ae4d0163a0f9db5c9c9fe117ba22d5cfd9b774d |
C:\Users\Admin\AppData\Local\Temp\wEoA.exe
| MD5 | d91835e789c484fa812a14c5655197f6 |
| SHA1 | e2515d6971fb6e2d3a1597725f7fb95334844f96 |
| SHA256 | e930d648837de2d80258bbd1e80339e58959bb4546d1c32e905a8a7c021b4ec9 |
| SHA512 | 5a432f731e39aff37d7633ff72e79565892d5250580a9025f9546e039cca437d12bedbd11b784de69dc0acdfd46364f5e74df2a49394d4545ba98baf9c2318f0 |
C:\Users\Admin\AppData\Local\Temp\WCksMYgE.bat
| MD5 | 0804ed47132e98ebe7170ca616b70e33 |
| SHA1 | 5d8f59fd7f8e832b3584f2ab89850ce2cc18a48c |
| SHA256 | eda8a33604514a9047c956da87b68d64ab7e481b40426a897ddccd0952b31fda |
| SHA512 | e85729c05b2f2a4b88f45dd29c4afd95e478105e0f04c92736f2fe96505cf9e7f408179cfeaf8100eedd1aced19624de08d562cdff1b6574f044d5b955a50bde |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile35.bmp.exe
| MD5 | 3649c2755e578bbc26f4aaf8548f8fe0 |
| SHA1 | b48a3e876d1bf58ca04ec8c01ed401b46301c5c4 |
| SHA256 | ba8c5efc061106625aff0ed5d3471a910e76878485ffc54ad65d27da23870ded |
| SHA512 | d798655bfcad94a38768ae087fa51056a575b3c4196671a67fb7512656266d444bb9210bbce4614bf67c748a715903450542616c8a887bf7efecd1122d874a1e |
C:\Users\Admin\AppData\Local\Temp\sEwu.exe
| MD5 | 2ee734f7bc3ee558f8938e4200682d47 |
| SHA1 | 978fa63a6feeee4a15a009e58b8a3254795c4903 |
| SHA256 | 6cf5745ba2b43c4d6329dc89feb9f342ffd1218dd06dc7b98a22c6444eeee91c |
| SHA512 | 8d0973b6f109e1fdea249d298e4ad72ba83f9d4e05432cf73c3acfe4ffd258dd22e61bce96a816783862718665c8e73b285377c22a3b147fbdd2204e06981c04 |
C:\Users\Admin\AppData\Local\Temp\qYkE.exe
| MD5 | 58ef6e81f9c9216391acd3c7fc166b09 |
| SHA1 | 2f2bba9af40f92864b975d5bbd6b84800c0991ac |
| SHA256 | 1e1cd3f88b1a6efcf3e6af103686c87e121d4c5f7f078b2094216e1a6d18cbe6 |
| SHA512 | 7aef4f9502fcc0248347a8b9b4a84c76d16bc5c28146087360da452ea915bf9ffa4f03c38ea8a4baa76c99bfd905e61ca0f62ad2312ccce0fe45101c2bcd5930 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\usertile38.bmp.exe
| MD5 | ff2bb075a851eb0b91cfdfad502cf7af |
| SHA1 | 3eda2a5aaf29dc6680752da1d50f4fe9cd2a134c |
| SHA256 | 17a185476db7b0c50ba831e28f45318c951cbf6312bbfbdd5656197c78fef2d5 |
| SHA512 | 8f38d2721d8b3426c9c2af5b15de8be581c268cfb00fd7b8916b12fff8262c11dd4ea07438ca859e0b6285198cac46442e4f798a628077875d6183637543d1ea |
C:\Users\Admin\AppData\Local\Temp\zeoEwkEw.bat
| MD5 | 67764ba5b4793ec20758712835f61c89 |
| SHA1 | d1c9912d67f4b0d273c048f0e108ef9ed3ee010d |
| SHA256 | 5b4a76eb09b71703ed0bfe9cb0b7821f9a3d9960a911186318cd9ff90d784b32 |
| SHA512 | a58cd92943ae0049ecdc8514bccde4d8979312ddd86fea6a6b99328ebfe7f79ef0437c6fd6ce586bd55fd32a291f4353f1547f80b273c86e2c573902c616c8d6 |
C:\Users\Admin\AppData\Local\Temp\mEsc.exe
| MD5 | 7095a85a406c49ee3302aeb57cfd9e2a |
| SHA1 | 309c22dd94d68dad0c966615b6297a47230d3096 |
| SHA256 | a3660d5633837877d2f4df36bdb63be142cf41e986b0a0ce432fc84e4b73a464 |
| SHA512 | 3ace441aa007072bcbd95f3aed458ca635fe43a8e2e459fe675eeedeebf7c03a2a48ae9596fba75047b5de90a9bf6b96132f1e4442298aeaae0f682d0f9fee9b |
C:\Users\Admin\AppData\Local\Temp\OosC.exe
| MD5 | 46782027b095dd3705befafd91be2422 |
| SHA1 | 848393e89401844d565f5dd84a364f85573b09aa |
| SHA256 | 30b911999a0070198c60d43bc4a4beee87051eb260c501f93b9f8f7699ea6181 |
| SHA512 | c2f0f66cdfb83860c93951231e362e9b94e5fd5750540d52a27c3e2b4b4bb77679ea004553b16c20bf5159ca3cacdca8f04c076d038df30e95144381ecc43206 |
C:\Users\Admin\AppData\Local\Temp\AwUw.exe
| MD5 | 094da395f472e1a6312475fa9583c1eb |
| SHA1 | 2b4335e424dabde2030309a6859e781c2b8bcad5 |
| SHA256 | ac8961446df3ea8f56d3b9c19b019b86e47ac279ec09eecd1d6ffdd084d63948 |
| SHA512 | c118e7a0e151dbd6cc06aadd4aa7dce59834bca16294268204d719ac3be5c34e2f1148f20a9303505a55575dca675208b26e52caf6df6a3494725d3c184d7587 |
C:\Users\Admin\AppData\Local\Temp\UQQy.exe
| MD5 | 037b861fc0bbb70d4bd78253dc5d5cdc |
| SHA1 | cda24cc4f3300d2446cd6772062e49d4b89c2443 |
| SHA256 | 9bb17e6d702044c7c750142a9b3f6d13f10b5777552b3feb474265a970c5ef90 |
| SHA512 | d89ee24200ea98f13b8453cca5b44eb496975fbd28fe77341ef2ecfdff84f55a77a9a455911472f1935f23af69b75451a1356e37e908ce8d5cb890e6897ec65d |
C:\Users\Admin\AppData\Local\Temp\jSYgsMMs.bat
| MD5 | 0e2add877a29423690fb1df3bbc0dc5f |
| SHA1 | 256683d6535d4d21ad5423659bb536f33d1933f7 |
| SHA256 | bc920bf92a42ab3424d66805ce8dc87ec9924042fab838119c2622ae9a4cca45 |
| SHA512 | 4aaf06561729cfa78dfb14cac4bbc312e5050cf2e0458e3b858146cfa5ca9af084c189460f78afe58395005f6c7765ed3254887e9926ff2fe4a23d301ab93c6e |
C:\Users\Admin\AppData\Local\Temp\YMoQ.exe
| MD5 | 72883c64c1af35cf5cc644f08cdae874 |
| SHA1 | df0406a69d59d870e3a0fa0c1c46cb551b2b40ea |
| SHA256 | ef4bcf5d651688dea75f76255cbc378bfb9af5e785a07c8aec9ae5ad0239bf40 |
| SHA512 | 51e9f81f86a501c2718102d7ee4e15e20d05b2f35c32b77ad76eb8ec4cba7dfbc2348ad65f598cd3cf06248d54764499e0dcb2337f25ec0cb995d4eb71bc0fa7 |
C:\Users\Admin\AppData\Local\Temp\aQEi.exe
| MD5 | 8da857cd2e6c037f9bc697318eaa108b |
| SHA1 | 7b206ddf9460f0be5db67063cd211118b9122fee |
| SHA256 | afac116b816bc10d53b786c50a3d93cdb101dcaff7f578361f42d46ca30b3dad |
| SHA512 | 20173ab67f2054a742ee37ad7a7314e92bd7021fe0daf9c7533457a75de96379a56a4bb05965de479e359d1e938e9ece368895a5b9a24e9d716a3ea4cdf9bc99 |
C:\Users\Admin\AppData\Local\Temp\vckwscYU.bat
| MD5 | 1442f4d9067031580939d81ccb711f97 |
| SHA1 | fb8a639e12a3753259e16d83fb57e652d2a7d8fd |
| SHA256 | c6da834cc345f9d5c35bace35061559198f4038b6b95877cc2d9ab19bfa1c506 |
| SHA512 | 0cf7c87f5be11e71b31291790533c7087cc00d3dd871e867592dff1548daece64f12fd774204f8e7900d11faef2340aaa9c74f4d2a48d85daf2aac2b15be1a3f |
C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe
| MD5 | ca3a393d65cb463a16378f50ca653083 |
| SHA1 | c402f31a139e4d2ffa818d024eaf138e1a95692a |
| SHA256 | b1114446319820f0c5e71302ef0999af77fd57129456f103a47164eab2093352 |
| SHA512 | 99d0ed0533d616db220a41b19ec541b932898e94e0ed6f0f3d0df7422dc85d45f80070ce72eb9e9ae28e27ccf23454b18519b31fbc3cd095b784bcd0ea531238 |
C:\Users\Admin\AppData\Local\Temp\UMMy.exe
| MD5 | f95ab85062dbcfb49cee3c23238f57d2 |
| SHA1 | 572507a60be2a5b43514dd8e0ae373ff7059140c |
| SHA256 | d25d434db3922231ed5cf94a24b0709dda5563bace83148803e28c592ca80097 |
| SHA512 | b2d725e47b2f9f9419121739689c84beb1b8cb5f2c9398672f1460010d55e1233207a9db35b02a21c91d54645f2ed2628a00d4c61e47550338258fa28f8d1187 |
C:\Users\Admin\AppData\Local\Temp\bKsIwEog.bat
| MD5 | 58ddb47ed5734d1d2e9171a0c14e9a8e |
| SHA1 | a98ec69847f119fd17ccdaa6f7147cb9e8aedb76 |
| SHA256 | 7c3c70335fa9280cf02afa16523933b7f95eab1d006d89154d0d88e4381ffa6f |
| SHA512 | fb8ce232efeeabf1d7700b81919b4355789544eec8660ad500abc6aab29d8f1fa81c536d7c42fe8fb9bb92ca015af97a27ec413e3dd458a5b51c6691ec3c551c |
C:\Users\Admin\AppData\Local\Temp\kggI.exe
| MD5 | 43865403e5d226c50622d2d27598c165 |
| SHA1 | 2ffc65c5b48a73223ec2a97338f87c817996f73b |
| SHA256 | 3de04948db28554e5215b9a6aef244f114d069758a4258c0039f9421a414f9ce |
| SHA512 | 94ae7e66fac5edb08da6037cfd7c42832bb46f7153af4ad105976216f8c95e7ad1e9f891f7806144619182528309771f411cdc3905c8c14dbe254211e99fc1db |
C:\Users\Admin\AppData\Local\Temp\KEkq.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\ykMK.exe
| MD5 | da3e93b8d12d47e89262f201c154ea1a |
| SHA1 | c44f092322a34b8c5562a5538df30f7612389e61 |
| SHA256 | aa9c264c6be66c411ddd44214c557e8ff23c0f2aa76be801d941e27f401c2dda |
| SHA512 | c8c3bbc9f615456b403e673d01171a746edde9b116c8c34df4d43e64d15e8309647d2a8f8b766e4361170120dfe23e05d8ebf78eb1f2f540f301fc4d10254e02 |
C:\Users\Admin\AppData\Local\Temp\YMIu.exe
| MD5 | 6807c508c5002a840340889624c817f8 |
| SHA1 | 137f7b11ddf3ba6c9fe3bfa929826ba99909391c |
| SHA256 | 427da194a180948c824335bb59ee35203a086e70555c04bef9bdaaf10972166d |
| SHA512 | 8a3d9687135241626518b3a960dfaba7c822e7e48b9e192798805008ebc25c2d899c2a64b57bb55a3f05fda9ca106704220211639346d8760065ee1ea63f8225 |
C:\Users\Admin\AppData\Local\Temp\MgAa.ico
| MD5 | f461866875e8a7fc5c0e5bcdb48c67f6 |
| SHA1 | c6831938e249f1edaa968321f00141e6d791ca56 |
| SHA256 | 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 |
| SHA512 | d4c70562238d3c95100fec69a538ddf6dd43a73a959aa07f97b151baf888eac0917236ac0a9b046dba5395516acc1ce9e777bc2c173cb1d08ed79c6663404e4f |
C:\Users\Admin\AppData\Local\Temp\gEgU.exe
| MD5 | bffda171a25b17d1bd38f789deb7d9fa |
| SHA1 | 832a65b9da1cbc9aec95df64acde9e98b8dc3a34 |
| SHA256 | b53dd399db3724f5c2bd6c2e852e028770f6af5289dfd28e41786436281ed99b |
| SHA512 | f94e49352532958ccdaa58d61f05daf9952e352fd1604e1992fdd04631bc302f8bf085b6185f428280191498ad52e65c7aabcc3f044a83c425b3d9c1e364b408 |
C:\Users\Admin\AppData\Local\Temp\ScMcIAYY.bat
| MD5 | 64000a25e646ed03fd7a02afed173ffd |
| SHA1 | 98ac0f6aa1e09224368e0dd337fc9e01f3e191eb |
| SHA256 | 10696f45a089cfb9ac09f86cb53aec4e1ec8d9364bcd766ad921fc32eca61d4c |
| SHA512 | cda663ce3da2eb05e88c144338c1da1f09da87137c97b64822decd5a8a1471b32f8b024c51cbf063ce8e847b205821e4396142873dad1b126fb972077ec2a673 |
C:\Users\Admin\AppData\Local\Temp\MUoM.exe
| MD5 | 6108f1f9a0de11a96d42ad6de754babe |
| SHA1 | 71a105786cd2277b0e056fb597dcb624b5721bc7 |
| SHA256 | 8d25ba1f7ff417c56bfd67d18e4c82cfbf2feb0bc2c50e861d07a095c50f6446 |
| SHA512 | 2f9863c2c1571cb58bec281086a3542c51eaf5c40ee0bfed9c67556ed3e6a4e2c980514cfe953afe0a8b2f1ff6df8b7946d0319f8ae86e16c9254d5e10146d2a |
C:\Users\Admin\AppData\Local\Temp\McMa.exe
| MD5 | 379a364029ba85d9fd4c61dc47110b78 |
| SHA1 | 0674b3c98aaedf10c2b708ebbf626fb4fc495622 |
| SHA256 | 0aa6f1200ca0503e497310e69ecc3b290da7ad5a6503fd54d1b9d5872ef7fea3 |
| SHA512 | 4e26e19c465a99f4413518c0e9c0777b402b367c4985bfadac8af27b9d0609acbc981ae5af0a579612e2755ca12b2248c6bd0fc78c13b2e46a05ccab27815df6 |
C:\Users\Admin\AppData\Local\Temp\IscY.exe
| MD5 | 57bd53a0283fd615e1828b5d96e5addc |
| SHA1 | b426acb70610c34e10dcfe8a8d839871a904e722 |
| SHA256 | 7271d8c62cf568d10b4766aa2dc427995ebd6dbb309aa3d4545d36350dc4dca2 |
| SHA512 | 66ff1e1a41f43e681c178f2a8c9b6df73ad6e6dd2d0334f2bb90b120de78b4a1adbda7e025b30d0b6300ea2e1eaaf4866ccfbd2e4f8a72c09e36147d35775bc1 |
C:\Users\Admin\AppData\Local\Temp\sewUEQQY.bat
| MD5 | 13e0b21edcbff389c8e871aaea1a0612 |
| SHA1 | ce6afe954a10f38d2a12e1fef271bd2219b23f07 |
| SHA256 | e144fce869315b0cd9a1e24f2ddb0d5f31f7f671d0d8f8ae186583693feb9c2c |
| SHA512 | b3d574e1f4b9a219791493cd5a7240042f2194324cc34c0288cdeba477d6c15dc570893ab9810aeea24aaa79b516cfb1d991f9233dd9a22281b3d522c59e30ef |
C:\Users\Admin\AppData\Local\Temp\wggU.exe
| MD5 | a44a7eb23a71a06fc51d8e1c26669b48 |
| SHA1 | e11d4c0d328ac37a771982c765706e867bb079d0 |
| SHA256 | b954cdae4004088f50ebb83a256a4162c337f4566eca97e1cbce7381f50a1896 |
| SHA512 | 02986ac14b9cf6343ccd5653fb90e89c2608862fed16e794c84637a821fcfb055d11a1687e4207ea01acabcbdce0056477d10c25bed31acee114079075933eaf |
C:\Users\Admin\AppData\Local\Temp\CQcW.exe
| MD5 | ad4886766c8a13271b0f4a0523d56166 |
| SHA1 | 3e1687cb09a2848c1fd1063676d7588bd0aac0b4 |
| SHA256 | 7f474af99b578808837a3ccfb9f7bb090aa6f2cae5fb4422dbe46b2cf4725a71 |
| SHA512 | f0a16f5a5cef71ed76d4aafaedfc5dd09ed6b36ac68c2097634e2b54973c99dcaea5cf26e18ce05418526d86812eb43d66ca898d2bc22a401d4801af283165d0 |
C:\Users\Admin\AppData\Local\Temp\SYAUQEIM.bat
| MD5 | 6459a53ed05962924f2068acb30bb5c0 |
| SHA1 | 8b957cfb502e6273368a3a000033a8f9fac5afbe |
| SHA256 | 86cfddbb46e29732b34509290f44beb94971cae3ed457316b4abbab08d80234a |
| SHA512 | a8d9cb7b076d915d2ec83d6a31482975fa83b6eae3e698d38fbe76447f86306ac55cd72f74fc05d623e9411376c272aae246a4632e9e19b1c2fc101374a6338d |
C:\Users\Admin\AppData\Local\Temp\YkcK.exe
| MD5 | cfaa5500ddc2d61eee90cca80d345a9c |
| SHA1 | 82ea3bfad038cc76c82e7f6dacdf901e0dd16b19 |
| SHA256 | 6ba074aa8a85cc68bd1311c926cc1353ed23a23dcd0c19ebd6c380a27ff9f7eb |
| SHA512 | 99f47d48931363496822329dc62e236e26045259dabeea3327ddb2bab5ad281b114f4fce27b24962d7a365fe394fd00fc2e90086e3a0a6148d020e319539912b |
C:\Users\Admin\AppData\Local\Temp\uAsAwAog.bat
| MD5 | ca4b8246915968c5a7b5901b0ce01e8e |
| SHA1 | 577a42cc7fad837c2e79874a3c560e088b8dbebe |
| SHA256 | 118e906d5e3277fdb9b492f11e73bf9b0f22edf5f116c3948d3cfe5e3804725c |
| SHA512 | acb3b1b71c45163d6b6f7c5c99eb97a5970e703c5ec950f553ff1183644c7462ad32388b2f3cba355a3fee142fb5b54079a1f71aa812401fb1f6d4deb26e02d9 |
C:\Users\Admin\AppData\Local\Temp\tyUkoMUs.bat
| MD5 | 43d07110b0bcc68cfe70f9da45cb2578 |
| SHA1 | 1439a7d4af8696fc19744dec0aa2c32b04ea47fb |
| SHA256 | 7ff4d15872ad213babcaef3dc58df00dd4e5d6218aaa605b43a326efe270e75d |
| SHA512 | c1de5c0d070b3c981d5db0755c076c57d3e1c44335ffb9f2f51ab783574d2c7317b8e3e3e06178927e1e395dee5a60bb3ce0dc88ddba216c7c94ce46013cd405 |
C:\Users\Admin\AppData\Local\Temp\DiUYUYEQ.bat
| MD5 | 11513667156cf99762c266c0ef6205a4 |
| SHA1 | 09a3d31b7a5d9b376963f3569e4f92229f91b009 |
| SHA256 | b23a426927463b09146bceaf6332d7467ccbbae73fdeb1975063beb9a926b136 |
| SHA512 | 7f5c9229cdbd5e313a2509ae8e98d6c40940cc68433c1f5f19b1362c3b2fe2b5222ee4fb65817c87631e8a7b0c334a98e10a538b8072b7b2d14090d30644efe8 |
C:\Users\Admin\AppData\Local\Temp\vCggcsYs.bat
| MD5 | 12d4643850aae003554beba4d048fbfc |
| SHA1 | a3a9d19227018766523dd5a1b57ed2bf82d49029 |
| SHA256 | 381cc1b3c86c95d49a68cf79529b3ba4e32208968f21f78bf62c0d88cadfc333 |
| SHA512 | a02aa57df4d35b1310dfc8ad535532c4b7cebbb89e60b793dba46ab365063bb1fa4b0196899d8d0cbcba05ea180fec792decd6d6110aea64256db326dc671026 |
C:\Users\Admin\AppData\Local\Temp\AAYUoAYM.bat
| MD5 | 935d9e8e73e29b9b01622f79320bdb8e |
| SHA1 | 1529cca453d35fe7c2a36791f85da76d67a9e893 |
| SHA256 | 7e1a5d14b1966016a99eb7f60fbf19aae2364f1c55b3fe9b5cd3434f0cb103b3 |
| SHA512 | 57cb526b26e6d2918b9fdd957ff259d566caa1dcae36f79b06abeb92288bef642d3a910b5f2d6800d3814256f1e0a5a2971e9324dd83301a5c45f356283aebfb |
C:\Users\Admin\AppData\Local\Temp\QaQEwwIE.bat
| MD5 | ffa0a54048eaa096d7c430062245ce48 |
| SHA1 | e00a9446d68cbc98bd52cd11e8cf21df6ce5589f |
| SHA256 | 371015ba374c40746305f01307a1c0b06f198dede4c77dd7ee6feb81c261791e |
| SHA512 | c106733398bee32074fa32d99ef5b1e02c50481172baae4762625b092d3bdf06ab03195ffbd5f3e51ca58565abaf0e33754ab0e829b4784e6d140c5f37a86c12 |
C:\Users\Admin\AppData\Local\Temp\EyQsMoko.bat
| MD5 | 79464e3d9617eaf41011fa33295c662b |
| SHA1 | c586786a8764324b0ab344694dfcfd5b3b4b3e1c |
| SHA256 | 3effc6c5b6cc18f3a81af239ed2ed00502955f29c72ba7527e3b0235196f6f2b |
| SHA512 | 99dea1f2452a7dd23c64a7467945f4d1ffd5d715dcda0148aa09432ea7775f03e71374d5a09aa6e31eaa6aa3f81b0e678abcb8dff88409af6fdbb072082db522 |
C:\Users\Admin\AppData\Local\Temp\SaMkQMwM.bat
| MD5 | f35aa336631723f3227b37210eccb2d5 |
| SHA1 | 3ef8834e3b607ce1aa9e3cecd518c0dcdde097a2 |
| SHA256 | 04db1610fa8063aead6e3df27251a6931ace8ec58654166073c9959d9d09ff91 |
| SHA512 | 2bd002d404a5800d9b2ea3359f710636143253b13c15771aefb0bab09df4b04cc1449a2988c045964058101f49a2afff08dadde5c74301d12493182ee5d20127 |
C:\Users\Admin\AppData\Local\Temp\sEMocsAA.bat
| MD5 | e895cb519688d7de5fb6dd1fc3408dd1 |
| SHA1 | 19c4af2563464444e3d677ce524d286de7563e4e |
| SHA256 | bad8c0e0bce4ff4dce4f72a6d5e4357bef91479554435eef898070550595e7ef |
| SHA512 | 4f1520511460b17df9bacbd5a1f46906ee78dcc0a5c6f7697fc12ae2ec1f515a15d49a79723ffad4b52590a9b8a4683e5b80a10a9effae4a4f5831ef41be5654 |
C:\Users\Admin\AppData\Local\Temp\NOYYQMcI.bat
| MD5 | dcc3e69ead0a5965e9ac33414588770b |
| SHA1 | 443ab22c666f29e284e1facce19679ad2b6e9d02 |
| SHA256 | f5c1f2416da579b4656452dfe9e1fe9f1acce47dda13feefcadefc4037923ca8 |
| SHA512 | d9435f29f3da105469d82252a7d55e236cb38c31de9bad840fa956e20b59ea98523334e30ce4b797110deac48e4cb1b0216672f61d5b04ba0b0b6d3ecf7f6304 |
C:\Users\Admin\AppData\Local\Temp\NgkcoMgg.bat
| MD5 | 578a005f896e38fc047a4a99c847a24e |
| SHA1 | 1073da263700223d05b2b6df7a3d5697500c04c6 |
| SHA256 | 281565af52f5d1b44f3fe8ba59c5d4cd6f051a225cd7b845a0bf3d618d5cc8f8 |
| SHA512 | d3fd5ed5598efa8ce9615b98bc5470851dad8cef562f93a9dfd0e19a5a911c50d7fb0054196280f93d3312af92e1564d08c2e918432071b49e114892aacf6981 |
C:\Users\Admin\AppData\Local\Temp\JcwkcEIQ.bat
| MD5 | 7a679d7aee49ae093ad9482f8efb9344 |
| SHA1 | 84e887ff22568e7992ed5d8ee3c271830a323454 |
| SHA256 | 8b1c23e59a3ba13a98bcc4f081f07343157ad70bf1141fad290fcdd596c1ef39 |
| SHA512 | 9cd97046fdb9d00b5ebc19ec6a043fa570ad1143f6f2beaf1049388d95ff536b8fa1f3c799246e0de01da3b101d6029889c2946f7a5b84a7f025b85485099f54 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-26 04:25
Reported
2024-10-26 04:28
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
137s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Renames multiple (87) files with added filename extension
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\rEgYoYQc\ZssoEgYQ.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\rEgYoYQc\ZssoEgYQ.exe | N/A |
| N/A | N/A | C:\ProgramData\AykcUkwA\SmYYccsc.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ZssoEgYQ.exe = "C:\\Users\\Admin\\rEgYoYQc\\ZssoEgYQ.exe" | C:\Users\Admin\rEgYoYQc\ZssoEgYQ.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\SmYYccsc.exe = "C:\\ProgramData\\AykcUkwA\\SmYYccsc.exe" | C:\ProgramData\AykcUkwA\SmYYccsc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ZssoEgYQ.exe = "C:\\Users\\Admin\\rEgYoYQc\\ZssoEgYQ.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\SmYYccsc.exe = "C:\\ProgramData\\AykcUkwA\\SmYYccsc.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\rEgYoYQc\ZssoEgYQ.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\shell32.dll.exe | C:\Users\Admin\rEgYoYQc\ZssoEgYQ.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\rEgYoYQc\ZssoEgYQ.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe"
C:\Users\Admin\rEgYoYQc\ZssoEgYQ.exe
"C:\Users\Admin\rEgYoYQc\ZssoEgYQ.exe"
C:\ProgramData\AykcUkwA\SmYYccsc.exe
"C:\ProgramData\AykcUkwA\SmYYccsc.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VEcUUcww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\hKMIIgog.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\raUMwAIM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pacIUcYs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EKUgQckE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uKskwIoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SEEckAMc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GwQkIgkA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PMYQUYkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FysAwQEE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JKoMoYww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xKUcsEgQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\puEAYwww.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\muQIMIcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OeQQcUgM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sqUAcwUY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\deQAYkwM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NaMsoAYY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FekIQkoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dmkIcckM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qQIcYMck.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AIAgwYsY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SuQgMoUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AyQQEIAQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\jMcUMgIY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tcEMkAoI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zUgAQgMM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bWkYUYgA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MCMkQYsw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mOUEMQgg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IawIEMUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qgEEsYcE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LgAQoUwo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FcMAosso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\vGsEwYMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NwoAoEEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EKEkgAQs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SckIMIsQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KOAIgQkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bgAoYYIE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nioUUUoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\faQAkMQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zYkgMMQk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wSkkscgo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\amcUgMow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\uwowgsEo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bokwwgoM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VwgMMcEc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NSYoUggU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nQIUwQgw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KQwgMEws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QyMwIAco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AgMowgUM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JeocsosE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rwAQwcws.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dmUksckg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bKUMoYYk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\UCAsAQQA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\IOUIAwgU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CsUgMwUI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YqcMEAgk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DMwcUkIw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pwEAMwsA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PUwUwQAY.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EigsMwUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kSAAgQsU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EgcokgMo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wowYEwQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HKMUIQcA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zCYokMUo.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BisUMcwU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EGsYUgkk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CmEcskIQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QawYYcwc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\WiwsswQQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RcYQwsIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\dwYsAUkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZsccAoco.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QCUssYow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qeMMUEYU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AAcUYAko.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DKUQIgwI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BmsIQcAk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pEIUAUYM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GyIEIAMk.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SQswUowM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\kWkAUQcg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eSYMEwcU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\VoUIIYgs.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LSssYgIU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\diIswwEI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\fCoEYogw.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cmkcYYQI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gqUUMQsU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mUYkUMcI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RGAgkwkc.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zYMgMwkM.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bwMgEUIg.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\zssUUMgI.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OkYsEgoE.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wKIUQwMQ.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wGkIUAwA.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\bOoEYkso.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PqUgsUUU.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\System32\sihclient.exe
C:\Windows\System32\sihclient.exe /cv HJQDvHrxo0WG0ThDq4j2oQ.0.2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\LIsQEAow.bat" "C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe""
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | google.com | udp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 172.217.16.238:80 | google.com | tcp |
| GB | 172.217.16.238:80 | google.com | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.190.18.2.in-addr.arpa | udp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | 133.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
memory/2264-0-0x0000000000400000-0x0000000000420000-memory.dmp
C:\ProgramData\AykcUkwA\SmYYccsc.exe
| MD5 | 1bed39333097a4829dcc9a2063395010 |
| SHA1 | e9563ca2608e20f5190a6118fc52cf7cd12ad759 |
| SHA256 | 76732c77d71b07b69b06c9df463b74db935412561a00841c9ef58c3a75994e88 |
| SHA512 | 43c597d335d46c407fcb4da605744040584c988441feb9f3fa72674c15c253aa2793520e4e22768603bff82f3b5468cd66bc5d098427afade25bc46cf4d81f32 |
memory/4224-15-0x0000000000400000-0x000000000041D000-memory.dmp
C:\Users\Admin\rEgYoYQc\ZssoEgYQ.exe
| MD5 | d50ecd3fde7558a9a864cf8c882646ec |
| SHA1 | 7e674824511a45598312e9cfdab3732ff1c459bf |
| SHA256 | d6a33664b027b99c083ed050c85a8b0945ff0bb80c04a02a65d7549bf92cba55 |
| SHA512 | 34ebc9d3b8b827a6195534a702106baf1d353d08ab58af6ada1908aa48160fb25af41338a20a9c7baa4257df5dc0085838c8d869666e431b15769dc2e5788f61 |
memory/1176-5-0x0000000000400000-0x000000000041D000-memory.dmp
memory/2264-19-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\VEcUUcww.bat
| MD5 | bae1095f340720d965898063fede1273 |
| SHA1 | 455d8a81818a7e82b1490c949b32fa7ff98d5210 |
| SHA256 | ee5e0a414167c2aca961a616274767c4295659517a814d1428248bd53c6e829a |
| SHA512 | 4e73a24161114844d0e42c44c73205c4a57fa4169bd16c95fb7e9d6d5fcdf8bd01741541c77570556ac1f5ee260da67a9041f40381b6c6e0601c9de385bdc024 |
C:\Users\Admin\AppData\Local\Temp\file.vbs
| MD5 | 4afb5c4527091738faf9cd4addf9d34e |
| SHA1 | 170ba9d866894c1b109b62649b1893eb90350459 |
| SHA256 | 59d889a2bf392f4b117340832b4c73425a7fb1de6c2f83a1aaa779d477c7c6cc |
| SHA512 | 16d386d9ece30b459fd47ca87da1f67b38d52a8e55f8fd063762cb3b46ae2c10bc6eac7359b0d1ef4c31c1ac8748ae8f62f8816eff0691abdd3304df38e979a5 |
C:\Users\Admin\AppData\Local\Temp\2024-10-26_055739f5184aeb744d73e3c90ec60b08_virlock
| MD5 | d7ee4543371744836d520e0ce24a9ee6 |
| SHA1 | a6cda6aac3e480b269b9da2bd616bdb4d6fa87f0 |
| SHA256 | 98817a572430813ca4ca2787dab20573f7864c5168ac6912f34d14b49e7bd7c9 |
| SHA512 | e15b6a50d9d498918a81488bf8d60860027f9a38f4d87e239f1c6e9d20fe4938e75861dad35c69e4087370c18b2cd5b482ab6ca694dfe205d053f1d303d17808 |
memory/972-27-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3292-31-0x0000000000400000-0x0000000000420000-memory.dmp
memory/972-42-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1136-53-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4000-54-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4000-65-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2284-76-0x0000000000400000-0x0000000000420000-memory.dmp
memory/944-87-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2392-98-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3968-109-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2816-120-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2284-131-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2460-142-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2180-153-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2428-164-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4860-175-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4668-186-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4896-197-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4968-208-0x0000000000400000-0x0000000000420000-memory.dmp
memory/5096-219-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3484-230-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4412-231-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4412-242-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4256-250-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2476-258-0x0000000000400000-0x0000000000420000-memory.dmp
memory/944-266-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2264-274-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4136-282-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2896-290-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4460-298-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2196-306-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1052-314-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1404-322-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1532-330-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1056-338-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3908-346-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4556-347-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4556-355-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3264-356-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3264-364-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2284-366-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2284-373-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1128-381-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2388-382-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2388-390-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1532-391-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1532-399-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3756-407-0x0000000000400000-0x0000000000420000-memory.dmp
memory/2284-415-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4988-420-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1536-424-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4988-433-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4356-432-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4356-441-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4472-449-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3256-450-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3256-458-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4576-466-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3292-474-0x0000000000400000-0x0000000000420000-memory.dmp
memory/1632-482-0x0000000000400000-0x0000000000420000-memory.dmp
memory/336-490-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3452-498-0x0000000000400000-0x0000000000420000-memory.dmp
memory/5008-500-0x0000000000400000-0x0000000000420000-memory.dmp
memory/5008-507-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\UAAO.exe
| MD5 | 158ac500ae6cb5288c555edbed7c927f |
| SHA1 | 64f86a2fbcf8366b15ecd55ceb8540bcce7f7e17 |
| SHA256 | c0dd2ad57f2760f07950d65e80def207dda63d1da237da32f77e473801c28525 |
| SHA512 | 8b47b6cb435f6c3f10a970323e562684f15f7f150e5c9d5f0f6976c2a61a4598d1224ce1bd920615929b05ce2fc11d262111411391dd1ab3eb94cb1d6fd9f3ed |
memory/4028-530-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\sMke.exe
| MD5 | c488a7e082286c3cd00481bcab2d50d6 |
| SHA1 | 3beecf89bf0f47710dc7992a2da56f61f23c0b1b |
| SHA256 | 6a43035778896f1b200027a96881df4ea258b9386be8e044a3df3e0db1f5bed9 |
| SHA512 | b3e66026d48da9bede62d23c54af1f2c7fa116a2e6458d173bca50d58369e9997c1daf60b2c9ea5873383d7d5d0e8dca10809358e5ddd2b977e2de2df489b935 |
memory/4104-566-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\mIwW.exe
| MD5 | 63c9a2add3d8b50c1d2cdc07dbdda75e |
| SHA1 | 642d839db7b2f9b3738a7333d102ed4302fb97e5 |
| SHA256 | 04e5353ed6bcc6280a8be7ce01e623507b02638d1694326b9d75c2a8fd41782d |
| SHA512 | 696cca77a0667961afb232b8e9c1a796682f704b41f9e706313b031c4f95fb3a13169297983929a86c08da79d7694dcce6fa29b592ad43dbdbfd833af58f4d3e |
C:\Users\Admin\AppData\Local\Temp\wIcg.ico
| MD5 | ee421bd295eb1a0d8c54f8586ccb18fa |
| SHA1 | bc06850f3112289fce374241f7e9aff0a70ecb2f |
| SHA256 | 57e72b9591e318a17feb74efa1262e9222814ad872437094734295700f669563 |
| SHA512 | dfd36dff3742f39858e4a3e781e756f6d8480caa33b715ad1a8293f6ef436cdc84c3d26428230cdac8651c1ee7947b0e5bb3ac1e32c0b7bbb2bfed81375b5897 |
C:\Users\Admin\AppData\Local\Temp\IsUC.exe
| MD5 | f168887f8ad363ba474e3388739f3a50 |
| SHA1 | bb53854f7c71d93bfb8d117b3a183c92d49e4445 |
| SHA256 | 7261a7aa52711523c4429c3dfe4dfdd1c0f2071bf592a279398cdc7125f24731 |
| SHA512 | 33e0c9f8d483cbfe674ccbdbeabd8252512a5e23d2fdcedd324963fb8b2a1b85638d4f340b5fb39ac6ba38dd62fa749f69e1a225d498556572c272c977ea513b |
C:\Users\Admin\AppData\Local\Temp\YQwe.exe
| MD5 | b0a515101e4c75b5074be01cad0de68f |
| SHA1 | ba96ad19a8a91a6ad44e74d5757ed6fc4e59a897 |
| SHA256 | 528ed5c5ef9c744f8577763b3198ab466298709f0a658b61b9438b2f5a2804ba |
| SHA512 | c08cc5526794ec34ea01dfa26deb8798960d1bc5782ea6be1531b72554cacc20ddd77053dbd4b0bb4e0f682228b87b005a084d20980d10773d1db4d6552b29a7 |
C:\Users\Admin\AppData\Local\Temp\wcgS.exe
| MD5 | ebe580c8d5bd749766cee82345e51123 |
| SHA1 | bee65a8c018261b565d49c8becb8d8ab366022c7 |
| SHA256 | 4243e4c2038ff92cd4b927d37648dd199e30b49cd277809e1895ea1faa7f132a |
| SHA512 | 5d6022b1f764610dcd6237e4fcf0e7d5d46ee711440a5de049ec308ad5f2d9592a00ef6340a1c55c913794528381a6cb8faae365f17ce0ab377430f236228dba |
memory/3856-630-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GkIi.exe
| MD5 | 61b42740cd92e9a73be6af341d7d93de |
| SHA1 | 8dc18d30d487fdb08853d4c76bb36a9c26299e9e |
| SHA256 | 64088847a7b8f93e3d6d2a9f0f4903fc3100ee30d6947cb5d0395437b25d0528 |
| SHA512 | 1202a66ce64dd8b63a0508843b7b743d9277b176700f8728360315ef231d0a7ac10af10b69820c195c4513f0e30e55e8a0f8a0f0a4ce379205f6919d1932663d |
C:\Users\Admin\AppData\Local\Temp\mUQG.exe
| MD5 | 742ada8c9a8f48d853120da8fa4d7dbf |
| SHA1 | 1d6e8e93b7f2e2ede78c7cfa3b63ae12359691d6 |
| SHA256 | b06022e084e7fcbd166ef2d327d4a3409778ae54f1acd1eca1b9910f5ae279ed |
| SHA512 | f8d27ad4ab42fc1bc4cf22952b7d8ce1b8078bcbaa09c100b2877d80ae12d3739f405f94a5299ee5292a16256e14e786cd1de8abab543b41df1979ec09521269 |
C:\Users\Admin\AppData\Local\Temp\IAEc.exe
| MD5 | 2f4af79add1acac3ade940282019d0bd |
| SHA1 | 3a9caf738eba192f1caaa4ff2eb764601fd1c544 |
| SHA256 | 46c8c27fdfcc8761cea1d595cc17285a544b8a13f39a0751753ef57744e8c1ae |
| SHA512 | 84b4fc9379f1f324b4a526938be3656366e6b11029b797d8b181912f8430261480819abadd9ba4845b59765f765ac83a1497fb7bcde6be6d5a46535154043b85 |
C:\Users\Admin\AppData\Local\Temp\aMES.exe
| MD5 | 90c90f806d22945d2c2cfd21aa557938 |
| SHA1 | 0c601c69a0740b7bee8be23ef9fc2481a14741fc |
| SHA256 | 2688be81fcfbbadb9dbd6aaa2979e59300ad93bb982724bb62fa25f0068b3007 |
| SHA512 | abde7ba3ea6a6f14d56ae855ff890a4ad468e24e268c2f4b54d58206501e657647ffae434f09d4d596474eb1a2c5a9da309fccfdd4c9eb959b7afef5c1eec283 |
memory/2624-677-0x0000000000400000-0x0000000000420000-memory.dmp
memory/380-681-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\UAMU.exe
| MD5 | 9cda929a0b2cbe51c9a0a8c792807a9c |
| SHA1 | dca17e8be5cacb29acd50877dc08d7caa7bd9412 |
| SHA256 | 9166f1238360bbed935a7031078e99d791095ef8001c2435a60174541cffed03 |
| SHA512 | 14db5a6e2146e3b9959b1398b6185abea72f204174f0669bfc3b3fe1eb48657dc1c70c2fbe63e40f5046d926ceb1a2ba8cf3caf4f7c8b43c440ecde6b0279a63 |
C:\Users\Admin\AppData\Local\Temp\aMMI.exe
| MD5 | 15646c058085e9dbdb0ba4ec2be81466 |
| SHA1 | 04dff898cab9af418898126c47807183ba464882 |
| SHA256 | 1f6fb7abfecf4c7138a003def10fc8a0448dcc4b9c6155ba0aaf45f8d6a4ec86 |
| SHA512 | c02bf2f4784b99987cfcf66fc5f03102bc96f1e85214b3e0ca078517717bdde67862376c9a92a4f5b56ca91569b5045732cd4813e8a70d0d3fb7da866d5015d8 |
C:\Users\Admin\AppData\Local\Temp\QoAU.exe
| MD5 | 158ad803de9ca2e2ee53ff9c65b86866 |
| SHA1 | 132d758139678fc5ffa9270718655d63daec93b7 |
| SHA256 | 632194d107ae53334da268fe92c5ab23ac360cbacd98c2a7f3f1b36f81511d39 |
| SHA512 | 661844b4f02454bd44cc1e40c2e1bc3cdc7e59f48a2a1a4d482310dffd59e82fe86cb1baf1d285d36aaf52a40865997fdb66a14afe43339eb779546a240a8cf8 |
C:\Users\Admin\AppData\Local\Temp\agEw.exe
| MD5 | ca14ad064856427767471d23396c5692 |
| SHA1 | 9c86c129bf8d8e32341a3a0af00ca778c4375c3f |
| SHA256 | 8e4d421df874f412f214fad23b407a1410c3d405460810bb5b0884b38f9536ad |
| SHA512 | 36e16d5e50115fa7235398c848fc6dfcbd1addb4dd8667026a29c8870661cfe1197adf4251fcb074bd849fbe2ebca79d07e26325b8ae185193783290a7149bab |
memory/2624-731-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KkgC.exe
| MD5 | 17a01b67e152033b13e9ed6fcdbc07e4 |
| SHA1 | 614506b18cafa25a64476b7a4e01085e77560d6d |
| SHA256 | 78078ec8ee9fad2fb8eee72fc61ed3fbb2c9485da89430e4be274b47da326213 |
| SHA512 | e391b053aada70002aeaf5fe96429b9590ebc73a704d07232b45ae39d0405996bc6b3985024b0e37d052e0fb665aa654f235e653818b53ce16fd0641f315bbc0 |
C:\Users\Admin\AppData\Local\Temp\AgcS.exe
| MD5 | fe25197622a9e536920a4407031bbb80 |
| SHA1 | 638405f3e70f4ab5994beb4d6c75a30ffc38ed67 |
| SHA256 | 50456c3af7b9e189613a993c155ec4faa664c31d566266be8e041d1237501d7e |
| SHA512 | ff6de0c173c33bac280073271f14675c793024dd974b908202d5b5ac089c12f5dd2fc6bbe3d1fadaadc8cfdbd59c16c613ee9134ea24997569b4632a03f43832 |
C:\Users\Admin\AppData\Local\Temp\qgIo.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
| MD5 | 6b1d3ecfbc75dbf14984eef0528898f2 |
| SHA1 | bf4ea861fba6f1ebfce6f9406ae82130d94df425 |
| SHA256 | ad7b3bc934b0a32a41748b5337ba90c8b2634f7847049a92523ffee4306bed9a |
| SHA512 | 29f76658f3e2c90356494c1a3c55e09d451e5a91686187c1e074bf98a35fe00e2ad26e6e2db6bf4160490b09a5f1a082cf89681f2d20e9296cf26046676e7733 |
C:\Users\Admin\AppData\Local\Temp\MsoS.exe
| MD5 | 4ed5c3ceddcb9f3f400fd02617d45398 |
| SHA1 | f04d69815a9e64e76d6fc15866c358560b1be046 |
| SHA256 | 7a03d069afc1d02dd036b9dba2470c2b799dd91affa88c2f030d391be8e6a8ae |
| SHA512 | 5e92e00627ba39b2f7301480ee7b5306edc332dbf5abe87e561976af6128b7126b9f11cedb1c85b50a3f69cc29970a261540289a4d844186dfc8c243f5b26085 |
memory/3536-809-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AEkU.exe
| MD5 | 1bb1b52cd400c4f417976025d3577dc5 |
| SHA1 | 88a4518770286a72f10d3b983e780214ea5b19ea |
| SHA256 | 005206873d66ed7f080f938c6126f7baa48c4167730e7ce1f5fef5ff7de08d41 |
| SHA512 | c87cd21a36492b3c0a2ff120b2b8e7e91ddfb9dd4c42902078922efc52c8585b71d6405191957bea49a33f9c952724648864a5d7a3d6629711d3449f78ede005 |
C:\Users\Admin\AppData\Local\Temp\oIwU.exe
| MD5 | 313314f3dfcec3f4e60e8f781edd1570 |
| SHA1 | 1a69071687a3f302cb7d3370d3f2b3fe5987b1e5 |
| SHA256 | 32d4ef65b9da8dce0deef531b253f60c335b3af80ec7a827c9edeca287f1520e |
| SHA512 | 4f86b5982bb6d98a6c8c8c03a08fb314d13d33b4bdff9a545da3da192c5489dd363dc3dfaa0efe2665140db84ca5db53a76112aa1473bf2652ea57890e8e9d63 |
C:\Users\Admin\AppData\Local\Temp\OQMw.exe
| MD5 | cbd20e0c7f4cf8cfa20998044b91181a |
| SHA1 | 1ccb843d8852a8c8580b4ee18a642a78f0a9d491 |
| SHA256 | f303bed30701d5022cf1a7c609512456469b25603d78e962bb0486219e7e1cab |
| SHA512 | ae50718b5b62c6bb471cf929b771f07ee2c898c9495e6140315e925043016bdafb14f5fe25aa8ffa4b39232925f571cb48417fb064e9d7687115948da0dfad4d |
memory/3032-859-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qYQQ.exe
| MD5 | cb5630fc087602134c73a6ab27a13ffc |
| SHA1 | c110b00dbc7f8cf26078f1c495c276647353d85c |
| SHA256 | ab45be08dfe0e570fda47d925eade5917c8678d4e8f509a75441b29193693611 |
| SHA512 | 8ab640ea8397f9abc2d8a85f4059e20c3a565ce0bf3615db059838466988c89f5e9980049ebf29fe966f0ebaec7637ca69ff4fcd8b28bedda0275c838dacb85e |
C:\Users\Admin\AppData\Local\Temp\SMEe.exe
| MD5 | 9c1d902b81974e4d7f850c49791ef551 |
| SHA1 | 6a2fcd7f79ae205c5beead4cca0e7ab262497b0b |
| SHA256 | bebf4e58643113bbce23247961f8f25f5dcd01216edd01733a68dffddc7ced6a |
| SHA512 | 4c410fb4ec88a4b0d6dcae7462b7e1aa17b6733414c573aab31f7ce8e34f48c4979fca8dbaa1e68498d7e1f25ca16b4d007462d835e2bcf9cd6ea9699ff808eb |
C:\Users\Admin\AppData\Local\Temp\ScMY.exe
| MD5 | edbb20ed99b87f1d81421a7836c2ca7c |
| SHA1 | b93f81f9f0bacd613eecb41ce6809e23944b7096 |
| SHA256 | b6c9179acaecdf73ab68acdd985dab3e03bbd365122f38730929008a2a93cd0f |
| SHA512 | 7f72b3679dc293475ab900dc863044e69c5317c1333508262c4a0bb8767db9e22a2123d8a119f976ad75474974b16975de411544707796b39948fd42695395fe |
C:\Users\Admin\AppData\Local\Temp\kAMg.exe
| MD5 | c0adae2c53b6a235a86199f1ad917ca3 |
| SHA1 | 616b5940e42f0676a2c0a8e93b4a9d15167889da |
| SHA256 | a66c09c3cfd23cff52537f66f0e229c60de7efad780dac6bc8a51bee17628af3 |
| SHA512 | 43d3b758ab84b64b78be87c127299466990890ec31bc1e0fea0c8daabcd3e3315d2153ca2cb545c885041cf6a97aceeddcb0b31200f564e5ed3b5282460a5bdd |
memory/4412-924-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qUAE.exe
| MD5 | 41395108371cca0db306a88e05969e87 |
| SHA1 | 1921c74796aa731d31571ab2b3b8998211b329e6 |
| SHA256 | d7ab1e8cafa13d8951277e8ded18471a4bf5d7818abb3ced43abd90b07131de5 |
| SHA512 | 29a8c39c049fdf577f759b3e7dd952414d87cb71e88bdb93a4a88c507ff73a9f422672a5e8279d9412afdc01aecb210151ddebc694958e74fc9a9445005fafd2 |
C:\Users\Admin\AppData\Local\Temp\UgEO.exe
| MD5 | 9aa871c2613a5bfa8337ffaad68bb862 |
| SHA1 | 0218e734c36a03dd793f1e8eac85f67d7dc8e91e |
| SHA256 | bc28a16fa51f642aeb51fdfbc1607f99a95ec328d2a83c7b9249be5def16e386 |
| SHA512 | 5bd6c18507f457e0e2dd51ceb54e90185ad2252b09f1e68791713d3d1cad78abc55493c21880bc5fa6ccbe12c136684adfbb7b6ba173e433cc1c4a9d63e71816 |
memory/3524-956-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4204-960-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kcEG.exe
| MD5 | 3ef207d9a8fef22b979cbab0578f3772 |
| SHA1 | ea78fb5cca5c61308ac6298d6ae9a1e6b17d6103 |
| SHA256 | 00ff9a68ea1a3fc27cde58b1c2f3a5e55250d0defd393eb755c0f20dcc766636 |
| SHA512 | c28d970aa9874ace8c14cdfdedc25caadd6d875aa3f4f1477edecf8161496bee21e44b5f17d9b29b1471fe573e7f2d8335046fe6a9aefeabf7ecff956d358110 |
C:\Users\Admin\AppData\Local\Temp\AAQQ.exe
| MD5 | 9a67a93550d60980be675967de43df4a |
| SHA1 | 718a05e173663280f86ca38d55125019a33acd4e |
| SHA256 | acf115efcdbbcd06c525c589dc8a065f589d54f028e39293c11ec622a926ecca |
| SHA512 | 7342fcbd47b22461f0efaa7d5701baa01b545f78281dcfc5ce7926940eb15fec18cb034e2c058ccd8bd9365e00cb549310650e62250b9940da03fd7a3848a590 |
C:\Users\Admin\AppData\Local\Temp\GsIo.exe
| MD5 | c0fd03a557f2256b3fc88b1a47d87ee0 |
| SHA1 | e5e311a1eb42fc6bcb0686e6c5ee9252faf25eba |
| SHA256 | 57a2d70c8921d80cc314ef5a62e6f4cbfcd0b086bcdfe9b0d774be013d3baf0e |
| SHA512 | e743b745bfeb22365da5df01a2ccf7922d08d946f88b2d632c68b7e9faae8c834637efa41334ea0ce63a98b602aeac51e4fd470a4590464e0f152e4367a943c4 |
C:\Users\Admin\AppData\Local\Temp\qUAu.exe
| MD5 | 5fb80b6713d98eb54436b1318d2176a2 |
| SHA1 | 07bbef49d0e488199aa0d91025658df6ddaacb33 |
| SHA256 | a7e16bb5d5cda849d5e86008f2b39cca9535a3e99702081f35a5fe3e1569c4fe |
| SHA512 | e6643c76de91be16538dcd7617e98cef06b609fff35072f25f46f42293a725e48d9eaccea27891c2ddd2109ee69205409aefab6d9618cced49861e493d384cf1 |
C:\Users\Admin\AppData\Local\Temp\MIEG.exe
| MD5 | 01324355d70d6e19c0dfdde3a7f241d6 |
| SHA1 | 4a041aa3c185bff81dda28eb07f3b2e29d8587e9 |
| SHA256 | 0ae0c52e7d11aaef4c73b8a5f5d2e98018a69105231ee16f20e27e5e69c6553b |
| SHA512 | 273ece5cbc0717967f0ae97903e869393ab3a9a324a6962eb4d589ca3ed605d4881f2667a2114a1f8a29a3e6f7eec909b28caf1b23d8c4e3fb1b2fea6343dce9 |
memory/3524-1038-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WYoe.exe
| MD5 | 74bfcef0fb28a241440320f7f32cbac7 |
| SHA1 | 2985013603a183c197b9c35539a2bdf5a86e6b88 |
| SHA256 | c1251d59281359549333051e8de5f897291f5fa5502034507d86a648ae88c571 |
| SHA512 | d7e7ac531977f07c0cf78c75a8de6e018d3ea49579f1ed7392f7ba953306cedf9dd4574b5357a663756058d85f02447b3abeb960e2cd1e7b92b426b0616fe544 |
C:\Users\Admin\AppData\Local\Temp\asMY.exe
| MD5 | 870ce430d8f71c3efff053e02b571060 |
| SHA1 | cb2deae73916dd7f42bd0a50f9da765814b78818 |
| SHA256 | b925b42dbf55618414b97ebab945dc1c4fabfbe99071109065e7240c23981302 |
| SHA512 | ae2320a8dc049fe9df716fc1df44274b85d97e1a72d3091e3718f0624e4f3502f9cdf3671d91267745aeadfe6303609e2f6de21056895655ed5ce7e7ff29c1f7 |
C:\Users\Admin\AppData\Local\Temp\uAgG.exe
| MD5 | be14bda4988a94ae5a57509a47322dc8 |
| SHA1 | 91a8a56e1334e9d2234ab23df15de80cda0169f6 |
| SHA256 | ccc7221487acc21d6048c84a2c7ab959f11d44ad32bede63d058b5681f32ab83 |
| SHA512 | 150fdb2e2c3fa1a6a57f13cb040ec019ac6cd9525ab979ff8c77ed1c23232d23bd812f734515d07d8e32a5a09469eeb2ba6994671e1b6fb21e136d42eefc3d8c |
memory/3196-1087-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\oQoQ.exe
| MD5 | df020e697f00fdff24e8f3f974c60d55 |
| SHA1 | 0a46a5c73b698c3fc44d160ae7f0b29719f50184 |
| SHA256 | d84a2bf1f9bcef3833c1589bfc0e612f9f370f3666e84d9666985954a30bef3b |
| SHA512 | 7ec68658c5383739516889275411c4ced00cc863ce10cb5063a6496d891d5171246379e004c204099998ba8a82b93218a3fec72b21f33aefa02a6c44a0ed04f6 |
C:\Users\Admin\AppData\Local\Temp\UMUw.exe
| MD5 | 2c57ace4e91fef13ccc86f5787079a1f |
| SHA1 | f64f000726db3e6d99f7efca94882d16f635d509 |
| SHA256 | 8453592b5b797219b9b1dfb9989a2d409fef97d62a5559f0a9fd08bf38cea656 |
| SHA512 | 1a9804984e1addfc40d8814a792e52c812180671e342db63e166557ab38602143c211cf4772e0452b8281a8214b8c7f359e86a6e1f6adef89c8b98d2ee5e403a |
C:\Users\Admin\AppData\Local\Temp\eYwq.exe
| MD5 | b9e4038d0294c9c2f2955f2306fd4676 |
| SHA1 | 176f81a5a49ecfb0d407eff4def4093228f21b0b |
| SHA256 | 40915620811404fd4f8a07c783091c60c2fb11d8e67ed9ccd9cbb63978e4ebf7 |
| SHA512 | 3af3025815fdbab05c65d4d6b11a1d5eab06bde4e623cfcc2f800fddb81636926e48ee238b3cf606ab2078b308f965a653d2fb72f9117aeae712ca35de52bba3 |
C:\Users\Admin\AppData\Local\Temp\IoYw.exe
| MD5 | 61335fae337ce9b0239b66e08448c9fd |
| SHA1 | 446fbb8ca6634026e475d6bde329eeed76cb736c |
| SHA256 | ce086b307cceaaa44dd12aba7a08435bbccc04bdf58c2a8557deab8977b98158 |
| SHA512 | b7a95aeb98bae41113e0b5baf4d69944bfba3dec1df537606ba7ac241adf666f573d00c71441c3edfe07d1da45d149e540f0596a297327866ba9d9ecd506195b |
memory/3928-1148-0x0000000000400000-0x0000000000420000-memory.dmp
memory/4476-1152-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\yMQq.exe
| MD5 | a2e84799b11743d275946cbc55de8161 |
| SHA1 | 3d4d85b69aa772c89e7446789f8a9463ac01b952 |
| SHA256 | b2f6abac73caf7c840720ab9766b6b211e75c41b29104632cfd7c5110c06380c |
| SHA512 | a3b67b991713bb7d94d73200977686dcc29e5e4d33322f90dc67eedfcb0325e669a64733854e094dbc3b0e806720f4833b46f689cd94245f4551fcde796d4c68 |
C:\Users\Admin\AppData\Local\Temp\YIQk.exe
| MD5 | 6f0330f779f7cc8ceeb80ad138d07a1f |
| SHA1 | 70aaf5155be116cb588ed570abb33902100c6f51 |
| SHA256 | 4f357cb84e51c3f18de54ac4e097ca957f3e36f122ec61d0d98fec83332e5d0f |
| SHA512 | 7b0d995073a15ada65a79fc2a54b50668d0828f2b4f35f2d94deeb08e9ca6cc7cb1540b82e8cd78cf6183130e1d1d402583739b43140c9c4c6436741543c8769 |
C:\Users\Admin\AppData\Local\Temp\SUwm.exe
| MD5 | 45c45f37365d2c5a3024093e1184366b |
| SHA1 | 07af4b3756cc04666a959cb2f33384592ce6cdbb |
| SHA256 | 052d39a191fad22bc6252b0ca0592867f6a8e8db04b864ca5c81ee24ebd2bb8f |
| SHA512 | 4081dbf830b6fdbb49f613e160ed6d3d627b0d34837fd6a230e5436dc7e7d7a4894af9eab24b7b23cf1ba1b0d096df62c4e2e586ef036f147a4793ef0320b095 |
C:\Users\Admin\AppData\Local\Temp\oAQS.exe
| MD5 | a7b86df10d05cc91a25b4a36db865ba7 |
| SHA1 | e26cfe5c3c0b7867edd929d315f8cad8b7de2f7a |
| SHA256 | 05089f76bbb66ad210990ae420085a39eb0123d87b5ad3498550b181ea9c71d1 |
| SHA512 | 28d6577f78d769e951045e085aab7f48eda9de684e5daa276c039c9c1cdacdbdedc298797c861b8efed0f1d7608fafba2fff8f1972c976ee2e02ccd517f5bfca |
memory/3928-1216-0x0000000000400000-0x0000000000420000-memory.dmp
memory/492-1217-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ocMm.exe
| MD5 | a231ce430d948e6aaea0e06363313699 |
| SHA1 | 978180e0fa8730c5627579eff6f61d215f104785 |
| SHA256 | fc8a983763ace03495681ae922da1cee0f5d2308f0b7b765ee41468c9408b82c |
| SHA512 | bc8586dec11e3414ac237841d92fa4d9a1c3cee828b904f4b2364f46b1ff5f53b7fbf5cbb83d2cc749a62b7264fa0e487f9f768dd97beee7125250e9315f1dfe |
C:\Users\Admin\AppData\Local\Temp\SkwI.exe
| MD5 | 937aa8ab0439fffa13cd37b4a9e4362a |
| SHA1 | f1221f3d99b9d06b7001f608c18010d186e06750 |
| SHA256 | 09cf4652878bede08a5b4fa5efb173716838caebe4c0bcb12e0adda1328b02c2 |
| SHA512 | 7e5e65ff5092e673b684ace3ddd7a72360a9725cc20d935f3fdf76ec42e786ed70927c5f65571323e48596186b52aed1501fab869225133900a3b72101d72a3d |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-black_scale-100.png.exe
| MD5 | ae63c02b263e9ecc8af5e3ec7eff5511 |
| SHA1 | 3a121839bd8981a5b81d6f49a9e7f9e7891b74bf |
| SHA256 | 278a07be7a0b48b61352390ad07582bfa5a22b316ddec53604a19eac9499a8a3 |
| SHA512 | be4163057fae2021ba8902e56043821fb6ef021b6b619159c29ff073d0907940d303763ced61fdef2b690bb5de0eab598e149b3f38e72040c0d0574b5e0791d4 |
C:\Users\Admin\AppData\Local\Temp\KYoa.exe
| MD5 | dcab48c8014abcdb817fb5dce50e6df4 |
| SHA1 | f36d0fc162db65711ea74a7e8629c73c046831bb |
| SHA256 | 0fca84245b9b3c2a0251d12069fd6fa7f0a33cb0d63c5332619c4db26cf45854 |
| SHA512 | 6e8ad950060ae3565ccf940b7bbe1b684c070c780b45172646f97273a9d94985a1cb04547fd3ea14dd9be534668980c2746a04ebf74fd1f307b4cd5cdbadfadf |
memory/492-1280-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CUgI.exe
| MD5 | 12a25d3823df8b1e2b6459564b4a372a |
| SHA1 | 0153a0905326c3cec6bb611712cc0943a194de70 |
| SHA256 | 9a57cb5c441f2e6c05e7b158b09a5a1df15c6268e2f0b6a24400f889bfed41ad |
| SHA512 | f7517214f8021a5510ed5696bea97038b0d764218929c5142185dda7690574bdd718c5fec80a836ec75821edead7832ff36740696612527a9bfab2d14bb15d74 |
C:\Users\Admin\AppData\Local\Temp\qgQo.exe
| MD5 | c516f11dad6f49bb0e8a5dcf58fee14c |
| SHA1 | 1a66047d974d2c3bc1e46429bb3e22eadc95bcd4 |
| SHA256 | 4c809d3b37d8559a74957d4fb620f77e00c2945a8a9d38e4d2f52225485b7762 |
| SHA512 | 700117bf732c57262736a722ca54c7246f38879e5b10923e9f73234f56ae536b0b5e6b75213c59ae6cdb1eda00de8adc4c507901c95114ae22752f260ba5fc3e |
C:\Users\Admin\AppData\Local\Temp\yQQg.exe
| MD5 | b73ba4f69eddda98f59743851617f961 |
| SHA1 | 952b5284af883fe21eca1ac7663d8fb526963c95 |
| SHA256 | 279b2a87d30267a381a994223b3e75e920219ac1cf810ade814b5e8479dfe70a |
| SHA512 | 7ea0d8c1e5f3631f00ae438f3dd35fde44e90b1538e9c5ba7e4c8c0658411371bf0d1b7849c5f6b129606b481e40e0b3d1a0f5966881b2c88c546db75739df33 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-100.png.exe
| MD5 | 98b827b900161ebc6a54562f906ab261 |
| SHA1 | 302f9432c8bf75c163c7da1c39e002c16d7607d5 |
| SHA256 | 00c7b00e68a9217ce6a1d7d74dfe81eb418ad1ab28c438c5ee59224bf84a25a1 |
| SHA512 | 93cc6f1d177c9096ae9fbb65020fd1ebbfedbf49e57b12e79a67cdb2b56d433deb599fcf718449aafb3a4a03b2e1f5eb5f2cb25e4113a9d59e5446e2c0897b18 |
memory/1552-1344-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\mgEw.exe
| MD5 | 540b0cff2d2f255f83ae858fe1b097e7 |
| SHA1 | 995bfa90aaccb248a4581436b265a3c309d4b835 |
| SHA256 | dc91065a886ed9f0163077a7f216a51775ff0f62a988897155f7201198f5ac02 |
| SHA512 | 6bc84e2c1e34cedd364100d2d3f4acb4d6c1f467130d8afb61c1da04afb00c35e5f16934cda4453cba215fa6e1b8cf3fcd63ac0ddb55f1d52d54e6ef6adcb7e1 |
C:\Users\Admin\AppData\Local\Temp\ykYi.exe
| MD5 | 180578f01a0dad566efeb998c12f0283 |
| SHA1 | e92d5e85bb8bc302dda8ea58d82ca90bfa2e8a73 |
| SHA256 | 918a3bb26a0c97d1cb211cbb17d915a3514e7748b5d38491d160a1504e32d00f |
| SHA512 | ae216f8b218ac7b994a66cb70b9f786da249b00639a69d980fba89f47acd11dc075c1a730717edbcb8c5358d05aa9d0f96897995c752dcc2a98b60d66c08150a |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.contrast-white_scale-200.png.exe
| MD5 | 54fbafcf881291927e49fbda78171192 |
| SHA1 | 4c945221a5ef40c101241323ec0dcd442a2e64a1 |
| SHA256 | f540db9f82fe3a33a9b91c859bb5c6ba445ae9e34c76d425ab60e80fbb8081ff |
| SHA512 | d368c12b1d3e3077fdaa0390833c9424b8188cd9426a9c715a76af52161b82584ab40932771eaa108df2ca14bf2af901add392064ba415fbdb92d6068f982775 |
C:\Users\Admin\AppData\Local\Temp\EQUs.exe
| MD5 | 04a425666afaf8d3e19fad17065f3d35 |
| SHA1 | ab8df7d6f33b5ccc4d692e24d54e359be23b6cc7 |
| SHA256 | 19e6c5015a66aeb1291abe51ce5a4267f26c6cde63072de2bfa061dffd214574 |
| SHA512 | 1a8f8932bff9493c2a25a20971db714135de07803c8ddb014155f8c4660d6a96582d2f8db6e4c8ab6e5d6548bce4b63944e996e1c0af088ba4c0baf5bdb7f9c6 |
memory/2736-1409-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\sIwA.exe
| MD5 | 383c64adbfe6e0515ac473e78d6a54ff |
| SHA1 | 92e24c547eafbfff4dbf0b0f651e3a79fe59591a |
| SHA256 | 6738315cf561c7bc3233ef7672aa9b90f4632f93dc18bd2da1a3634fa71aa888 |
| SHA512 | 2b3ed3f00535441347b8b8c34c0af46b2a1acd492642457b9368e1f91c186d684f154362545642cef299519da8c3232a65e3082780d89113256b466d46b930bb |
C:\Users\Admin\AppData\Local\Temp\IsMe.exe
| MD5 | d175772eb65ee4b1119f4eede4a22705 |
| SHA1 | 6f3ffc77b9a5a50ac3fb71afa45edb61be5818ea |
| SHA256 | 0de4faf422c6138ca9f1ee0aa588033decea2d24b9f595f73740d5d92414fee2 |
| SHA512 | f4edcb8572138c311661617afd586e70fef27b7f0c91ad4ca5c17be46756c6e2b1c2f349f5feaf2ed695c892f1984a93b9cc2efec6595746f0c54d9f5d829f6b |
C:\Users\Admin\AppData\Local\Temp\uscY.exe
| MD5 | 46d986215ec8ec262ca0400cd08312ae |
| SHA1 | c0f2f4016c1485f0f4b1d51e1f2477320bb4cc8c |
| SHA256 | 9e73d1002d752cea453064c4e51b31248cbe4baa674d6d78c611ea121431c636 |
| SHA512 | cde1678d0f1e36ebc523ff54f1dba22bdc8b868be13bd3cd42c97d6987bf3b76445d95491da4fd0a1af98e6f71b2913074b32c0ba8511285e9206ff150f5e81c |
C:\Users\Admin\AppData\Local\Temp\koAk.exe
| MD5 | 0ba140e51221b09458aba61e6902fc6e |
| SHA1 | 906e75b236203e9153859a18528da9dfb5186829 |
| SHA256 | 2e3c496bf4cf121608a70277cc4bcdfe87aa26e68ac57d9d3e9073a26d11d3c9 |
| SHA512 | cbae34467bf03d84235f2b8f9fe26a7a3239a54c8798ddb7f91d3c5f8a3b4f6a6b7da68df6dacf771515c750ab6d7e2ab285c9a89ae132bec692677343ba78cf |
C:\Users\Admin\AppData\Local\Temp\wYIe.exe
| MD5 | 875c7a8a6aae936475624cac88b4229b |
| SHA1 | 5f23c545002d9c84a7c3ce473268e82a4b943057 |
| SHA256 | 6993090ac5bc069f51300726a5561c691d6b627c784f17316819ebc8e840c748 |
| SHA512 | c3f023ef199655316f54787ff09857bf22191483456463d1b87b53d1ce1002f27c0c0b39418e97e5e989b71b588fe40badabe57ee5e0127098e3140a7dd0a68f |
C:\Users\Admin\AppData\Local\Temp\YsIg.exe
| MD5 | af57f77b23d0893f735b35a2baf3bbf4 |
| SHA1 | 8988f3df231d603a4720b8b5e6f0e3a5c882e103 |
| SHA256 | 4de17ba2e654bfa74385803cec19ca966342daede356224e04d9092a17a29aef |
| SHA512 | 5f95a3206f0a97488ac88cb1019332f9838aad32fa0e5ff76fa57ea1c396cf82c29f98807903191f87fddb309d5cb87c7177cfb98d854732899d14a8cb4e236f |
memory/4540-1499-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\igYY.exe
| MD5 | 97c3c7395d4f65b32f4f78aaf70ca4dd |
| SHA1 | 83c13c60357165d325d79ac9eaaf62938d300173 |
| SHA256 | eca874a5a4e11ac099573b0db7c5804adb3759bf578bbc051df810b9e37fe95d |
| SHA512 | 4ef493b76386c96c4a0c85c7795fce7e19259edfbd3bffbb25decbe6648af69b870c08120ae76ae6231dcd88731f515eb65c5c7f77ed517c7d9e948de93ec650 |
C:\Users\Admin\AppData\Local\Temp\WEEY.exe
| MD5 | d108ec7a0997defaf76fa5281c88ebf0 |
| SHA1 | d28fddbf0e66a55ce68afe82605b42e84511d86b |
| SHA256 | 5e64a1e6eccf408d9fd947597df882d6a1186fff4f6ee8908835ff05e0c3e7fb |
| SHA512 | 1c014b612285baf828a782ecb9fca0265343e0b43c1763094f55abc54366d663e81f3e9b3a1c8bb36dd0846bc384be147924536d71d5ae91b455f49424c2368f |
C:\Users\Admin\AppData\Local\Temp\KkQy.exe
| MD5 | 6310c4a5172531aa46b8d26a88274b85 |
| SHA1 | 3c35571a77e59c9afc059dd911ff0ca7b68e7401 |
| SHA256 | 4c69e1efb078f6a53040fd254d4f4b03f10ac80fa894454549ac7f2876c2b3ce |
| SHA512 | 95f52b614e916d309193a1eb3c51bf04a801bf6fdab6fa3ae5d2acd8e42013fc292f1d236ec4623ca3539abaf184e3711acdfe0b6fdcd08ebbdc6bee48fdb65d |
C:\Users\Admin\AppData\Local\Temp\qIcK.exe
| MD5 | 515dffc3aa36340396c78cfdc5a4cd46 |
| SHA1 | 9d19530e1ab83c114cd81bb1c56fd83d56103547 |
| SHA256 | efaddfb7ed695af47e320a303a8170496fdb2f445e5333ce11433fdd61e8b160 |
| SHA512 | 2219250f3a5c5c0c60f9dee84907ba08d3199e886128f75589240059dbc8a6d9c613a7c99767b9bc2fd704449290797306e3003056106b7abcabb2573c1b2600 |
C:\Users\Admin\AppData\Local\Temp\eocu.exe
| MD5 | a3060fd3774b758432e700fbef544081 |
| SHA1 | 14baadea45d941499431577b8f7c93c01aa1a576 |
| SHA256 | 4f42afd0b9424cdcdd6f490337fd349b5ab20fbf427eac1c451b71e6feb33308 |
| SHA512 | d7cb15f452e8f5b135ec2f5119459551d82f2c48473e72267024e86da301ad1eab6ea54c3576015f12de6bdcd265881caae2b2b498db5379457d5114658f476d |
memory/4236-1577-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\iwIk.exe
| MD5 | 5acc00c9cbeded79e680749b2324584c |
| SHA1 | e8cc5e431d7b275eaf3f56d0bf66f1e5fd974e49 |
| SHA256 | 0239272efda5dda5942c838416977a48ffa143b9aeb6cb85f2eaf4b6a1879ca2 |
| SHA512 | 9bd6f2782ce0d7abf1af74a10ac9918870f8ebce264bfc8b001c3a16c020038b7fedd25452372a5793ce1c3c4a8a53f2b193e1b24297a6c1bb9f72dd684b94c2 |
C:\Users\Admin\AppData\Local\Temp\UYUI.exe
| MD5 | 11bd44e12999ac559842c81fa1ca20f9 |
| SHA1 | d0180b5618d54954230bc2522086eeb0480b29d9 |
| SHA256 | e1d6727b5f417d3a28e049993d95a88466acd3125b1d3cc145413705dbbd02b5 |
| SHA512 | db75a7c92949e6967fcb5e6507ad4ff488941afc6e7d0978e9e501e614456a3e652f42a411ecbb6d817208e6cd4212a480a83445cd9ffdd2a3833a93714ecd88 |
C:\Users\Admin\AppData\Local\Temp\moQc.exe
| MD5 | 631a53235c05109429552ba40d380685 |
| SHA1 | 488d284a86dbb1646671f9917ab83912d46543ef |
| SHA256 | da9440298e827759d474aea7c336d6c41a45974789259f4ab1c27d99c18a5ebc |
| SHA512 | 4be909ed00ad1d240b67f4fa8b34cb46b892dbbbc57c3d53e053660150f3503332644072f88a6c3e8a608c3f8b957a927c50a43571d2db90bd08d61ef846e6ee |
memory/5004-1627-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Iogq.exe
| MD5 | 484679b0b2ac11f9ab725a101ad03faa |
| SHA1 | 24a1ea1d37878241e7f3c37dee3db7b01de0d542 |
| SHA256 | cd5b2650f2b246e85304b6d06820f4576f5b8abd328cc0cdbb642414e2e41cbd |
| SHA512 | 0ede32ec231937332cee9fc99e364ef95770c614f963604b2fcebd1f747c69e40cc9c4f86a4596a1fe0afc15860f6afd974ce784a046d30c342ed20e40c6fe95 |
C:\Users\Admin\AppData\Local\Temp\ysYu.exe
| MD5 | fd47c91b649fdf36f76757a39b0f4b04 |
| SHA1 | b77f03feaed38e4283df73e9bfd4e103a148846f |
| SHA256 | e02f8e7de145b96e0ef97ec466dd6e1c1a98e26bfe687a6479959a2951aa6463 |
| SHA512 | 289195a15529a5e8dd14b0375144c951940b89811c16ae991b7ae22580121ef5aeff6819998ea72603c5211b86897f267ff5c395b7bb334ae776ff441003e4a5 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-125.png.exe
| MD5 | 119c1aa90e8b30ae5dd47214a1745ca5 |
| SHA1 | 242427c25ea8e3f0be726a4db52f6f6e266de2c1 |
| SHA256 | 74e4fe85545297f92e9a629fbb3a5b872eed6d8f02d566b732a8897b9e166605 |
| SHA512 | fe3cbbdb586ebdbc98f349102d71f77d7afbf90a9a9ad037849f5f5749cf2d3e68d960d8ff122198da63cfffe82efcacd8a5622312fe1ce4ec0ac98b90fd086e |
memory/4896-1677-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CMgk.exe
| MD5 | 72c3d5aec14f4f1d1bbce1cfee1f12a6 |
| SHA1 | 3fb01915e66c3f5129dc363cca4c9eb82227a42b |
| SHA256 | b804a94e38650f0cc54a3d3d280fe700db358316793da5aee7e4a7e4d310bc84 |
| SHA512 | aa0bf020284163998b60f5e45b7597b3350d67a75f5c0f7392a73b2934d4a937b9be1a67c7eb520313140205068a3943359dc262a557d980f23db3cf44f2a6a4 |
C:\Users\Admin\AppData\Local\Temp\swoe.exe
| MD5 | 72919bfcfc772510cef1db4cd8091e79 |
| SHA1 | 89161add3355127b74c07e13b1cee2a5f8e37cbd |
| SHA256 | 1630e0ce8fbeb721ca0b793f72a3bcb09d4c6c384da264d28be157d76b23a24b |
| SHA512 | 270a48f735d15c8b319203243b2dfd4dc1fbac9ab24912503d2ed2ccd02b524a1e21cc714751605729aa8f4781af14c4d8c50816013db1e7fed560d2c01a112f |
C:\Users\Admin\AppData\Local\Temp\oUEc.exe
| MD5 | 36ff4dece48d5eb8b1a73eec20589ed0 |
| SHA1 | 9d9de12a69f5807fba45e5315fe52b8a4940d956 |
| SHA256 | f6424e0519f90d2dc38d32d1ccea8e45ce20ea788e8bba120d6dd20482a32c8b |
| SHA512 | 453738da14dae736096ce474cf252837f84431804e61daad043e7442a1526998f38957b5e53585cf78ea896af2b6e5bb84ad82cd16e4e97d938342cf88998a3b |
C:\Users\Admin\AppData\Local\Temp\sEEq.exe
| MD5 | fb86ae240f7c643aa8ac3b22e79c7f2d |
| SHA1 | 1d84dc8c1525ca5a350cfac16dc70cec9839f0ae |
| SHA256 | 011387d6c43f3659432f013d28d9907ff6c0fb1f2cf5e1347fa8dbc2171b4d1a |
| SHA512 | 214a75adf6a8083e4eea197e5f5d5998790ed88b67b0c97289e3fa750a1398245fa33e688ab775b95debe77f8cc3374eca3c80320a95c43749ff65ca7954cbf3 |
memory/2408-1741-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3756-1740-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qIUY.exe
| MD5 | c702955770bf28977bf329faef76831e |
| SHA1 | 4a233cee3ee98cc2f09624d0c6e2bcbcaaa238f4 |
| SHA256 | 92cb2469a7307f3be016dd7920848f043ce66e7ed7d532fefa8e0b82d660712a |
| SHA512 | 6de8c81d12411240877eca136ef4b7ae074c3181d57f79c1ad65e01ed752de62460ce32de0decd6de63cf9fbb7bd8195d3d0c33b12eaa1ed2cd672ea2a1bea8f |
C:\Users\Admin\AppData\Local\Temp\QcES.exe
| MD5 | a0fcfe4a4ff5df81d08ddc12335308c5 |
| SHA1 | e9c46813d852fb32a5789d5f4626bbf29192fd1a |
| SHA256 | fa0a0cd0d6492beb04405b2491e94a3ae4ff8360ad455fa3bfb78235db06d900 |
| SHA512 | b0ad6c5071ee11259fd1f91ae8ad335f1d14fdef86c177b53a6af82f6f71b259ac84473af2de927b81182b983832b7d10f965c14a91f31c5cb59a272c8d4c903 |
memory/2408-1777-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ckMe.exe
| MD5 | 7329fcf6d0defcc7d3120ed406870be2 |
| SHA1 | 6063597f93c53c9bfcc1c9930ddd748a031ee5fc |
| SHA256 | 8633ade2173efc94124627776c8b3371be68437bf105ea95f9246e13f67d55e7 |
| SHA512 | 11c8adea736594f8a78379aa474ffe8650900c1e7f844938c7abfc56e9b1a6061493a1c7b5309ef695015a101971c68c2036758029ae02b51bc91f776f6a3b67 |
C:\Users\Admin\AppData\Local\Temp\WMEW.exe
| MD5 | 87bdd598e421291f7ff94768ec78c41f |
| SHA1 | 45aaba38f53d815f5cdd9ddc2a6220dd3955401a |
| SHA256 | 504844c631445c00452a0ca09d5b0ff424671ae9a56388ae96411b124b6f926b |
| SHA512 | a4b5e4f0dc2870d203502f1974fcd4a5a22695f26637c5860e2e69b7af483fcc473470429e52385e2460e6cc259141c9a0e642bffc610576328c467d87737378 |
C:\Users\Admin\AppData\Local\Temp\KYQg.exe
| MD5 | d881c8838f5f3cee730bc263a9802a09 |
| SHA1 | 6e66e1b0b85730c73592a477c89b236b76b24ca6 |
| SHA256 | 500d2ad41ad7362cbb55dc4d9b9e6262cbdfd56dcbad65fb877053028341e568 |
| SHA512 | 1a0ac701bf0502fc9140cec28f89e49a4c336f721b34da02e87c0baab8c1d2a46350bc97639bbb80e6ec04cef4dcf1dca5529b3d7d5bee0f3ef89b6adf99b883 |
C:\Users\Admin\AppData\Local\Temp\OkQw.exe
| MD5 | 9f5200eaad25edfa758b47a56b3fb437 |
| SHA1 | 20e0a780951379bde6b9c160524e6052432d81ce |
| SHA256 | 46dca11489334100b17c4fe223b69a3694002f0f1d83e4d87f76858cc5364baf |
| SHA512 | a946da1274fb32c96a04ad00410efaefad90d019e33d461c3e75c16481fdc79077f73125c613bf52052d124323e824de2868e8c2032954f680963e37a3fc507b |
memory/1588-1841-0x0000000000400000-0x0000000000420000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GckW.exe
| MD5 | 168669b18fb38a2323fe0779e121ed37 |
| SHA1 | c45de4f206e4fe44ae0d979d191386436592448f |
| SHA256 | 7c8bb6f67646cc5377980168b38fb93239d493e3ac105b009f6448baced09545 |
| SHA512 | ca2e22e8135efc79e593a0459c80c6b172b3f2d63c8c2555f2b7fddb7e0e448349391473f8949230adc944e27c20a423e33c80438e0f4dd0e784790579419c60 |
C:\Users\Admin\AppData\Local\Temp\IIAs.exe
| MD5 | 160544f0d3c976eecbc05e2c7cf8a0e6 |
| SHA1 | 2e656f08194d1bb2d28a54af1e7aa71ddb51c8f9 |
| SHA256 | 05c117ce53fbaa7a6a1d938c3ac5747cf8714b5f1b06e25df312ec42676a3bf7 |
| SHA512 | 1bd3b4908fcdeb5ac99cf7bf844b7f8f18b4fa24c3676b4ba6f296c5682231c486d62bf7d1ad43ad364eece0a0f499ce2578ec1667383bdec97cf15ab5b407c9 |
C:\Users\Admin\AppData\Local\Temp\KAEo.exe
| MD5 | 5e7ad656a904237eadfd2318cf14d9aa |
| SHA1 | 3f8629eabaf540bb134423e0e6f1483d6b33438e |
| SHA256 | a32ffef1ef37fab0deb6fd068474b370d7b25f39e570c48b18b99baaae7537c8 |
| SHA512 | 0164cf9cc747a2020fddcdb6f7e65b4d446e3b2d1844abc6332f5dd254ce6ee6b034a600f3f258e860ff6d93f6ba977f4e680d97d464d59adda8e73130b1a8a7 |
C:\Users\Admin\AppData\Local\Temp\KwoA.exe
| MD5 | a144c45d798934c5d1490380ed190902 |
| SHA1 | e99dc994ca362481eeae22bb7940cc6d87b24c5a |
| SHA256 | b16ec0eb63d0d739e633cd47a0844422f1a3ff1a999bb18de043ca653ff27254 |
| SHA512 | f1d6f8c76265e7200f98d9ba61883611f6289889b13e1a5f7814a91fc84f1b83522f46f669cfe1c462fa4483e3fc590e6e195977118d7613eda4698d9210a840 |
C:\Users\Admin\AppData\Local\Temp\MgoG.exe
| MD5 | 9731752c57112624cbfa0e48bcb77174 |
| SHA1 | c9fba245cfe0c69c049cf791cc677596132593a7 |
| SHA256 | 079453b927a282d635b1926caf04b31eaca03bde1dc18e4ccb51bd82bc27d76e |
| SHA512 | 9a81617e58f52ff038a44e5698d6c1a15fb0d48fad455db7117fc2f653d6dad0fea9cb4324ae6bfd99a9dda859c6dcc8d8fd7cbe895d563d2cb5cc2e3d2cc28d |
C:\Users\Admin\AppData\Local\Temp\qUYc.ico
| MD5 | 6edd371bd7a23ec01c6a00d53f8723d1 |
| SHA1 | 7b649ce267a19686d2d07a6c3ee2ca852a549ee6 |
| SHA256 | 0b945cd858463198a2319799f721202efb88f1b7273bc3726206f0bb272802f7 |
| SHA512 | 65ccc2a9bdb09cac3293ea8ef68a2e63b30af122d1e4953ee5dc0db7250e56bcca0eb2b78809dbdedef0884fbac51416fc5b9420cb5d02d4d199573e25c1e1f8 |
C:\Users\Admin\AppData\Local\Temp\wIUq.exe
| MD5 | 8388a96df980df6bc46a8c5de981bbea |
| SHA1 | f1c738f1ef5a557a5a4f84717d811c67c3df65ea |
| SHA256 | 3b2d92a0ab7cf581c8b242fbae569413f8d7b5fc0abb0c543cc8e84164b0d860 |
| SHA512 | 4698e82da07413b7afb4b11c97d654db2cea8d52df6b69bd5e9c78f2bd8c2334f413530e5b907556056e63436752664a8af5eeab470def98cb45b21f302d230e |
C:\Users\Admin\AppData\Local\Temp\UEoY.exe
| MD5 | 27c985a2391e06064fb3afa9060544af |
| SHA1 | 3d6524a0f5b1c0c29556d9c02a95425021f4edbc |
| SHA256 | a01fc154b51281f70d473c1e5747d8a9ded96edd56ad7531460549d6fe659baa |
| SHA512 | e2720cbdeb47715aa31a923ee7c57c55a19976f942551cd6459eecec76343759be84571596b559e2c6943aaff77d40c0fe8e22217d76f0680f8156fc823d06de |
C:\Users\Admin\AppData\Local\Temp\KEUG.exe
| MD5 | cfea6e0b1edf1620277ad52df04512a2 |
| SHA1 | 6706ef920d514fb346a47cb7e1b3afe7201b0f97 |
| SHA256 | 03858fe825792a4263f01deb9bc967992180ae8eb5807f5f469b05d8ef8601e5 |
| SHA512 | efe9e602b6717bacdf77ddcbbed8091ffdff909741ddba3a45b4988db137c5b728a9436837917ff419dc7ce5a79bd10538e95942bcb2f16348ec2a4ce0c37d50 |
C:\Users\Admin\AppData\Local\Temp\AUkS.exe
| MD5 | 6e290389f119b84b491415ec0fc3fabe |
| SHA1 | 08bd9fc98ae9fbcfb822bf36884bad7ca3af009b |
| SHA256 | fe04ba9c7b9660431f87cba4033ce4dc4a20b90af40b1b77a16e8897cc9bd5be |
| SHA512 | 35bc5c3446393d0160b01aeff0b53f068d072ee965e379229e26e444e6e8482bb343b4bebd540c95f59b3be0b8e6e1a402968909ae93ca2b5e7a167104ee9e4f |
C:\Users\Admin\AppData\Local\Temp\WMEI.exe
| MD5 | f6b78b64309cb82eee3273bfecc7e2c8 |
| SHA1 | 48760691a6e4e9f52cf68bded7d81d5d60d7ebaa |
| SHA256 | 172bb436071a617371348e92fe01d8ace6ffdea3e11a02d9203c359a833596ed |
| SHA512 | c6138543706c2591a43d5cccc8dc50b7875dbc3614faf2b3da317d7cd14d3e7b9c0b7d15ce3f24b55a8538cdb7bf0d5647e163413e32ea81da097ca4e1d6a5b6 |
C:\Users\Admin\AppData\Local\Temp\akEq.ico
| MD5 | d07076334c046eb9c4fdf5ec067b2f99 |
| SHA1 | 5d411403fed6aec47f892c4eaa1bafcde56c4ea9 |
| SHA256 | a3bab202df49acbe84fbe663b6403ed3a44f5fc963fd99081e3f769db6cecc86 |
| SHA512 | 2315de6a3b973fdf0c4b4e88217cc5df6efac0c672525ea96d64abf1e6ea22d7f27a89828863c1546eec999e04c80c4177b440ad0505b218092c40cee0e2f2bd |
C:\Users\Admin\AppData\Local\Temp\YcYE.exe
| MD5 | 0e6c37a74923ba19d967e5f2b25def79 |
| SHA1 | 4078d3329cf71487bc588bbd8ea4ec5fead047ef |
| SHA256 | 4b19ae553e123a77b4987093035267246fed40110d31e0d2804b49ee8048bbb7 |
| SHA512 | 8f0c8a61f33f1eb784a9d4623174398abc42ea1c381c1f6fa7b03772359cab2ac4ad9d6bad0dd63c206717288639d2add16f78c633c7ba6c912011848c967520 |
C:\Users\Admin\AppData\Local\Temp\Aogk.exe
| MD5 | 01da0e476dc28c1fead278b3cf94f0cf |
| SHA1 | a0f50b7da037026519030048f8baf17a6289362f |
| SHA256 | 11009d00ebdc7b0b03f619d548f5b3298389e925fbb00adcd7593da47183ac25 |
| SHA512 | ec0cceaefb5052e075c6c685b85281889cacd89f13f266ee734e5b333b48316ebf26e67376d62febda9fce1db7d1a27e2c0233536354d6295b7183cf5e2be543 |
C:\Users\Admin\AppData\Local\Temp\AsEc.exe
| MD5 | 036b5b63bdb3b8221db83fc813744dc3 |
| SHA1 | 7c8c3dcf4e9c2ddca22d83e7feb23a736ed28c4b |
| SHA256 | 1bd3cdf44f8fcb55846801063a5381e9a959013e22109b4b0f7cf0304070a2cc |
| SHA512 | e394ffa362248628d2bef396be5b57152408abba296c5ab3975b9a1ac5a9690c1d4d5544077f670510cd7b7db8426cb01348f7aedff775b644ba078d1f2655e1 |
C:\Users\Admin\AppData\Local\Temp\sgks.exe
| MD5 | 571fcef8dd90c26e34ddc01fb98cb125 |
| SHA1 | d7248267134d17e097c2d6d97e23d8fe29ff3ae3 |
| SHA256 | 670800f4ffa178d011faaea4eab8283103e2945675bbf22b96ea16cdca5aa394 |
| SHA512 | 8e54dd2787eef4ff77b1c7b1817e03b535a128832560eabbe6c58bc60a5ab85b782aced8b4dfa6af805f2da7d401f3ac79eb6fcb29b736750f1a00b948328c5d |
C:\Users\Admin\AppData\Local\Temp\mgMI.exe
| MD5 | e20d9e76279835d671156c936b35c8bb |
| SHA1 | 913ad32e59ce436393af909a6a38e32a6a834f7b |
| SHA256 | ceb2bc5e4c9b3909e16cb0ebe04fbb89d35fb6205e23b720649e200fb807024c |
| SHA512 | 16de9253fb5841365e3873cdfc2a8d0d0bb20aa87203ac80bc62e846b04ad3250dc02158b7bf34a1eea55680a943af3ecb9f9f2fd562d7f757bce4e9621281ae |
C:\Users\Admin\AppData\Local\Temp\mgUm.exe
| MD5 | 44608c1cc5d0d7dfd6b4acbe0c5bb7a1 |
| SHA1 | b42038a4baab7bc2da8ff980b89bda30d8f666bb |
| SHA256 | 56e95b72ea077eb81072aef4a9f6c7b22ffb4323468d05bcb8418c5639ea6a53 |
| SHA512 | 03251cc8f44cfaf70f669b7eba72eef43c688abd4f2deacf31d4ad22ee7b3e98227b205d2f156a02287227b4edb14b67be9e4405da0e3c3827312efb95d11542 |
C:\Users\Admin\AppData\Local\Temp\yoAs.ico
| MD5 | f31b7f660ecbc5e170657187cedd7942 |
| SHA1 | 42f5efe966968c2b1f92fadd7c85863956014fb4 |
| SHA256 | 684e75b6fdb9a7203e03c630a66a3710ace32aa78581311ba38e3f26737feae6 |
| SHA512 | 62787378cea556d2f13cd567ae8407a596139943af4405e8def302d62f64e19edb258dce44429162ac78b7cfc2260915c93ff6b114b0f910d8d64bf61bdd0462 |
C:\Users\Admin\AppData\Local\Temp\yggC.exe
| MD5 | 34ce5598e1dced462e4ffef8103d93e6 |
| SHA1 | 3f482f3156a296ee40ae03cddbb69d5c017ebdd4 |
| SHA256 | a4629e6107db7f08ce3a5153e70104c75dd0bf1fb553ad1a355c1fb25a204617 |
| SHA512 | 76fe4b64e0719de9434a1278fb8ca65d31f672ea3d1bcd7452c15c29237ca4758fa29c417dc009e9585b4ae442fd469931660ac16fdde824c5e6753c867a8ea6 |
C:\Users\Admin\AppData\Local\Temp\iQks.exe
| MD5 | 873559cfe1c1b31efc947fb263045b09 |
| SHA1 | 45c1e2e08e1f3c24a00cc3f79bebbe1544530b24 |
| SHA256 | 1453599ca1fde8de97b3827bc7e97765fe9c70db90f73fa9b8a058031b29a343 |
| SHA512 | aed6497c9cfa6b5cc5cdc6fd2655b5a6c58b2c7c36e1a9c1dd8c020191c01c7d36a28a1024c43c9420947fd382f6741a341b855085add924dd145b86f288b413 |
C:\Users\Admin\AppData\Local\Temp\GcEQ.exe
| MD5 | 08e2e5fccd334b8c0895965a11fd7923 |
| SHA1 | 6d212a5cd74fb0ac97b574d33a861c4079d4ffdb |
| SHA256 | 28d7539a8c5ec7bbcd828fa374ad5ff83b18ea23d70064573dfaaa48880bfdec |
| SHA512 | 1a44bc8fbe9db731378d6c0470373dd2ec72d71d46510019963c00fc2451be0d4ffec5e844c41b8ef58cc0ad63f45fe43d20370666a697d18125f5eeb4119199 |
C:\Users\Admin\AppData\Local\Temp\qwoM.exe
| MD5 | c09fa95523ce03638b84bf34e8b4c9b5 |
| SHA1 | 068b05c8a5040a73005bb60cd1ba28274ea766ec |
| SHA256 | 3a3a163f5b7f351c286122d3dd19ad179330a089bb3575877ff0996f2560e179 |
| SHA512 | 610243727fe7b3e44c26f9a0d5e6fa5d19f0e38f3c300c0dc8cbc60d6b69a57a8f25fd231969be15e40db38bdec3e3d7d3c44ec9d3aba14191aae1434d1b39dc |
C:\Users\Admin\AppData\Local\Temp\oAYa.exe
| MD5 | 29fc6398aa26dcbe27222ce4a29389a7 |
| SHA1 | e33f9d23dea2008cec70d524374747cbcc1c8519 |
| SHA256 | 3901dc77e195b7545112815bbe66bdc1aa543f8477e7226d0c257f880b3b08a5 |
| SHA512 | b9fda2751e895e7768d3fb97322d309700fe4778b765c3255e16c398b53294b1129c7bff342ed762b33f33d71507e9a5dd5891127b2e9a12f733abfc63fb1281 |
C:\Users\Admin\Pictures\EnterMeasure.jpg.exe
| MD5 | 6df4ac60fc582f0ba55dd34e3bcbf331 |
| SHA1 | d63cf515241f002e6fdf80d9dc06a7aa8b184618 |
| SHA256 | bfa02a29e2425ca7ff9bccdb14e7156943cd0e9ef9148b278a0b85e293d6e7bc |
| SHA512 | e28244ccad88698d11e5eb3a3958d4f7ddf1500b6f6921d06b679b0cb06c8bda00ecffca56660369b1d5f9598352429ee6a3719a2f971971beb1061c39b44fba |
C:\Users\Admin\Pictures\My Wallpaper.jpg.exe
| MD5 | cc2cf26e51dd1734bc3475d9f3dbc5b9 |
| SHA1 | 28dc531611ae2862bfd26e66f1129bc7cf764e9a |
| SHA256 | 3d4ff6998534810bbf226b616c89d82da7c90c620741ce79cf703eec154cddcd |
| SHA512 | c8553f16a2de6b4a99681a2af217df830dbe66a94a0871d9950f332f4066069631fcc2e3aa41fde40fd485a78b53ea1f5d37266755312d5bc7e8e152dbd3de2a |
C:\Users\Admin\AppData\Local\Temp\WUUQ.exe
| MD5 | 2eabeaf43595e1a86ad1b18a37253c8e |
| SHA1 | 65d8fcab6afbf94e507fc7b75d167fa86f4cbbf6 |
| SHA256 | 92aa92aa80706ff30578672edb57f56ed16ba2416484679e377c1e0bbd530971 |
| SHA512 | ee9e2f2820605b3c94670b8e277234085159036b6380485f4868889135496d662e0b0a8e47cd9d5961a0365e7915fee8027a7e5cfee072c7dda14d85773b595a |
C:\Users\Admin\AppData\Local\Temp\cQsS.ico
| MD5 | ace522945d3d0ff3b6d96abef56e1427 |
| SHA1 | d71140c9657fd1b0d6e4ab8484b6cfe544616201 |
| SHA256 | daa05353be57bb7c4de23a63af8aac3f0c45fba8c1b40acac53e33240fbc25cd |
| SHA512 | 8e9c55fa909ff0222024218ff334fd6f3115eccc05c7224f8c63aa9e6f765ff4e90c43f26a7d8855a8a3c9b4183bd9919cb854b448c4055e9b98acef1186d83e |
C:\Users\Admin\AppData\Local\Temp\ScEu.exe
| MD5 | 9aa0d55f66cad88df547013f52a4ae83 |
| SHA1 | 52eeb138fdbcf8c7525d13baf0ff3e036aefd1a3 |
| SHA256 | 5f41e8dc225d7fa1a4e7e668d8244fac75c75f1e64c9cf722b589d8c64881521 |
| SHA512 | 5eec0889acad8a2d7970c5397ae99728f913d349b2769967d5f0e4388e900c22e4bf47d520cc415658e47723ac54bd7b4a418f6c1338f17856976854b80036e2 |
C:\Users\Admin\AppData\Local\Temp\osQE.ico
| MD5 | 7ebb1c3b3f5ee39434e36aeb4c07ee8b |
| SHA1 | 7b4e7562e3a12b37862e0d5ecf94581ec130658f |
| SHA256 | be3e79875f3e84bab8ed51f6028b198f5e8472c60dcedf757af2e1bdf2aa5742 |
| SHA512 | 2f69ae3d746a4ae770c5dd1722fba7c3f88a799cc005dd86990fd1b2238896ac2f5c06e02bd23304c31e54309183c2a7cb5cbab4b51890ab1cefee5d13556af6 |
C:\Users\Admin\AppData\Local\Temp\ucQC.exe
| MD5 | 1dd868246a9b94c4ef37d201b0572e1f |
| SHA1 | ec8cfe1d2695b158cad623e8d3f258bbe10f7d86 |
| SHA256 | 35cdcc63475059686b099ff64e757d7bc6e52e293a266e42178ffa43efcd04a0 |
| SHA512 | cb715903d110fd1ab791826e5b87ef278891614c54f1d6c4850b6dc650a6bb26e9983c0429b3eae50abdff31dffbf2a58940b8e28ca7368d988d4751534ca6b8 |
C:\Users\Admin\AppData\Local\Temp\MYQM.exe
| MD5 | 9e5ed11b6de5f913262ae99cba948207 |
| SHA1 | 6e28c37128d1dbbf1095e916909b9a8b029c10ed |
| SHA256 | 7251546a58a04fa452441abff89c2553f856a23e1b2a890cb501a850206c8cad |
| SHA512 | 3ad1c2384fa10dab2ccdc067a80150834fa2508ea98edf23ccff52206125853f183828dc1bf06f03a386d7d21ba160c98a0af035d9d62aaccde21fde1753b23b |
C:\Users\Admin\AppData\Local\Temp\eMUa.exe
| MD5 | 87763abaf88d42edd475ddfb949b9bc2 |
| SHA1 | 27552730f6b7070da7134df80f298bd656ece670 |
| SHA256 | aa40d7b08a40544a866cc08cfbbbdf00c310ac3be0793dc2df34f8724a659c5d |
| SHA512 | 49fed7165ad39b6509e93b4ce3f64a2b0f37554376a962adaaa597f404efb9efe0f0a1095219ba700f74e2f2904d1c2326188bd1526850e86da37ced4ee5a03d |
C:\Users\Admin\AppData\Local\Temp\uUAQ.exe
| MD5 | dd93f02295272c549cfd3cecb88f209c |
| SHA1 | f5c7e7274db6dbe5290e82e3abdd517364d6e2cf |
| SHA256 | 2176de87cf1c2b3024ee7e8b880a65ecedbea2962ab0accb36d9da104903da47 |
| SHA512 | 7b8baeafa85e9cf36c951f31a0ec6bdc1a91baaea29ddf1fd2a22999b27c7e9430ba66d48bd28a9e7c09893cff2487e57aa07101a5135c19024b7c93a772f2f1 |
C:\Users\Admin\AppData\Local\Temp\kUsm.exe
| MD5 | 8d76a7c7e81fe2854e280d79ae8f541f |
| SHA1 | 87746bb01413b40bb3341be42625aae19d0c865b |
| SHA256 | 40c494b8d34f4eeb9e1f109bd9f18fe80227cc85e729d7862fd35ebbc4b0b985 |
| SHA512 | fd92d671eb1e79490a801b5a4d5dfd55d68bb357dd350a2c841979fab9e6ed336869db7f4123712c4efa857f1cf2152bc9e98be9185135e819bd30bc2147c48c |
C:\Users\Admin\AppData\Local\Temp\aEoi.exe
| MD5 | 0f4f4d5890d862dce0bba9939949fd2c |
| SHA1 | d8e1f13b02ab0916a11e5b839f3b1cdc1e83bbaf |
| SHA256 | 22ae2b42b117cfaa920f469983994a8055dca46aec419a8d0a98f6d9834ebdc5 |
| SHA512 | ad460a40026d713b7aefa8903aab42681c41c81836747c846e9891979d76d84f55bcdbfa44a4c550fbbd875310ac8e00f0f2d6eca5cd7f0537955addec2901cc |
C:\Users\Admin\AppData\Local\Temp\msMK.exe
| MD5 | 144f85460f324f42406c0a3d3c54d134 |
| SHA1 | f1ac984443f7f5f677c72f42caea270b12985cf6 |
| SHA256 | 06b998eb4582a21554e9861bb92b9a8a7d7fba05542fb1c678ff590c85a2c62f |
| SHA512 | 81b8f332ecc4443b93a61f9d5e0fcfe619e80b651d69437df0e885bbbb5cd4bf914af9d6eaf23d5c4dab0098b40dc0944cc3aea709ca0fff68d7a141f884b146 |